MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #112 from stevengoossensB/master 

Use installer script to install MISP and clean up repository
Alexandre Dulaunoy 2021-04-14 22:54:52 +02:00 committed by GitHub
parent 36701a66f4 7502ec9c87
commit 8137e2154d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 3351 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.travis.yml
View File

@ -13,4 +13,3 @@ before_install:
script:
- docker-compose build
- docker-compose -f docker-compose-nginx.yml build

37
README.md
View File

@ -7,24 +7,20 @@ The files in this repository are used to create a Docker container running a [MI
I rewrote the Docker file to split the components in multiple containers (which is more in the philosophy of Docker). Therefore there is no longer a Dockerfile in the root directory.
The MISP container needs at least a MySQL container to store the data. By default it listen to port 80. I highly recommend to serve it behind a NGinx or Apache reverse proxy.
The MISP container needs at least a MySQL container to store the data. By default it listen to port 443 and port 80, which is redirected to 443.
The build is based on Ubuntu and will install all the required components. The following configuration steps are performed automatically:
The build is based on Ubuntu and will install all the required components, using the INSTALL script provided in the MISP repository.
Using the Install script has the advantage that we can rely on a tested installation routine which is maintained and kept up to date. The amount of custom work to be done in the Dockerfile and run.sh files is limited to the necessary to make MISP container compliant.
The following configuration steps are performed automatically:
* Reconfiguration of the base URL in `config.php`
* Generation of a new salt in `config.php`
* Generation of a self-signed certificate
* Optimization of the PHP environment (php.ini) to match the MISP recommended values
* Creation of the MySQL database
* Generation of the admin PGP key
## Config
* add your "*.crt" and "*.key" files to the ./proxy/ssl folder
If not implementing SSL (not recommended) then simply comment out the appropriate lines in the "./proxy/default.conf" file.
* Update "server_name" in default.conf file (will implement ENVIRONMENT VARIABLE in the future)
# Optional NGINX config
Included is an optional Docker Compose file 'docker-compose-nginx.yml' to spin up a reverse proxy to sit in front of MISP.
* Installation of misp modules
# Building your image
@ -41,27 +37,12 @@ $ vi .env
```
$ docker-compose build
or
$ docker-compose -f docker-compose-nginx.yml build
$ docker-compose -f docker-compose.yml build
```
## Run containers
```
$ docker-compose up
or
$ docker-compose -f docker-compose-nginx.yml up
$ docker-compose -f docker-compose.yml up
```
# Optional NGINX config - SSL certificates
You can create the certificates manually if they are not automatically created.
```
openssl req -new -nodes -x509 -subj "/C=BE/ST=Brussels/L=Brussels/O=CTI/CN=localhost" -days 3650 -newkey rsa:4096 -keyout proxy/ssl/misp.key -out proxy/ssl/misp.crt
```
Then rebuild the proxy container and restart al the containers.
```
docker-compose -f docker-compose-nginx.yml build --no-cache proxy
docker-compose -f docker-compose-nginx.yml up
```

44
docker-compose-nginx.yml
View File

@ -1,44 +0,0 @@
version: '2'
services:
proxy:
build:
context: proxy
container_name: misp_proxy
restart: unless-stopped
image: misp-proxy:latest
ports:
- 80:80
- 443:443
web:
build: web
container_name: misp_web
image: misp:latest
restart: unless-stopped
volumes:
- /dev/urandom:/dev/random
- ${DATA_DIR}/web:/var/www/MISP
environment:
- MYSQL_HOST=${MYSQL_HOST}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MISP_ADMIN_EMAIL=${MISP_ADMIN_EMAIL}
- MISP_ADMIN_PASSPHRASE=${MISP_ADMIN_PASSPHRASE}
- MISP_BASEURL=${MISP_BASEURL}
- POSTFIX_RELAY_HOST=${POSTFIX_RELAY_HOST}
- TIMEZONE=${TIMEZONE}
db:
container_name: misp_db
image: mysql/mysql-server:5.7
restart: unless-stopped
volumes:
- ${DATA_DIR}/db:/var/lib/mysql
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}

3
docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '2'
version: '3'
services:
web:
@ -10,6 +10,7 @@ services:
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /dev/urandom:/dev/random
- ${DATA_DIR}/web:/var/www/MISP

