Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT

AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set,
that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic
generation.
AUTOCONF_GPG behaves as before.
MISP_EMAIL sets MISP.email and GPG-related email.
MISP_CONTACT sets MISP.contact (support email)
pull/1/head
Anders Einar Hilden 2023-08-01 17:59:47 +02:00 committed by Stefano Ortolani
parent 3429540b78
commit 2078a599fb
3 changed files with 54 additions and 31 deletions

View File

@ -15,6 +15,8 @@ init_configuration(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this # Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "... configuring default settings" echo "... configuring default settings"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${MISP_CONTACT-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3) sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
@ -60,7 +62,7 @@ configure_gnupg() {
Key-Type: RSA Key-Type: RSA
Key-Length: 3072 Key-Length: 3072
Name-Real: MISP Admin Name-Real: MISP Admin
Name-Email: $ADMIN_EMAIL Name-Email: ${MISP_EMAIL-$ADMIN_EMAIL}
Expire-Date: 0 Expire-Date: 0
Passphrase: $GPG_PASSPHRASE Passphrase: $GPG_PASSPHRASE
%commit %commit
@ -80,12 +82,12 @@ GPGEOF
if [ ! -f ${GPG_ASC} ]; then if [ ! -f ${GPG_ASC} ]; then
echo "... exporting GPG key" echo "... exporting GPG key"
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${ADMIN_EMAIL} > ${GPG_ASC} sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${MISP_EMAIL-$ADMIN_EMAIL} > ${GPG_ASC}
else else
echo "... found exported key ${GPG_ASC}" echo "... found exported key ${GPG_ASC}"
fi fi
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
@ -101,26 +103,26 @@ apply_updates() {
init_user() { init_user() {
# Create the main user if it is not there already # Create the main user if it is not there already
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
echo "... setting admin email to '${ADMIN_EMAIL}'"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" ${ADMIN_EMAIL}
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD} echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
if [ ! -z "$ADMIN_ORG" ]; then if [ ! -z "$ADMIN_ORG" ]; then
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD} echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
fi fi
if [ "$AUTOCONF_ADMIN_KEY" == "true" ]; then if [ -n "$ADMIN_KEY" ]; then
if [ ! -z "$ADMIN_KEY" ]; then echo "... setting admin key to '${ADMIN_KEY}'"
echo "... setting admin key to '${ADMIN_KEY}'" CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}") elif [ -z "$ADMIN_KEY" ] && [ "$AUTOGEN_ADMIN_KEY" == "true" ]; then
else echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)" CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
fi
ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
echo "... admin user key set to '${ADMIN_KEY}'"
else else
ADMIN_KEY="" echo "... admin user key auto generation disabled"
echo "... admin user key auto configuration disabled" fi
if [[ -v CHANGE_CMD[@] ]]; then
ADMIN_KEY=$("${CHANGE_CMD[@]}" | awk 'END {print $NF; exit}')
echo "... admin user key set to '${ADMIN_KEY}'"
fi fi
if [ ! -z "$ADMIN_PASSWORD" ]; then if [ ! -z "$ADMIN_PASSWORD" ]; then
@ -129,9 +131,9 @@ init_user() {
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value") PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/' sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD} sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" ${PASSWORD_POLICY} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" "${PASSWORD_POLICY}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" ${PASSWORD_LENGTH} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" "${PASSWORD_LENGTH}"
else else
echo "... setting admin password skipped" echo "... setting admin password skipped"
fi fi

View File

@ -1,24 +1,25 @@
MISP_TAG=v2.4.174 MISP_TAG=v2.4.174
MODULES_TAG=v2.4.174 MODULES_TAG=v2.4.174
PHP_VER=20190902 PHP_VER=20190902
# MISP_COMMIT takes precedence over MISP_TAG # MISP_COMMIT takes precedence over MISP_TAG
# MISP_COMMIT=c56d537 # MISP_COMMIT=c56d537
# MODULES_COMMIT takes precedence over MODULES_TAG # MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3 # MODULES_COMMIT=de69ae3
# default to MISP's default (admin@admin.test) # Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL= ADMIN_EMAIL=
# default to MISP's default (Org1) # name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG= ADMIN_ORG=
# default to an automatically generated one # defaults to an automatically generated one
ADMIN_KEY= ADMIN_KEY=
# default to MISP's default (admin) # defaults to MISP's default (admin)
ADMIN_PASSWORD= ADMIN_PASSWORD=
# default to 'passphrase' # defaults to 'passphrase'
GPG_PASSPHRASE= GPG_PASSPHRASE=
# default to 1 (the admin user) # defaults to 1 (the admin user)
CRON_USER_ID= CRON_USER_ID=
# default to 'https://localhost' # defaults to 'https://localhost'
HOSTNAME= HOSTNAME=
# optional and used by the mail sub-system # optional and used by the mail sub-system
@ -28,10 +29,30 @@ SMARTHOST_USER=
SMARTHOST_PASSWORD= SMARTHOST_PASSWORD=
SMARTHOST_ALIASES= SMARTHOST_ALIASES=
# comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1) # optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS= SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml # note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL= SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME= SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID= SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY= SYNCSERVERS_1_KEY=
# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.
# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=
# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=
# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true
# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true