From 57ce60ab6653f988be67a1c10a2629320936ab3d Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Sun, 25 Aug 2024 12:32:36 +0100 Subject: [PATCH] Fix race conditions and typos --- core/files/configure_misp.sh | 8 ++++---- core/files/entrypoint.sh | 2 +- core/files/entrypoint_fpm.sh | 8 +++++++- core/files/entrypoint_nginx.sh | 3 +++ core/files/etc/misp-docker/initialisation.defaults.json | 6 ------ core/files/etc/misp-docker/initialisation.envars.json | 9 --------- core/files/etc/misp-docker/minimum_config.defaults.json | 3 +++ core/files/etc/misp-docker/minimum_config.envars.json | 9 +++++++++ core/files/etc/misp-docker/optional.defaults.json | 3 +++ 9 files changed, 30 insertions(+), 21 deletions(-) diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh index 43ddf31..c566903 100755 --- a/core/files/configure_misp.sh +++ b/core/files/configure_misp.sh @@ -419,24 +419,24 @@ echo "MISP | Update CA certificates ..." && update_ca_certificates echo "MISP | Apply minimum configuration directives ..." && init_minimum_config -echo "MISP | Apply DB updates ..." && apply_updates - echo "MISP | Initialize configuration ..." && init_configuration echo "MISP | Initialize workers ..." && init_workers +echo "MISP | Apply DB updates ..." && apply_updates + echo "MISP | Configure GPG key ..." && configure_gnupg echo "MISP | Init default user and organization ..." && init_user echo "MISP | Resolve critical issues ..." && apply_critical_fixes +echo "MISP | Update components ..." && update_components + echo "MISP | Resolve non-critical issues ..." && apply_optional_fixes echo "MISP | Create sync servers ..." && create_sync_servers -echo "MISP | Update components ..." && update_components - echo "MISP | Set Up OIDC ..." && set_up_oidc echo "MISP | Set Up LDAP ..." && set_up_ldap diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh index 3a8d954..4279010 100755 --- a/core/files/entrypoint.sh +++ b/core/files/entrypoint.sh @@ -41,7 +41,7 @@ export PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-2048M} export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300} export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M} export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M} -export PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300} +export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300} # start supervisord using the main configuration file so we have a socket interface /usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh index 3e4578b..e5462b9 100755 --- a/core/files/entrypoint_fpm.sh +++ b/core/files/entrypoint_fpm.sh @@ -12,12 +12,18 @@ change_php_vars() { for FILE in /etc/php/*/fpm/php.ini do [[ -e $FILE ]] || break + echo "Configure PHP | Setting 'memory_limit = ${PHP_MEMORY_LIMIT}'" sed -i "s/memory_limit = .*/memory_limit = ${PHP_MEMORY_LIMIT}/" "$FILE" + echo "Configure PHP | Setting 'max_execution_time = ${PHP_MAX_EXECUTION_TIME}'" sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE" + echo "Configure PHP | Setting 'upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}'" sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE" + echo "Configure PHP | Setting 'post_max_size = ${PHP_POST_MAX_SIZE}'" sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE" - sed -i "s/max_input_time = .*/max_input_time = ${PHP_MAX_INPUT_TIME}|" "$FILE" + echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'" + sed -i "s/max_input_time = .*/max_input_time = ${PHP_MAX_INPUT_TIME}/" "$FILE" sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE" + echo "Configure PHP | Setting 'session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'" sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE" sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE" sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE" diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh index 118ac15..99ef52c 100755 --- a/core/files/entrypoint_nginx.sh +++ b/core/files/entrypoint_nginx.sh @@ -287,5 +287,8 @@ if [[ -x /custom/files/customize_misp.sh ]]; then /custom/files/customize_misp.sh fi +# Restart PHP workers +supervisorctl restart php-fpm + # Wait for it wait "$master_pid" diff --git a/core/files/etc/misp-docker/initialisation.defaults.json b/core/files/etc/misp-docker/initialisation.defaults.json index 2653a57..135715b 100644 --- a/core/files/etc/misp-docker/initialisation.defaults.json +++ b/core/files/etc/misp-docker/initialisation.defaults.json @@ -80,9 +80,6 @@ "MISP.event_alert_republish_ban_threshold": { "default_value": 120 }, - "Plugin.ZeroMQ_enable": { - "default_value": false - }, "Plugin.Enrichment_services_enable": { "default_value": true }, @@ -98,9 +95,6 @@ "Plugin.Cortex_services_enable": { "default_value": false }, - "Plugin.Workflow_enable": { - "default_value": true - }, "Security.advanced_authkeys": { "default_value": true }, diff --git a/core/files/etc/misp-docker/initialisation.envars.json b/core/files/etc/misp-docker/initialisation.envars.json index 32fa502..adfbe97 100644 --- a/core/files/etc/misp-docker/initialisation.envars.json +++ b/core/files/etc/misp-docker/initialisation.envars.json @@ -12,15 +12,6 @@ "MISP.contact": { "default_value": "${SETTING_CONTACT}" }, - "Plugin.ZeroMQ_redis_host": { - "default_value": "${REDIS_HOST}" - }, - "Plugin.ZeroMQ_redis_port": { - "default_value": "${REDIS_PORT}" - }, - "Plugin.ZeroMQ_redis_password": { - "default_value": "${REDIS_PASSWORD}" - }, "Plugin.Enrichment_services_url": { "default_value": "${MISP_MODULES_FQDN}" }, diff --git a/core/files/etc/misp-docker/minimum_config.defaults.json b/core/files/etc/misp-docker/minimum_config.defaults.json index ae38772..4ff7df6 100644 --- a/core/files/etc/misp-docker/minimum_config.defaults.json +++ b/core/files/etc/misp-docker/minimum_config.defaults.json @@ -33,6 +33,9 @@ "MISP.menu_custom_right_link_html": { "default_value": "" }, + "Plugin.ZeroMQ_enable": { + "default_value": false + }, "Security.rest_client_enable_arbitrary_urls": { "default_value": false }, diff --git a/core/files/etc/misp-docker/minimum_config.envars.json b/core/files/etc/misp-docker/minimum_config.envars.json index 1d84687..15ab76f 100644 --- a/core/files/etc/misp-docker/minimum_config.envars.json +++ b/core/files/etc/misp-docker/minimum_config.envars.json @@ -11,6 +11,15 @@ "MISP.redis_password": { "default_value": "${REDIS_PASSWORD}" }, + "Plugin.ZeroMQ_redis_host": { + "default_value": "${REDIS_HOST}" + }, + "Plugin.ZeroMQ_redis_port": { + "default_value": "${REDIS_PORT}" + }, + "Plugin.ZeroMQ_redis_password": { + "default_value": "${REDIS_PASSWORD}" + }, "GnuPG.binary": { "default_value": "${GPG_BINARY}" }, diff --git a/core/files/etc/misp-docker/optional.defaults.json b/core/files/etc/misp-docker/optional.defaults.json index b876e4c..85643db 100644 --- a/core/files/etc/misp-docker/optional.defaults.json +++ b/core/files/etc/misp-docker/optional.defaults.json @@ -21,5 +21,8 @@ }, "Plugin.Enrichment_hover_timeout": { "default_value": 5 + }, + "Plugin.Workflow_enable": { + "default_value": true } }