diff --git a/docker-compose.yml b/docker-compose.yml index 17e76c6..33bec2c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,7 @@ services: - "./files/:/var/www/MISP/app/files" - "./ssl/:/etc/apache2/ssl/" environment: + - "CRON_USER_ID=1" - "MYSQL_PASSWORD=example" - "INIT_MYSQL=true" # Lack of "IF NOT EXISTS" in sql dump.. sigh diff --git a/server/Dockerfile b/server/Dockerfile index 628e4ca..1a3032b 100644 --- a/server/Dockerfile +++ b/server/Dockerfile @@ -8,6 +8,7 @@ ARG VERSION=2.4.118 apache2 \ supervisor \ git make \ + cron \ gcc \ zip unzip \ openssl \ @@ -106,10 +107,6 @@ ARG VERSION=2.4.118 ;a2enmod rewrite \ ;a2enmod headers -# MISP Update and MISP Cron - COPY --chown=www-data:www-data files/usr/local/bin/misp_update.sh /usr/local/bin/ - COPY --chown=www-data:www-data files/usr/local/bin/misp_cron.sh /usr/local/bin/ - # Make a copy of the file store, so we can sync from it RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist diff --git a/server/files/entrypoint_cron.sh b/server/files/entrypoint_cron.sh index dfd41c5..4e51a35 100755 --- a/server/files/entrypoint_cron.sh +++ b/server/files/entrypoint_cron.sh @@ -1,29 +1,17 @@ #!/bin/sh -set -e -NC='\033[0m' # No Color -Light_Green='\033[1;32m' -echo (){ - command echo -e $1 -} +cat << EOF > /etc/cron.d/misp +00 0 * * * www-data /var/www/MISP/app/Console/cake Server pull "$CRON_USER_ID" >/dev/stdout 2>/dev/stdout +10 0 * * * www-data /var/www/MISP/app/Console/cake Server push "$CRON_USER_ID" >/dev/stdout 2>/dev/stdout +20 0 * * * www-data /var/www/MISP/app/Console/cake Server cacheFeed "$CRON_USER_ID" all >/dev/stdout 2>/dev/stdout +30 0 * * * www-data /var/www/MISP/app/Console/cake Server fetchFeed "$CRON_USER_ID" all >/dev/stdout 2>/dev/stdout -STARTMSG="${Light_Green}[ENTRYPOINT_CRON]${NC}" +00 1 * * * www-data /var/www/MISP/app/Console/cake Admin updateGalaxies >/dev/stdout 2>/dev/stdout +10 1 * * * www-data /var/www/MISP/app/Console/cake Admin updateTaxonomies >/dev/stdout 2>/dev/stdout +20 1 * * * www-data /var/www/MISP/app/Console/cake Admin updateWarningLists >/dev/stdout 2>/dev/stdout +30 1 * * * www-data /var/www/MISP/app/Console/cake Admin updateNoticeLists >/dev/stdout 2>/dev/stdout +40 1 * * * www-data /var/www/MISP/app/Console/cake Admin updateObjectTemplates >/dev/stdout 2>/dev/stdout -# Wait until entrypoint apache is ready -while (true) -do - sleep 2 - [ -f /entrypoint_apache.install ] && continue - break -done - -[ -n "$CRON_INTERVAL" ] && INTERVAL="$CRON_INTERVAL" -( [ -z "$CRON_INTERVAL" ] || [ "$CRON_INTERVAL" = 0 ] ) && echo "$STARTMSG Deactivate cron job." && exit -[ -z "$CRON_USER_ID" ] && USER_ID=1 - - -# wait for the first round -echo "$STARTMSG Wait $INTERVAL seconds, then start the first intervall." && sleep "$INTERVAL" -# start cron job -echo "$STARTMSG Start cron job" && misp_cron.sh "$INTERVAL" "$USER_ID" +EOF +cron -f diff --git a/server/files/etc/supervisor/supervisor.conf b/server/files/etc/supervisor/supervisor.conf index cfa2033..fcb011c 100644 --- a/server/files/etc/supervisor/supervisor.conf +++ b/server/files/etc/supervisor/supervisor.conf @@ -23,6 +23,7 @@ stderr_logfile_maxbytes=0 autostart=true [program:cron] +environment=CRON_USER_ID=%(ENV_CRON_USER_ID)s command=/entrypoint_cron.sh stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 diff --git a/server/files/usr/local/bin/misp_cron.sh b/server/files/usr/local/bin/misp_cron.sh deleted file mode 100755 index 30689e7..0000000 --- a/server/files/usr/local/bin/misp_cron.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash -set -e - -NC='\033[0m' # No Color -Light_Green='\033[1;32m' -echo (){ - command echo -e $1 -} - -COUNTER="$(date +%Y-%m-%d_%H:%M)" -STARTMSG="${Light_Green}[ENTRYPOINT_CRON] [ $COUNTER ] ${NC}" - - - -if [ -z "$1" ] ; then - # If Interval is empty set interval default to 3600s - INTERVAL=3600 -else - INTERVAL="$1" -fi -if [ -z "$2" ] ; then - # If Interval is empty set interval default to 3600s - USER_ID=1 -else - USER_ID="$2" -fi - - -CAKE="/var/www/MISP/app/Console/cake" - -[ -z "$MYSQL_DATABASE" ] && export MYSQL_DATABASE=misp -[ -z "$MYSQL_HOST" ] && export MYSQL_HOST=misp-db -[ -z "$MYSQL_ROOT_PASSWORD" ] && echo "$STARTMSG No MYSQL_ROOT_PASSWORD is set. Exit now." && exit 1 -[ -z "$MYSQL_PORT" ] && export MYSQL_PORT=3306 -[ -z "$MYSQL_USER" ] && export MYSQL_USER=misp -[ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" - -check_mysql_and_get_auth_key(){ - # Test when MySQL is ready - - # wait for Database come ready - isDBup () { - echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null - echo $? - } - - RETRY=10 - until [ $(isDBup) -eq 0 ] || [ $RETRY -le 0 ] ; do - echo "Waiting for database to come up" - sleep 5 - RETRY=$(( $RETRY - 1)) - done - if [ $RETRY -le 0 ]; then - >&2 echo "Error: Could not connect to Database on $MYSQL_HOST:$MYSQL_PORT" - exit 1 - else - # get AUTH_KEY - export AUTH_KEY=$(echo "SELECT authkey FROM users where id = '$USER_ID';" | $MYSQLCMD) - fi - -} - -# Wait until MySQL is ready and get the AUTH_KEXY -check_mysql_and_get_auth_key - - -while(true) -do - # Administering MISP via the CLI - # Certain administrative tasks are exposed to the API, these help with maintaining and configuring MISP in an automated way / via external tools.: - # GetSettings: MISP/app/Console/cake Admin getSetting [setting] - # SetSettings: MISP/app/Console/cake Admin getSetting [setting] [value] - # GetAuthkey: MISP/app/Console/cake Admin getauthkey [email] - # SetBaseurl: MISP/app/Console/cake Baseurl setbaseurl [baseurl] - # ChangePassword: MISP/app/Console/cake Password [email] [new_password] - - # Automating certain console tasks - # If you would like to automate tasks such as caching feeds or pulling from server instances, you can do it using the following command line tools. Simply execute the given commands via the command line / create cron jobs easily out of them.: - # Pull: MISP/app/Console/cake Server pull [user_id] [server_id] [full|update] - # Push: MISP/app/Console/cake Server push [user_id] [server_id] - # CacheFeed: MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp] - # FetchFeed: MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp] - # Enrichment: MISP/app/Console/cake Event enrichEvent [user_id] [event_id] [json_encoded_module_list] - - # START the SCRIPT - # Set time and date - COUNTER="$(date +%Y-%m-%d_%H:%M)" - - # Start Message - echo "$STARTMSG Start MISP-dockerized Cronjob at $COUNTER... " - - # Pull: MISP/app/Console/cake Server pull [user_id] [server_id] [full|update] - echo "$STARTMSG $CAKE Server pull $USER_ID..." && $CAKE Server pull "$USER_ID" - - # Push: MISP/app/Console/cake Server push [user_id] [server_id] - echo "$STARTMSG $CAKE Server push $USER_ID..." && $CAKE Server push "$USER_ID" - - # CacheFeed: MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp] - echo "$STARTMSG $CAKE Server cacheFeed $USER_ID all..." && $CAKE Server cacheFeed "$USER_ID" all - - #FetchFeed: MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp] - echo "$STARTMSG $CAKE Server fetchFeed $USER_ID all..." && $CAKE Server fetchFeed "$USER_ID" all - - # End Message - echo "$STARTMSG Finished MISP-dockerized Cronjob at $(date +%Y-%m-%d_%H:%M) and wait $INTERVAL seconds... " - - # Wait this time - sleep "$INTERVAL" -done \ No newline at end of file diff --git a/server/files/usr/local/bin/misp_update.sh b/server/files/usr/local/bin/misp_update.sh deleted file mode 100755 index 8a4afec..0000000 --- a/server/files/usr/local/bin/misp_update.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -ex - -NC='\033[0m' # No Color -Light_Green='\033[1;32m' -echo (){ - command echo -e $1 -} - -STARTMSG="${Light_Green}[UPDATE_MISP]${NC}" - - -[ -z $CAKE ] && export CAKE="$MISP_APP_PATH/Console/cake" - -# Init MISP and create user -while true -do - # copy auth_key - export AUTH_KEY=$(docker exec misp-server bash -c 'mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE -e "SELECT authkey FROM users;" | head -2|tail -1') - - # initial user if all is good auth_key is return - [ -z $AUTH_KEY ] && export AUTH_KEY=$(docker exec misp-server bash -c "sudo -E /var/www/MISP/app/Console/cake userInit -q") && echo "new Auth_Key: $AUTH_KEY" - - # if user is initalized but mysql is not ready continue - [ "$AUTH_KEY" == "Script aborted: MISP instance already initialised." ] && continue - - # if the auth_key is save go out - [ -z $AUTH_KEY ] || break - - # wait 5 seconds - sleep 5 -done - - - -# Update the galaxies… -echo "$STARTMSG Update Galaxies..." && sudo "$CAKE" Admin updateGalaxies -# Updating the taxonomies… -echo "$STARTMSG Update Taxonomies..." && sudo "$CAKE" Admin updateTaxonomies -# Updating the warning lists… -echo "$STARTMSG Update WarningLists..." && sudo "$CAKE" Admin updateWarningLists -# Updating the notice lists… -echo "$STARTMSG Update NoticeLists..." && sudo "$CAKE" Admin updateNoticeLists -#curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update - -# Updating the object templates… -echo "$STARTMSG Update Object Templates..." && sudo "$CAKE" Admin updateObjectTemplates -#curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update - -exit \ No newline at end of file