From 90994c86d0e06f1c9d21fdf938473983e51e88f7 Mon Sep 17 00:00:00 2001 From: Jason Kendall Date: Thu, 28 Nov 2019 17:46:30 -0500 Subject: [PATCH] organize and cleanup --- README.md | 2 +- docker-compose.yml | 2 +- server/files/entrypoint_apache.sh | 71 ++++++++++--------------------- 3 files changed, 25 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 42b9baa..8e9ba2f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # docker-misp A (nearly) production ready Dockered MISP -This is based on some of the work from the DSCO docker build. +This is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten. Getting Started: - Copy the "default" configs removing "default" and edit the files in `server-configs` diff --git a/docker-compose.yml b/docker-compose.yml index efff8a2..e025376 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,7 +31,7 @@ services: - "CRON_USER_ID=1" - "REDIS_FQDN=redis" - "MYSQL_PASSWORD=example" - - "INIT_MYSQL=true" # Lack of "IF NOT EXISTS" in sql dump.. sigh + - "INIT=true" # Initialze MISP, things includes, attempting to import SQL and the Files DIR misp-modules: image: misp-modules diff --git a/server/files/entrypoint_apache.sh b/server/files/entrypoint_apache.sh index 7ec1088..868eff6 100755 --- a/server/files/entrypoint_apache.sh +++ b/server/files/entrypoint_apache.sh @@ -7,7 +7,6 @@ MISP_APP_CONFIG_PATH=/var/www/MISP/app/Config [ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example [ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp [ -z "$REDIS_FQDN" ] && REDIS_FQDN=redis - [ -z "$MYSQLCMD" ] && MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" ENTRYPOINT_PID_FILE="/entrypoint_apache.install" @@ -23,6 +22,10 @@ change_php_vars(){ done } +setup_cake_config(){ + sed -i "s/'host' => 'localhost'.*/'host' => '$REDIS_FQDN', \/\/ Redis server hostname/" "/var/www/MISP/app/Plugin/CakeResque/Config/config.php" +} + init_misp_config(){ [ -f $MISP_APP_CONFIG_PATH/bootstrap.php ] || cp $MISP_APP_CONFIG_PATH/bootstrap.default.php $MISP_APP_CONFIG_PATH/bootstrap.php [ -f $MISP_APP_CONFIG_PATH/database.php ] || cp $MISP_APP_CONFIG_PATH/database.default.php $MISP_APP_CONFIG_PATH/database.php @@ -33,10 +36,6 @@ init_misp_config(){ sed -i "s/localhost/$MYSQL_HOST/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/db\s*login/$MYSQL_USER/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/db\s*password/$MYSQL_PASSWORD/" $MISP_APP_CONFIG_PATH/database.php - - #### CAKE #### - echo "Configure Cake | Change Redis host to $REDIS_FQDN" - sed -i "s/'host' => 'localhost'.*/'host' => '$REDIS_FQDN', \/\/ Redis server hostname/" "/var/www/MISP/app/Plugin/CakeResque/Config/config.php" } init_misp_files(){ @@ -46,23 +45,14 @@ init_misp_files(){ fi } -check_mysql(){ +init_mysql(){ # Test when MySQL is ready.... - - # Test if entrypoint_local_mariadb.sh is ready - sleep 5 - while (true) - do - [ ! -f /var/lib/mysql/entrypoint_local_mariadb.sh.pid ] && break - sleep 5 - done - # wait for Database come ready isDBup () { echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null echo $? } - + RETRY=100 until [ $(isDBup) -eq 0 ] || [ $RETRY -le 0 ] ; do echo "Waiting for database to come up" @@ -74,18 +64,7 @@ check_mysql(){ exit 1 fi -} - -init_mysql(){ - ##################################################################### - if [[ "$INIT_MYSQL" == true ]]; then - check_mysql - # import MISP DB Scheme - echo "... importing MySQL scheme..." - $MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql - echo "MySQL import...finished" - fi - echo + $MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql } start_apache() { @@ -95,31 +74,27 @@ start_apache() { /usr/sbin/apache2ctl -D FOREGROUND -k "$1" } +# Things we should do when we have the INITIALIZE Env Flag +if [[ "$INIT" == true ]]; then + echo "Import MySQL scheme..." && init_mysql + echo "Setup MISP files dir..." && init_misp_files +fi -##### check MySQL -echo "Check if MySQL is ready..." && check_mysql - -# Change PHP VARS -echo "Change PHP values ..." && change_php_vars - -##### Import MySQL scheme -echo "Import MySQL scheme..." && init_mysql - -##### initialize MISP-Server +# Things we should do if we're configuring MISP via ENV echo "Initialize misp base config..." && init_misp_config -echo "Make sure files dir is setup..." && init_misp_files - -##### Check permissions ##### - echo "Configure MISP | Check permissions..." - echo "... chown -R www-data.www-data /var/www/MISP..." && find /var/www/MISP -not -user www-data -exec chown www-data.www-data {} + - echo "... chmod -R 0750 /var/www/MISP..." && find /var/www/MISP -perm 550 -type f -exec chmod 0550 {} + && find /var/www/MISP -perm 770 -type d -exec chmod 0770 {} + - echo "... chmod -R g+ws /var/www/MISP/app/tmp..." && chmod -R g+ws /var/www/MISP/app/tmp - echo "... chmod -R g+ws /var/www/MISP/app/files..." && chmod -R g+ws /var/www/MISP/app/files - echo "... chmod -R g+ws /var/www/MISP/app/files/scripts/tmp" && chmod -R g+ws /var/www/MISP/app/files/scripts/tmp +# Things that should ALWAYS happen +echo "Configure PHP | Change PHP values ..." && change_php_vars +echo "Configure Cake | Change Redis host to $REDIS_FQDN ... " && setup_cake_config +echo "Configure MISP | Enforce permissions ..." +echo "... chown -R www-data.www-data /var/www/MISP ..." && find /var/www/MISP -not -user www-data -exec chown www-data.www-data {} + +echo "... chmod -R 0750 /var/www/MISP ..." && find /var/www/MISP -perm 550 -type f -exec chmod 0550 {} + && find /var/www/MISP -perm 770 -type d -exec chmod 0770 {} + +echo "... chmod -R g+ws /var/www/MISP/app/tmp ..." && chmod -R g+ws /var/www/MISP/app/tmp +echo "... chmod -R g+ws /var/www/MISP/app/files ..." && chmod -R g+ws /var/www/MISP/app/files +echo "... chmod -R g+ws /var/www/MISP/app/files/scripts/tmp ..." && chmod -R g+ws /var/www/MISP/app/files/scripts/tmp # delete pid file [ -f $ENTRYPOINT_PID_FILE ] && rm $ENTRYPOINT_PID_FILE -##### execute apache +# execute apache start_apache start