Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT

AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set,
that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic
generation.
AUTOCONF_GPG behaves as before.
MISP_EMAIL sets MISP.email and GPG-related email.
MISP_CONTACT sets MISP.contact (support email)
pull/1/head
Anders Einar Hilden 2023-08-01 17:59:47 +02:00 committed by Stefano Ortolani
parent 3429540b78
commit 2078a599fb
3 changed files with 54 additions and 31 deletions

View File

@ -65,7 +65,7 @@ Pull the entire repository, you can build the images using `docker-compose build
Once you have the docker container up you can access the container by running `docker-compose exec misp /bin/bash`. Once you have the docker container up you can access the container by running `docker-compose exec misp /bin/bash`.
This will provide you with a root shell. You can use `apt update` and then install any tools you wish to use. This will provide you with a root shell. You can use `apt update` and then install any tools you wish to use.
Finally, copy any changes you make outside of the container for commiting to your branch. Finally, copy any changes you make outside of the container for commiting to your branch.
`git diff -- [dir with changes]` could be used to reduce the number of changes in a patch file, however, be careful when using the `git diff` command. `git diff -- [dir with changes]` could be used to reduce the number of changes in a patch file, however, be careful when using the `git diff` command.
### Updating ### Updating
@ -92,7 +92,7 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
### Building ### Building
If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose build` If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose build`
## Image file sizes ## Image file sizes
@ -114,7 +114,7 @@ The `docker-compose.yml` file allows further configuration settings:
``` ```
"MYSQL_HOST=db" "MYSQL_HOST=db"
"MYSQL_USER=misp" "MYSQL_USER=misp"
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run. "MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
"MYSQL_DATABASE=misp" "MYSQL_DATABASE=misp"
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url "MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead) "WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)

View File

@ -15,6 +15,8 @@ init_configuration(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this # Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "... configuring default settings" echo "... configuring default settings"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${MISP_CONTACT-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3) sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
@ -60,7 +62,7 @@ configure_gnupg() {
Key-Type: RSA Key-Type: RSA
Key-Length: 3072 Key-Length: 3072
Name-Real: MISP Admin Name-Real: MISP Admin
Name-Email: $ADMIN_EMAIL Name-Email: ${MISP_EMAIL-$ADMIN_EMAIL}
Expire-Date: 0 Expire-Date: 0
Passphrase: $GPG_PASSPHRASE Passphrase: $GPG_PASSPHRASE
%commit %commit
@ -80,12 +82,12 @@ GPGEOF
if [ ! -f ${GPG_ASC} ]; then if [ ! -f ${GPG_ASC} ]; then
echo "... exporting GPG key" echo "... exporting GPG key"
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${ADMIN_EMAIL} > ${GPG_ASC} sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${MISP_EMAIL-$ADMIN_EMAIL} > ${GPG_ASC}
else else
echo "... found exported key ${GPG_ASC}" echo "... found exported key ${GPG_ASC}"
fi fi
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
@ -101,26 +103,26 @@ apply_updates() {
init_user() { init_user() {
# Create the main user if it is not there already # Create the main user if it is not there already
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
echo "... setting admin email to '${ADMIN_EMAIL}'"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" ${ADMIN_EMAIL}
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD} echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
if [ ! -z "$ADMIN_ORG" ]; then if [ ! -z "$ADMIN_ORG" ]; then
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD} echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
fi fi
if [ "$AUTOCONF_ADMIN_KEY" == "true" ]; then if [ -n "$ADMIN_KEY" ]; then
if [ ! -z "$ADMIN_KEY" ]; then echo "... setting admin key to '${ADMIN_KEY}'"
echo "... setting admin key to '${ADMIN_KEY}'" CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}") elif [ -z "$ADMIN_KEY" ] && [ "$AUTOGEN_ADMIN_KEY" == "true" ]; then
else echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)" CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
fi
ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
echo "... admin user key set to '${ADMIN_KEY}'"
else else
ADMIN_KEY="" echo "... admin user key auto generation disabled"
echo "... admin user key auto configuration disabled" fi
if [[ -v CHANGE_CMD[@] ]]; then
ADMIN_KEY=$("${CHANGE_CMD[@]}" | awk 'END {print $NF; exit}')
echo "... admin user key set to '${ADMIN_KEY}'"
fi fi
if [ ! -z "$ADMIN_PASSWORD" ]; then if [ ! -z "$ADMIN_PASSWORD" ]; then
@ -129,9 +131,9 @@ init_user() {
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value") PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/' sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD} sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" ${PASSWORD_POLICY} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" "${PASSWORD_POLICY}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" ${PASSWORD_LENGTH} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" "${PASSWORD_LENGTH}"
else else
echo "... setting admin password skipped" echo "... setting admin password skipped"
fi fi

View File

@ -1,24 +1,25 @@
MISP_TAG=v2.4.174 MISP_TAG=v2.4.174
MODULES_TAG=v2.4.174 MODULES_TAG=v2.4.174
PHP_VER=20190902 PHP_VER=20190902
# MISP_COMMIT takes precedence over MISP_TAG # MISP_COMMIT takes precedence over MISP_TAG
# MISP_COMMIT=c56d537 # MISP_COMMIT=c56d537
# MODULES_COMMIT takes precedence over MODULES_TAG # MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3 # MODULES_COMMIT=de69ae3
# default to MISP's default (admin@admin.test) # Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL= ADMIN_EMAIL=
# default to MISP's default (Org1) # name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG= ADMIN_ORG=
# default to an automatically generated one # defaults to an automatically generated one
ADMIN_KEY= ADMIN_KEY=
# default to MISP's default (admin) # defaults to MISP's default (admin)
ADMIN_PASSWORD= ADMIN_PASSWORD=
# default to 'passphrase' # defaults to 'passphrase'
GPG_PASSPHRASE= GPG_PASSPHRASE=
# default to 1 (the admin user) # defaults to 1 (the admin user)
CRON_USER_ID= CRON_USER_ID=
# default to 'https://localhost' # defaults to 'https://localhost'
HOSTNAME= HOSTNAME=
# optional and used by the mail sub-system # optional and used by the mail sub-system
@ -28,10 +29,30 @@ SMARTHOST_USER=
SMARTHOST_PASSWORD= SMARTHOST_PASSWORD=
SMARTHOST_ALIASES= SMARTHOST_ALIASES=
# comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1) # optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS= SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml # note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL= SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME= SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID= SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY= SYNCSERVERS_1_KEY=
# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.
# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=
# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=
# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true
# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true