10
proxy/Dockerfile
View File

@ -1,10 +0,0 @@
FROM nginx:1.18
# default conf for proxy service
COPY ./default.conf /etc/nginx/conf.d/default.conf
# Proxy and SSL configurations
COPY ./includes/ /etc/nginx/includes/
# Proxy SSL certificates
COPY ./ssl/ /etc/ssl/certs/nginx/

26
proxy/default.conf
View File

@ -1,26 +0,0 @@
# plain http redirect to https
server {
listen 80;
listen [::]:80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
# main server, reverse proxy to 'web' container
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name localhost;
# Path for SSL config/key/certificate
ssl_certificate /etc/ssl/certs/nginx/misp.crt;
ssl_certificate_key /etc/ssl/certs/nginx/misp.key;
include /etc/nginx/includes/ssl.conf;
location / {
include /etc/nginx/includes/proxy.conf;
proxy_pass http://web;
}
access_log off;
error_log /var/log/nginx/error.log error;
}

8
proxy/includes/proxy.conf
View File

@ -1,8 +0,0 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_intercept_errors on;

7
proxy/includes/ssl.conf
View File

@ -1,7 +0,0 @@
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHAECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

0
proxy/ssl/place_certs_here
View File

2
template.env
View File

@ -1,4 +1,4 @@
MYSQL_HOST=db
MYSQL_HOST=misp-db
MYSQL_DATABASE=misp
MYSQL_USER=misp
MYSQL_PASSWORD=misp

