mirror of https://github.com/MISP/misp-docker
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT
AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email)pull/1/head
parent
3429540b78
commit
2078a599fb
|
@ -65,7 +65,7 @@ Pull the entire repository, you can build the images using `docker-compose build
|
||||||
|
|
||||||
Once you have the docker container up you can access the container by running `docker-compose exec misp /bin/bash`.
|
Once you have the docker container up you can access the container by running `docker-compose exec misp /bin/bash`.
|
||||||
This will provide you with a root shell. You can use `apt update` and then install any tools you wish to use.
|
This will provide you with a root shell. You can use `apt update` and then install any tools you wish to use.
|
||||||
Finally, copy any changes you make outside of the container for commiting to your branch.
|
Finally, copy any changes you make outside of the container for commiting to your branch.
|
||||||
`git diff -- [dir with changes]` could be used to reduce the number of changes in a patch file, however, be careful when using the `git diff` command.
|
`git diff -- [dir with changes]` could be used to reduce the number of changes in a patch file, however, be careful when using the `git diff` command.
|
||||||
|
|
||||||
### Updating
|
### Updating
|
||||||
|
@ -92,7 +92,7 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
|
||||||
|
|
||||||
### Building
|
### Building
|
||||||
|
|
||||||
If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose build`
|
If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose build`
|
||||||
|
|
||||||
## Image file sizes
|
## Image file sizes
|
||||||
|
|
||||||
|
@ -114,7 +114,7 @@ The `docker-compose.yml` file allows further configuration settings:
|
||||||
```
|
```
|
||||||
"MYSQL_HOST=db"
|
"MYSQL_HOST=db"
|
||||||
"MYSQL_USER=misp"
|
"MYSQL_USER=misp"
|
||||||
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
|
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
|
||||||
"MYSQL_DATABASE=misp"
|
"MYSQL_DATABASE=misp"
|
||||||
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
|
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
|
||||||
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
|
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
|
||||||
|
|
|
@ -15,6 +15,8 @@ init_configuration(){
|
||||||
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
|
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
|
||||||
echo "... configuring default settings"
|
echo "... configuring default settings"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
|
||||||
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
|
||||||
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${MISP_CONTACT-$ADMIN_EMAIL}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
@ -60,7 +62,7 @@ configure_gnupg() {
|
||||||
Key-Type: RSA
|
Key-Type: RSA
|
||||||
Key-Length: 3072
|
Key-Length: 3072
|
||||||
Name-Real: MISP Admin
|
Name-Real: MISP Admin
|
||||||
Name-Email: $ADMIN_EMAIL
|
Name-Email: ${MISP_EMAIL-$ADMIN_EMAIL}
|
||||||
Expire-Date: 0
|
Expire-Date: 0
|
||||||
Passphrase: $GPG_PASSPHRASE
|
Passphrase: $GPG_PASSPHRASE
|
||||||
%commit
|
%commit
|
||||||
|
@ -80,12 +82,12 @@ GPGEOF
|
||||||
|
|
||||||
if [ ! -f ${GPG_ASC} ]; then
|
if [ ! -f ${GPG_ASC} ]; then
|
||||||
echo "... exporting GPG key"
|
echo "... exporting GPG key"
|
||||||
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${ADMIN_EMAIL} > ${GPG_ASC}
|
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${MISP_EMAIL-$ADMIN_EMAIL} > ${GPG_ASC}
|
||||||
else
|
else
|
||||||
echo "... found exported key ${GPG_ASC}"
|
echo "... found exported key ${GPG_ASC}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
|
||||||
|
@ -101,26 +103,26 @@ apply_updates() {
|
||||||
init_user() {
|
init_user() {
|
||||||
# Create the main user if it is not there already
|
# Create the main user if it is not there already
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
|
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
|
||||||
echo "... setting admin email to '${ADMIN_EMAIL}'"
|
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" ${ADMIN_EMAIL}
|
|
||||||
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
|
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
|
||||||
|
|
||||||
if [ ! -z "$ADMIN_ORG" ]; then
|
if [ ! -z "$ADMIN_ORG" ]; then
|
||||||
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
|
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$AUTOCONF_ADMIN_KEY" == "true" ]; then
|
if [ -n "$ADMIN_KEY" ]; then
|
||||||
if [ ! -z "$ADMIN_KEY" ]; then
|
echo "... setting admin key to '${ADMIN_KEY}'"
|
||||||
echo "... setting admin key to '${ADMIN_KEY}'"
|
