mirror of https://github.com/MISP/misp-docker
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT
AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email)pull/1/head
Anders Einar Hilden
Stefano Ortolani
parent
3429540b78
commit
2078a599fb
|
|
@ -15,6 +15,8 @@ init_configuration(){
|
|||
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
|
||||
echo "... configuring default settings"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${MISP_CONTACT-$ADMIN_EMAIL}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
@ -60,7 +62,7 @@ configure_gnupg() {
|
|||
Key-Type: RSA
|
||||
Key-Length: 3072
|
||||
Name-Real: MISP Admin
|
||||
Name-Email: $ADMIN_EMAIL
|
||||
Name-Email: ${MISP_EMAIL-$ADMIN_EMAIL}
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
%commit
|
||||
|
|
@ -80,12 +82,12 @@ GPGEOF
|
|||
|
||||
if [ ! -f ${GPG_ASC} ]; then
|
||||
echo "... exporting GPG key"
|
||||
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${ADMIN_EMAIL} > ${GPG_ASC}
|
||||
sudo -u www-data gpg --homedir ${GPG_DIR} --export --armor ${MISP_EMAIL-$ADMIN_EMAIL} > ${GPG_ASC}
|
||||
else
|
||||
echo "... found exported key ${GPG_ASC}"
|
||||
fi
|
||||
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${MISP_EMAIL-$ADMIN_EMAIL}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
|
||||
|
|
@ -101,26 +103,26 @@ apply_updates() {
|
|||
init_user() {
|
||||
# Create the main user if it is not there already
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
|
||||
echo "... setting admin email to '${ADMIN_EMAIL}'"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" ${ADMIN_EMAIL}
|
||||
|
||||
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
|
||||
|
||||
if [ ! -z "$ADMIN_ORG" ]; then
|
||||
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
|
||||
fi
|
||||
|
||||
if [ "$AUTOCONF_ADMIN_KEY" == "true" ]; then
|
||||
if [ ! -z "$ADMIN_KEY" ]; then
|
||||
if [ -n "$ADMIN_KEY" ]; then
|
||||
echo "... setting admin key to '${ADMIN_KEY}'"
|
||||
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
|
||||
else
|
||||
elif [ -z "$ADMIN_KEY" ] && [ "$AUTOGEN_ADMIN_KEY" == "true" ]; then
|
||||
echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
|
||||
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
|
||||
fi
|
||||
ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
|
||||
echo "... admin user key set to '${ADMIN_KEY}'"
|
||||
else
|
||||
ADMIN_KEY=""
|
||||
echo "... admin user key auto configuration disabled"
|
||||
echo "... admin user key auto generation disabled"
|
||||
fi
|
||||
|
||||
if [[ -v CHANGE_CMD[@] ]]; then
|
||||
ADMIN_KEY=$("${CHANGE_CMD[@]}" | awk 'END {print $NF; exit}')
|
||||
echo "... admin user key set to '${ADMIN_KEY}'"
|
||||
fi
|
||||
|
||||
if [ ! -z "$ADMIN_PASSWORD" ]; then
|
||||
|
|
@ -129,9 +131,9 @@ init_user() {
|
|||
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD}
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" ${PASSWORD_POLICY}
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" ${PASSWORD_LENGTH}
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" "${PASSWORD_POLICY}"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" "${PASSWORD_LENGTH}"
|
||||
else
|
||||
echo "... setting admin password skipped"
|
||||
fi
|
||||
|
|
|
|||
37
template.env
37
template.env
|
|
@ -1,24 +1,25 @@
|
|||
MISP_TAG=v2.4.174
|
||||
MODULES_TAG=v2.4.174
|
||||
PHP_VER=20190902
|
||||
|
||||
# MISP_COMMIT takes precedence over MISP_TAG
|
||||
# MISP_COMMIT=c56d537
|
||||
# MODULES_COMMIT takes precedence over MODULES_TAG
|
||||
# MODULES_COMMIT=de69ae3
|
||||
|
||||
# default to MISP's default (admin@admin.test)
|
||||
# Email/username for user #1, defaults to MISP's default (admin@admin.test)
|
||||
ADMIN_EMAIL=
|
||||
# default to MISP's default (Org1)
|
||||
# name of org #1, default to MISP's default (ORGNAME)
|
||||
ADMIN_ORG=
|
||||
# default to an automatically generated one
|
||||
# defaults to an automatically generated one
|
||||
ADMIN_KEY=
|
||||
# default to MISP's default (admin)
|
||||
# defaults to MISP's default (admin)
|
||||
ADMIN_PASSWORD=
|
||||
# default to 'passphrase'
|
||||
# defaults to 'passphrase'
|
||||
GPG_PASSPHRASE=
|
||||
# default to 1 (the admin user)
|
||||
# defaults to 1 (the admin user)
|
||||
CRON_USER_ID=
|
||||
# default to 'https://localhost'
|
||||
# defaults to 'https://localhost'
|
||||
HOSTNAME=
|
||||
|
||||
# optional and used by the mail sub-system
|
||||
|
|
@ -28,10 +29,30 @@ SMARTHOST_USER=
|
|||
SMARTHOST_PASSWORD=
|
||||
SMARTHOST_ALIASES=
|
||||
|
||||
# comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
|
||||
# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
|
||||
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
|
||||
SYNCSERVERS=
|
||||
# note: if you have more than one syncserver, you need to update docker-compose.yml
|
||||
SYNCSERVERS_1_URL=
|
||||
SYNCSERVERS_1_NAME=
|
||||
SYNCSERVERS_1_UUID=
|
||||
SYNCSERVERS_1_KEY=
|
||||
|
||||
# These variables allows overriding some MISP email values.
|
||||
# They all default to ADMIN_EMAIL.
|
||||
|
||||
# MISP.email, used for notifications. Also used
|
||||
# for GnuPG.email and GPG autogeneration.
|
||||
# MISP_EMAIL=
|
||||
|
||||
# MISP.contact, the e-mail address that
|
||||
# MISP should include as a contact address
|
||||
# for the instance's support team.
|
||||
# MISP_CONTACT=
|
||||
|
||||
# Enable GPG autogeneration (default true)
|
||||
# AUTOCONF_GPG=true
|
||||
|
||||
# Enable admin (user #1) API key autogeneration
|
||||
# if ADMIN_KEY is not set above (default true)
|
||||
# AUTOGEN_ADMIN_KEY=true
|
||||
|
|
|
|||
Loading…
Reference in New Issue