From 15c85d943f29a48d498cb3da2df615c874a96ea8 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Wed, 11 Jul 2018 14:17:08 +0200
Subject: [PATCH] chg: [cake] Added $CAKE to make the cake config lines more
 legible

---
 scripts/bootstrap.sh | 193 ++++++++++++++++++++++++++-----------------
 1 file changed, 119 insertions(+), 74 deletions(-)

diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh
index aac5615..c7c6e62 100644
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@@ -41,6 +41,12 @@ DEFAULT_GRUB=/etc/default/grub
 # Ubuntu version
 UBUNTU_VERSION="$(lsb_release -r -s)"
 
+# MISP Configurables
+PATH_TO_MISP='/var/www/MISP'
+CAKE="${PATH_TO_MISP}/app/Console/cake"
+MISP_BASEURL=''
+MISP_LIVE='1'
+
 # Database configuration
 DBHOST='localhost'
 DBNAME='misp'
@@ -50,9 +56,6 @@ DBUSER_MISP='misp'
 DBPASSWORD_MISP="$(openssl rand -hex 32)"
 
 # Webserver configuration
-PATH_TO_MISP='/var/www/MISP'
-MISP_BASEURL=''
-MISP_LIVE='1'
 FQDN='localhost'
 
 # Timing creation
@@ -79,7 +82,7 @@ upload_max_filesize=50M
 post_max_size=50M
 max_execution_time=300
 memory_limit=512M
-PHP_INI=/etc/php/7.1/apache2/php.ini
+PHP_INI='/etc/php/7.1/apache2/php.ini'
 ## Starting Ubuntu 18.04 php71 is default
 ##vercomp 18.04 ${UBUNTU_VERSION}
 ##case $? in
@@ -87,8 +90,6 @@ PHP_INI=/etc/php/7.1/apache2/php.ini
 ##    1) op='>';PHP_INI='/etc/php/7.1/apache2/php.ini';;
 ##    2) op='<';PHP_INI='/etc/php/7.0/apache2/php.ini';;
 ##esac
-PHP_INI='/etc/php/7.1/apache2/php.ini'
-
 
 
 echo "--- Installing MISP… ---"
@@ -399,94 +400,138 @@ EOF
 sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
 sudo chmod -R 750 $PATH_TO_MISP/app/Config
 # Set some MISP directives with the command line tool
-sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
+$CAKE Live $MISP_LIVE
 
 # Enable ZeroMQ
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
+$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
+$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
+$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
+$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
+$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
+$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
+$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
+$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
 
 # Enable GnuPG
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "GnuPG.email" "admin@admin.test"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "GnuPG.password" "Password1234"
+$CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
+$CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
+$CAKE Admin setSetting "GnuPG.password" "Password1234"
 
 # Enable Enrichment set better timeouts
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_timeout" 300
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_timeout" 150
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_cve_enabled" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_dns_enabled" true
+$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
+$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
+$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
+$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
+$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
+$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
+$CAKE Amdin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
+$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
 
 # Enable Import modules set better timout
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_timeout" 300
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_ocr_enabled" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_csvimport_enabled" true
+$CAKE Admin setSetting "Plugin.Import_services_enable" true
+$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
+$CAKE Admin setSetting "Plugin.Import_services_port" 6666
+$CAKE Admin setSetting "Plugin.Import_timeout" 300
+$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
+$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
 
 # Enable Export modules set better timout
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_timeout" 300
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_pdfexport_enabled" true
+$CAKE Admin setSetting "Plugin.Export_services_enable" true
+$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
+$CAKE Admin setSetting "Plugin.Export_services_port" 6666
+$CAKE Admin setSetting "Plugin.Export_timeout" 300
+$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
 
 # Enable installer org and tune some configurables
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disable_emailing" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.contact" "info@admin.test"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disablerestalert" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.showCorrelationsOnIndex" true
+$CAKE Admin setSetting "MISP.host_org_id" 1
+$CAKE Admin setSetting "MISP.email" "info@admin.test"
+$CAKE Admin setSetting "MISP.disable_emailing" true
+$CAKE Admin setSetting "MISP.contact" "info@admin.test"
+$CAKE Admin setSetting "MISP.disablerestalert" true
+$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
 
