diff --git a/manifests/config.pp b/manifests/config.pp index d2ea7a8..2f58b09 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -80,7 +80,7 @@ ensure => file, owner => $misp::default_user, group => $misp::default_group, - content => template('misp/bootstrap.php.erb'), + content => epp('misp/bootstrap.php.epp', { auth_method => $misp::security_auth_method }), subscribe => Exec['Directory permissions'], } @@ -88,7 +88,16 @@ ensure => file, owner => $misp::default_user, group => $misp::default_group, - content => template('misp/core.php.erb'), + content => epp('misp/core.php.epp', { + level => $misp::security_level, + salt => $misp::security_salt, + cipher_seed => $misp::security_cipher_seed, + auto_regenerate => $misp::session_auto_regenerate, + check_agent => $misp::session_check_agent, + defaults => $misp::session_defaults, + timeout => $misp::session_timeout, + cookie_timeout => $misp::session_cookie_timeout, + }), subscribe => Exec['Directory permissions'], } @@ -97,7 +106,13 @@ owner => $misp::default_user, group => $misp::default_group, mode => '0640', - content => template('misp/database.php.erb'), + content => epp('misp/database.php.epp', { + host => $misp::db_host, + user => $misp::db_user, + port => $misp::db_port, + password => $misp::db_password, + db_name => $misp::db_name, + }), subscribe => Exec['Directory permissions'], } @@ -106,7 +121,7 @@ owner => $misp::default_user, group => $misp::default_group, mode => '0640', - content => template('misp/config.php.erb'), + content => epp('misp/config.php.epp', { context => Class[misp] }), seltype => 'httpd_sys_rw_content_t', subscribe => Exec['Directory permissions'], } diff --git a/manifests/init.pp b/manifests/init.pp index ed6ed15..4139f21 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,232 +22,265 @@ String $pydeep_git_tag = '60b0a00ba7f30cfa21ff92d871799685bc612cad', String $lief_git_repo = 'https://github.com/lief-project/LIEF.git', String $lief_git_tag = '0.9.0', - # - Boolean $install_mariadb = true, - String $mariadb_service = 'rh-mariadb102-mariadb', - Boolean $manage_scl = true, - Array[String] $worker_scls = ['rh-mariadb102'], - String $redis_service = 'redis', + String $php_version = 'php72', Boolean $manage_haveged = true, # Whether to manage Python or not. Please note that python dev needs to be # present in order to be able to install some of the MISP dependencies Boolean $manage_python = true, + Boolean $manage_scl = true, + Boolean $install_mariadb = true, Boolean $use_venv = true, Boolean $pymisp_rpm = false, Boolean $lief = false, Boolean $build_lief = false, - $lief_package_name = '', + Optional[String] $lief_package_name = undef, # # Services - $webservername = 'httpd', - $redis_server = true, - # # database.php - $db_name = 'misp', - $db_user = 'misp', - $db_host = 'localhost', - $db_port = '3306', - $db_password = '', - # # Redis DB - $redis_host = '127.0.0.1', - $redis_port = 6379, - $redis_database = 13, - $redis_password = undef, - # # config.php - $debug = 0, - $site_admin_debug = false, - # # MISP puppet configuration - $install_dir = '/var/www/MISP/', - $config_dir = '/var/www/MISP/app/Config/', + String $webservername = 'httpd', + Boolean $redis_server = true, + String $redis_service = 'redis', + String $mariadb_service = 'rh-mariadb102-mariadb', + Array[String] $worker_scls = ['rh-mariadb102'], + + ## MISP puppet configuration + Stdlib::Unixpath $install_dir = '/var/www/MISP', + Stdlib::Unixpath $config_dir = "${install_dir}/app/Config", Stdlib::Unixpath $venv_dir = "${install_dir}/venv", - Optional[String] $python_bin = $use_venv ? { true => "${venv_dir}/bin/python3", false => undef }, - $timezone = 