154
web/Dockerfile
View File

@ -1,152 +1,40 @@
FROM ubuntu:focal
FROM ubuntu:latest
# Install core components
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean && \
apt-get dist-upgrade -y && apt-get upgrade && apt-get autoremove -y && apt-get clean && \
apt-get install -y software-properties-common && \
apt-get install -y postfix && \
apt-get install -y mysql-client curl gcc git gnupg-agent \
make python openssl redis-server sudo vim zip locales
make openssl redis-server sudo vim zip locales wget iproute2 supervisor cron
RUN add-apt-repository ppa:deadsnakes/ppa
RUN apt-get update && apt-get -y install python3.9 python3-pip
RUN pip3 install --upgrade pip
RUN locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8
# Apache
RUN apt-get install -y apache2 apache2-doc apache2-utils && \
a2dismod status && \
a2dissite 000-default
RUN useradd misp && usermod -aG sudo misp
# Install script
COPY INSTALL_NODB.sh .
RUN chmod +x INSTALL_NODB.sh
RUN echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# PHP 7.4 and install MySQL PDO extension
RUN apt-get update
RUN apt-get install -y --fix-missing libapache2-mod-php php php-dev php-json \
php-mysql php-redis php-xml php-mbstring \
php-gd php-pear php-opcache \
pkg-config libbson-1.0 libmongoc-1.0-0 \
php-zip php-bcmath php-intl
# Fix php.ini with recommended settings
RUN sed -i \
-e "s/max_execution_time = 30/max_execution_time = 300/" \
-e "s/memory_limit = 128M/memory_limit = 2048M/" \
-e "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" \
-e "s/post_max_size = 8M/post_max_size = 50M/" \
/etc/php/7.4/apache2/php.ini
USER misp
RUN apt-get install -y python3-dev python3-pip python3-setuptools \
python3-lxml libjpeg-dev \
libxml2-dev libxslt1-dev zlib1g-dev libfuzzy-dev && \
apt-get install -y cron logrotate supervisor syslog-ng-core && \
apt-get clean
WORKDIR /var/www
RUN chown www-data:www-data /var/www
USER www-data
RUN git clone https://github.com/MISP/MISP.git
WORKDIR /var/www/MISP
RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) && \
git config core.filemode false && \
git submodule update --init --recursive && \
git submodule foreach --recursive git config core.filemode false
RUN bash INSTALL_NODB.sh -A -u
USER root
RUN pip3 install git+https://github.com/STIXProject/python-stix.git \
git+https://github.com/CybOXProject/python-cybox.git \
git+https://github.com/CybOXProject/mixbox.git \
git+https://github.com/MAECProject/python-maec.git \
/var/www/MISP/cti-python-stix2 \
plyara
USER www-data
WORKDIR /var/www/MISP
RUN git submodule init && git submodule update
WORKDIR /var/www/MISP/app
RUN pip3 list -o | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U ; exit 0 #Hack error code
# FIX COMPOSER
RUN curl --fail --location -o composer-setup.php https://getcomposer.org/installer && \
EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)"; php -r "if (hash_file('sha384', 'composer-setup.php') == '$(echo $EXPECTED_SIGNATURE)' ) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
php composer-setup.php && \
php -r "unlink('composer-setup.php');"
# END FIX
RUN php composer.phar update && \
php composer.phar config vendor-dir Vendor && \
php composer.phar install --ignore-platform-reqs
USER root
RUN phpenmod redis
USER www-data
RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
# Fix permissions
USER root
RUN chown -R www-data:www-data /var/www/MISP && \
chmod -R 750 /var/www/MISP && \
chmod -R g+ws /var/www/MISP/app/tmp && \
chmod -R g+ws /var/www/MISP/app/files && \
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp && \
chmod +x /var/www/MISP/app/Console/cake
RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
# Preconfigure setting for packages
RUN echo "postfix postfix/main_mailer_type string Local only" \
| debconf-set-selections && \
echo "postfix postfix/mailname string localhost.localdomain" | \
debconf-set-selections
# Redis Setup
RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf
RUN sed -i 's/^\(bind\s*\)127.0.0.1 ::1\s*$/\1127.0.0.1/g' /etc/redis/redis.conf
# Add a healthcheck endpoint
COPY healthcheck.patch healthcheck.patch
RUN patch /var/www/MISP/INSTALL/apache.misp.ubuntu < healthcheck.patch
# Apache Setup
RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf && \
a2dissite 000-default && \
a2ensite misp && \
a2enmod rewrite && \
a2enmod headers
# MISP base configuration
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php && \
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php && \
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php && \
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php && \
chown -R www-data:www-data /var/www/MISP/app/Config && \
chmod -R 750 /var/www/MISP/app/Config
# Replace the default salt
RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php
# Enable workers at boot time
RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh && \
echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local
# Install templates & stuff
WORKDIR /var/www/MISP/app/files
RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git && \
rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git && \
rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists && \
rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies && \
chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies
# Install MISP build requirements
RUN sudo -E apt-get -y install libpoppler97 libpoppler-dev libpoppler-cpp-dev
# Install MISP Modules
WORKDIR /opt
RUN git clone --branch v2.4.134 https://github.com/MISP/misp-modules.git
RUN cd misp-modules && \
pip3 install --upgrade pip setuptools wheel && \
pip3 install scikit-build && \
pip3 install opencv-python && \
pip3 install -I -r REQUIREMENTS && \
pip3 install -I . && \
echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
# Supervisord Setup
RUN ( \
@ -173,20 +61,18 @@ RUN ( \
echo 'autorestart = false'; \
echo ''; \
echo '[program:misp-modules]'; \
echo 'command=/bin/bash -c "misp-modules -s -l 127.0.0.1"'; \
echo 'command=/bin/bash -c "/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s"'; \
echo 'user = www-data'; \
echo 'startsecs = 0'; \
echo 'autorestart = false'; \
) >> /etc/supervisor/conf.d/supervisord.conf
# Modify syslog configuration
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
# Add run script
# Trigger to perform first boot operations
ADD run.sh /run.sh
RUN mv /etc/apache2/sites-available/misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf.bak
ADD misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
WORKDIR /var/www/MISP
RUN tar czpf /root/MISP.tgz .

3243
web/INSTALL_NODB.sh Executable file
View File

File diff suppressed because it is too large Load Diff

1
web/INSTALL_NODB.sh.sha1 Normal file
View File

@ -0,0 +1 @@
a49d5521f405d20fc3dea76ee995e067d01c5c2c INSTALL_NODB.sh

1
web/INSTALL_NODB.sh.sha256 Normal file
View File

@ -0,0 +1 @@
8660be136c0127091888ef38a71eb551dba5fe4e0a2d4f53b5b9479a675da6b1 INSTALL_NODB.sh

1
web/INSTALL_NODB.sh.sha384 Normal file
View File

@ -0,0 +1 @@
03b5185082c6d77184520214cf2c263fd46068109c8972ede393b6bd0d99a30e7552ee6e70de5c87f9aea5ba41cd5f9f INSTALL_NODB.sh