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
|
||||||
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
|
elif [ -z "$ADMIN_KEY" ] && [ "$AUTOGEN_ADMIN_KEY" == "true" ]; then
|
||||||
else
|
echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
|
||||||
echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
|
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
|
||||||
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
|
|
||||||
fi
|
|
||||||
ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
|
|
||||||
echo "... admin user key set to '${ADMIN_KEY}'"
|
|
||||||
else
|
else
|
||||||
ADMIN_KEY=""
|
echo "... admin user key auto generation disabled"
|
||||||
echo "... admin user key auto configuration disabled"
|
fi
|
||||||
|
|
||||||
|
if [[ -v CHANGE_CMD[@] ]]; then
|
||||||
|
ADMIN_KEY=$("${CHANGE_CMD[@]}" | awk 'END {print $NF; exit}')
|
||||||
|
echo "... admin user key set to '${ADMIN_KEY}'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -z "$ADMIN_PASSWORD" ]; then
|
if [ ! -z "$ADMIN_PASSWORD" ]; then
|
||||||
|
@ -129,9 +131,9 @@ init_user() {
|
||||||
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
|
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD}
|
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" ${PASSWORD_POLICY}
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" "${PASSWORD_POLICY}"
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" ${PASSWORD_LENGTH}
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" "${PASSWORD_LENGTH}"
|
||||||
else
|
else
|
||||||
echo "... setting admin password skipped"
|
echo "... setting admin password skipped"
|
||||||
fi
|
fi
|
||||||
|
|
37
template.env
37
template.env
|
@ -1,24 +1,25 @@
|
||||||
MISP_TAG=v2.4.174
|
MISP_TAG=v2.4.174
|
||||||
MODULES_TAG=v2.4.174
|
MODULES_TAG=v2.4.174
|
||||||
PHP_VER=20190902
|
PHP_VER=20190902
|
||||||
|
|
||||||
# MISP_COMMIT takes precedence over MISP_TAG
|
# MISP_COMMIT takes precedence over MISP_TAG
|
||||||
# MISP_COMMIT=c56d537
|
# MISP_COMMIT=c56d537
|
||||||
# MODULES_COMMIT takes precedence over MODULES_TAG
|
# MODULES_COMMIT takes precedence over MODULES_TAG
|
||||||
# MODULES_COMMIT=de69ae3
|
# MODULES_COMMIT=de69ae3
|
||||||
|
|
||||||
# default to MISP's default (admin@admin.test)
|
# Email/username for user #1, defaults to MISP's default (admin@admin.test)
|
||||||
ADMIN_EMAIL=
|
ADMIN_EMAIL=
|
||||||
# default to MISP's default (Org1)
|
# name of org #1, default to MISP's default (ORGNAME)
|
||||||
ADMIN_ORG=
|
ADMIN_ORG=
|
||||||
# default to an automatically generated one
|
# defaults to an automatically generated one
|
||||||
ADMIN_KEY=
|
ADMIN_KEY=
|
||||||
# default to MISP's default (admin)
|
# defaults to MISP's default (admin)
|
||||||
ADMIN_PASSWORD=
|
ADMIN_PASSWORD=
|
||||||
# default to 'passphrase'
|
# defaults to 'passphrase'
|
||||||
GPG_PASSPHRASE=
|
GPG_PASSPHRASE=
|
||||||
# default to 1 (the admin user)
|
# defaults to 1 (the admin user)
|
||||||
CRON_USER_ID=
|
CRON_USER_ID=
|
||||||
# default to 'https://localhost'
|
# defaults to 'https://localhost'
|
||||||
HOSTNAME=
|
HOSTNAME=
|
||||||
|
|
||||||
# optional and used by the mail sub-system
|
# optional and used by the mail sub-system
|
||||||
|
@ -28,10 +29,30 @@ SMARTHOST_USER=
|
||||||
SMARTHOST_PASSWORD=
|
SMARTHOST_PASSWORD=
|
||||||
SMARTHOST_ALIASES=
|
SMARTHOST_ALIASES=
|
||||||
|
|
||||||
# comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
|
# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
|
||||||
|
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
|
||||||
SYNCSERVERS=
|
SYNCSERVERS=
|
||||||
# note: if you have more than one syncserver, you need to update docker-compose.yml
|
# note: if you have more than one syncserver, you need to update docker-compose.yml
|
||||||
SYNCSERVERS_1_URL=
|
SYNCSERVERS_1_URL=
|
||||||
SYNCSERVERS_1_NAME=
|
SYNCSERVERS_1_NAME=
|
||||||
SYNCSERVERS_1_UUID=
|
SYNCSERVERS_1_UUID=
|
||||||
SYNCSERVERS_1_KEY=
|
SYNCSERVERS_1_KEY=
|
||||||
|
|
||||||
|
# These variables allows overriding some MISP email values.
|
||||||
|
# They all default to ADMIN_EMAIL.
|
||||||
|
|
||||||
|
# MISP.email, used for notifications. Also used
|
||||||
|
# for GnuPG.email and GPG autogeneration.
|
||||||
|
# MISP_EMAIL=
|
||||||
|
|
||||||
|
# MISP.contact, the e-mail address that
|
||||||
|
# MISP should include as a contact address
|
||||||
|
# for the instance's support team.
|
||||||
|
# MISP_CONTACT=
|
||||||
|
|
||||||
|
# Enable GPG autogeneration (default true)
|
||||||
|
# AUTOCONF_GPG=true
|
||||||
|
|
||||||
|
# Enable admin (user #1) API key autogeneration
|
||||||
|
# if ADMIN_KEY is not set above (default true)
|
||||||
|
# AUTOGEN_ADMIN_KEY=true
|
||||||
|
|
Loading…
Reference in New Issue