 # Provisional Cortex tunes
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_enable" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_port" 9000
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_timeout" 120
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_authkey" ""
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_ssl_verify_host" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
+$CAKE Admin setSetting "Plugin.Cortex_services_enable" false
+$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+$CAKE Admin setSetting "Plugin.Cortex_timeout" 120
+$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
+$CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
+$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
+$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
+$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
+
+# Various plugin sightings settings
+$CAKE Admin setSetting "Plugin.Sightings_policy" 0
+$CAKE Admin setSetting "Plugin.Sightings_anonymise" false
+$CAKE Admin setSetting "Plugin.Sightings_range" 365
+
+# Plugin CustomAuth tuneable
+$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
+
+# RPZ Plugin settings
+
+$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
+$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
+$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
+$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
+$CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
+$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
+$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
+$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
+$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
+$CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
+$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
 
 # Force defaults to make MISP Server Settings less RED
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.language" "eng"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.proposals_block_attributes" false
+$CAKE Admin setSetting "MISP.language" "eng"
+$CAKE Admin setSetting "MISP.proposals_block_attributes" false
 ## Redis block
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_port" 6379
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_database" 13
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_password" ""
+$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
+$CAKE Admin setSetting "MISP.redis_port" 6379
+$CAKE Admin setSetting "MISP.redis_database" 13
+$CAKE Admin setSetting "MISP.redis_password" ""
 
 # Force defaults to make MISP Server Settings less YELLOW
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.ssdeep_correlation_threshold" 40
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.extended_alert_subject" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.default_event_threat_level" 4
-#sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.newUserText" "Dear new MISP user,\n\nWe would hereby like to welcome you to the $org MISP community.\n\n Use the credentials below to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nPassword: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team"
-#sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.passwordResetText" "Dear MISP user,\n\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nYour temporary password: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team"
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.enableEventBlacklisting" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.enableOrgBlacklisting" true
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.log_client_ip" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.log_auth" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disableUserSelfManagement" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.block_event_alert" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.block_old_event_alert" false
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.block_old_event_alert_age" ""
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.incoming_tags_disabled_by_default" false
+$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
+$CAKE Admin setSetting "MISP.extended_alert_subject" false
+$CAKE Admin setSetting "MISP.default_event_threat_level" 4
+$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+$CAKE Admin setSetting "MISP.enableEventBlacklisting" true
+$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
+$CAKE Admin setSetting "MISP.log_client_ip" false
+$CAKE Admin setSetting "MISP.log_auth" false
+$CAKE Admin setSetting "MISP.disableUserSelfManagement" false
+$CAKE Admin setSetting "MISP.block_event_alert" false
+$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
+$CAKE Admin setSetting "MISP.block_old_event_alert" false
+$CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
+$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
+$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated VM"
+$CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
+$CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated VM, please configure"
+$CAKE Admin setSetting "MISP.welcome_text_bottom" "This VM has been downloaded from https://www.circl.lu/misp-images/latest/"
+
 
 # Force defaults to make MISP Server Settings less GREEN
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Security.password_policy_length" 12
-# sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" "/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/"
+$CAKE Admin setSetting "Security.password_policy_length" 12
+# $CAKE Admin setSetting "Security.password_policy_complexity" "/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/"
 
 # Tune global time outs
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.autoRegenerate" 0
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.timeout" 600
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.cookie_timeout" 3600
+$CAKE Admin setSetting "Session.autoRegenerate" 0
+$CAKE Admin setSetting "Session.timeout" 600
+$CAKE Admin setSetting "Session.cookie_timeout" 3600
 
 echo "--- Generating a GPG encryption key… ---"
 sudo apt-get install -y rng-tools haveged
@@ -655,7 +700,7 @@ echo "--- Updating the object templates… ---"
 curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/objectTemplates/update
 
 echo "--- Setting Baseurl ---"
-sudo $PATH_TO_MISP/app/Console/cake Baseurl ""
+$CAKE Baseurl ""
 
 echo "--- Enabling MISP new pub/sub feature (ZeroMQ)… ---"
 sudo apt-get install -y pkg-config python-redis python-zmq python3-zmq > /dev/null 2>&1
@@ -691,8 +736,8 @@ echo "--- autoremove for apt ---"
 apt-get autoremove
 
 echo "--- Setting Baseurl and making sure Sessions do NOT auto regenerate ---"
-sudo $PATH_TO_MISP/app/Console/cake Baseurl ""
-sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.autoRegenerate" 0
+$CAKE Baseurl ""
+$CAKE Admin setSetting "Session.autoRegenerate" 0
 
 echo "\e[32mMISP is ready\e[0m"
 echo "Login and passwords for the MISP image are the following:"