1
web/INSTALL_NODB.sh.sha512 Normal file
View File

@ -0,0 +1 @@
92bb3778f344bb0673713e34a10cba99487d59c94e469c0a1b7de3a526169daef0d387b7bbff7a1bca49c67232ee1cfa2461e7d8caebb31554f3811e4350f111 INSTALL_NODB.sh

55
web/misp-ssl.conf Normal file
View File

@ -0,0 +1,55 @@
<VirtualHost *:80>
ServerAdmin serveradmin@misp.local
ServerName misp.local
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/misp.local_p80_error.log
CustomLog /var/log/apache2/misp.local_p80_access.log combined
Header always unset "X-Powered-By"
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
ServerAdmin serveradmin@misp.local
ServerName misp.local
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
SSLEngine On
# The line below disable unsecure Ciphers, might be enabled by default
# SSLCipherSuite HIGH:!aNULL:!MD5
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always unset "X-Powered-By"
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
## Example:
# Header always set X-XSS-Protection "1; mode=block"
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
</VirtualHost>

41
web/run.sh
View File

@ -2,10 +2,12 @@
#
# MISP docker startup script
# Xavier Mertens <xavier@rootshell.be>
# Steven Goossens <steven@teamg.be>
#
# 2017/05/17 - Created
# 2017/05/31 - Fixed small errors
# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal)
# 2021/03/09 - Update to work with the install script provided by MISP. Includes https support, Python venv,...
#
set -e
@ -89,7 +91,7 @@ if [ -r /.firstboot.tmp ]; then
# MISP configuration
echo "Creating MISP configuration files"
cd /var/www/MISP/app/Config
cp -a database.default.php database.php
cp -a database.default.php database.php
sed -i "s/localhost/$MYSQL_HOST/" database.php
sed -i "s/db\s*login/$MYSQL_USER/" database.php
sed -i "s/8889/3306/" database.php
@ -102,28 +104,9 @@ if [ -r /.firstboot.tmp ]; then
echo "Fixing the MISP base URL ($MISP_BASEURL) ..."
sed -i "s@'baseurl'[\t ]*=>[\t ]*'',@'baseurl' => '$MISP_BASEURL',@g" /var/www/MISP/app/Config/config.php
fi
# Generate the admin user PGP key
echo "Creating admin GnuPG key"
if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then
echo "No admin details provided, don't forget to generate the PGP key manually!"
else
echo "Generating admin PGP key ... (please be patient, we need some entropy)"
cat >/tmp/gpg.tmp <<GPGEOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Name-Real: MISP Admin
Name-Email: $MISP_ADMIN_EMAIL
Expire-Date: 0
Passphrase: $MISP_ADMIN_PASSPHRASE
%commit
%echo Done
GPGEOF
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key --batch /tmp/gpg.tmp >>/tmp/install.log
rm -f /tmp/gpg.tmp
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_ADMIN_EMAIL > /var/www/MISP/app/webroot/gpg.asc
fi
#Redis should not run as a daemon
sed -i "s/daemonize yes/daemonize no/g" /etc/redis/redis.conf
# Display tips
cat <<__WELCOME__
@ -134,6 +117,15 @@ Don't forget:
- Change the MISP admin email address to $MISP_ADMIN_EMAIL
__WELCOME__
#Add crontab to sync data from remote servers
service cron start
##Schedule to sync all servers every hour
{ crontab -l 2>/dev/null || true; echo "0 * * * * /var/www/MISP/app/Console/cake Server pullAll 2 full"; } | crontab -
##Schedule to fetch all feeds at 1 am
{ crontab -l 2>/dev/null || true; echo "0 1 * * * /var/www/MISP/app/Console/cake Server fetchFeed 2 all"; } | crontab -
rm -f /.firstboot.tmp
fi
@ -141,11 +133,12 @@ fi
# non-live will make it live again if the container restarts. That seems
# better than the default which is that MISP is non-live on container restart.
# Ideally live/non-live would be persisted in the database.
/var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
/var/www/MISP/app/Console/cake live 1
chown www-data:www-data /var/www/MISP/app/Config/config.php*
# Start supervisord
echo "Starting supervisord"
cd /
exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
exec supervisord -c /etc/supervisor/conf.d/supervisord.conf