'UTC', - $default_user = 'apache', - $default_group = 'apache', - $default_high_user = 'root', - $default_high_group = 'apache', - # # Security - $security_level = 'medium', - $salt = 'Rooraenietu8Eeyo "${venv_dir}/bin/python3", false => undef }, + Optional[Boolean] $disable_auto_logout = undef, + Optional[Integer[1,100]] $ssdeep_correlation_threshold = undef, + Optional[Integer] $max_correlations_per_event = undef, + Optional[Boolean] $disable_cached_exports = undef, + Optional[String] $org = undef, + Optional[Boolean] $background_jobs = undef, + Optional[Boolean] $cached_attachments = undef, + Optional[String] $contact = undef, + Optional[Stdlib::HTTPUrl] $cveurl = undef, + Optional[Boolean] $disablerestalert = undef, + Optional[Boolean] $extended_alert_subject = undef, + Optional[Integer[1,4]] $default_event_threat_level = undef, + Optional[Boolean] $tagging = undef, + Optional[String] $new_user_text = undef, + Optional[String] $password_reset_text = undef, + Optional[Boolean] $enable_event_blacklisting = undef, + Optional[Boolean] $enable_org_blacklisting = undef, + Optional[Boolean] $log_client_ip = undef, + Optional[Boolean] $log_auth = undef, + Optional[Boolean] $delegation = undef, + Optional[Boolean] $show_correlations_on_index = undef, + Optional[Boolean] $show_proposals_count_on_index = undef, + Optional[Boolean] $show_sightings_count_on_index = undef, + Optional[Boolean] $show_discussions_count_on_index = undef, + Optional[Boolean] $disable_user_self_management = undef, + Optional[Boolean] $block_event_alert = undef, + Optional[String] $block_event_alert_tag = undef, + Optional[Boolean] $block_old_event_alert = undef, + Optional[Integer] $block_old_event_alert_age = undef, + Optional[Stdlib::Unixpath] $tmpdir = undef, + Optional[Boolean] $incoming_tags_disabled_by_default = undef, + Optional[Boolean] $deadlock_avoidance = undef, + # (optional) + Optional[String] $maintenance_message = undef, + Optional[String] $footermidleft = undef, + Optional[String] $footermidright = undef, + Optional[String] $footer_logo = undef, + Optional[String] $home_logo = undef, + Optional[String] $main_logo = undef, + Optional[Boolean] $threatlevel_in_email_subject = undef, + Optional[String] $email_subject_tlp_string = undef, + Optional[String] $email_subject_tag = undef, + Optional[Boolean] $email_subject_include_tag_name = undef, + Optional[String] $attachments_dir = undef, + Optional[Boolean] $download_attachments_on_load = undef, + Optional[Integer[0,2]] $full_tags_on_event_index = undef, + Optional[String] $welcome_text_top = undef, + Optional[String] $welcome_text_bottom = undef, + Optional[String] $welcome_logo = undef, + Optional[String] $welcome_logo2 = undef, + Optional[String] $title_text = undef, + Optional[Boolean] $take_ownership_xml_import = undef, + Optional[Boolean] $terms_download = undef, + Optional[String] $terms_file = undef, + Optional[Boolean] $showorgalternate = undef, + Optional[Boolean] $unpublishedprivate = undef, + Optional[String] $custom_css = undef, + Optional[String] $event_view_filter_fields = undef, + Optional[Boolean] $manage_workers = undef, + + ## GnuPG section + # (critical) + Boolean $gpg_onlyencrypted = false, + String $gpg_email = 'no-reply@localhost', + Stdlib::Unixpath $gpg_homedir = "${install_dir}/.gnupg", + # (recommended) + Optional[String] $gpg_password = undef, + # (optional) + Optional[Stdlib::Unixpath] $gpg_binary = undef, + Optional[Boolean] $gpg_bodyonlyencrypted = undef, + Optional[Boolean] $gpg_sign = undef, + + ## SMIME section + # (optional) + Optional[Boolean] $smime_enabled = undef, + Optional[String] $smime_email = undef, + Optional[Stdlib::Unixpath] $smime_cert_public_sign = undef, + Optional[Stdlib::Unixpath] $smime_key_sign = undef, + Optional[String] $smime_password = undef, + + ## Proxy section + # (optional) + Optional[String] $proxy_host = undef, + Optional[Integer] $proxy_port = undef, + Optional[Enum['Basic','Digest']] $proxy_method = undef, + Optional[String] $proxy_user = undef, + Optional[String] $proxy_password = undef, + + ## Session section + # (critical) + Boolean $session_auto_regenerate = true, + Boolean $session_check_agent = false, + Optional[String] $session_cookie = undef, + Enum['php','database','cake','cache'] $session_defaults = 'php', + Integer $session_timeout = 60, + Integer $session_cookie_timeout = 1440, + + ## Plugins + Integer $rpz_policy = 0, + String $rpz_walled_garden = '127.0.0.1', + String $rpz_serial = '$date00', + String $rpz_refresh = '2h', + String $rpz_retry = '30m', + String $rpz_expiry = '30d', + String $rpz_minimum_ttl = '1h', + String $rpz_ttl = '1w', + String $rpz_ns = 'localhost', + String $rpz_ns_alt = '', + String $rpz_email = 'root.localhost', + Boolean $zeromq_enable = false, + Integer $zeromq_port = 50000, + String $zeromq_redis_host = 'localhost', + Integer $zeromq_redis_port = 6379, + String $zeromq_redis_password = '', + String $zeromq_redis_database = '1', + String $zeromq_redis_namespace = 'mispq', + Boolean $zeromq_include_attachments = false, + Boolean $zeromq_event_notifications_enable = false, + Boolean $zeromq_object_notifications_enable = false, + Boolean $zeromq_object_reference_notifications_enable = false, + Boolean $zeromq_attribute_notifications_enable = false, + Boolean $zeromq_tag_notifications_enable = false, + Boolean $zeromq_audit_notifications_enable = false, + Boolean $elasticsearch_logging_enable = false, + String $elasticsearch_connection_string = '', + String $elasticsearch_log_index = '', + Boolean $syslog = false, + Boolean $sightings_enable = false, + Integer $sightings_policy = 0, + Boolean $sightings_anonymise = false, + Integer $sightings_range = 365, + Boolean $customauth_enable = false, + String $customauth_header = 'Authorization', + Boolean $customauth_use_header_namespace = true, + String $customauth_header_namespace = 'HTTP_', + Boolean $customauth_required = false, + String $customauth_only_allow_source = '', + String $customauth_name = 'External authentication', + Boolean $customauth_disable_logout = false,# TODO + String $customauth_custom_password_reset = '', + String $customauth_custom_logout = '', + Boolean $enrichment_services_enable = true, + Integer $enrichment_timeout = 10, + Boolean $enrichment_hover_enable = true, + Integer $enrichment_hover_timeout = 5, + String $enrichment_services_url = 'http://127.0.0.1', + Integer $enrichment_services_port = 6666, + Boolean $import_services_enable = true, + Integer $import_timeout = 10, + String $import_services_url = 'http://127.0.0.1', + Integer $import_services_port = 6666, + String $export_services_url = 'http://127.0.0.1', + Integer $export_services_port = 6666, + Boolean $export_services_enable = true, + Integer $export_timeout = 10, + Boolean $cortex_services_enable = false, + String $cortex_services_url = 'http://127.0.0.1/api', + Integer $cortex_services_port = 9000, + String $cortex_authkey = '', + Integer $cortex_timeout = 120, + Boolean $cortex_ssl_verify_peer = true, + Boolean $cortex_ssl_verify_host = true, + Boolean $cortex_ssl_allow_self_signed = false, + String $cortex_ssl_cafile = '', # ApacheShibbAuth - $shib_use_default_org = false, - $shib_default_org = '1', - $egroup_role_match = {}, + Boolean $shib_use_default_org = false, + String $shib_default_org = '1', + Hash $egroup_role_match = {}, ) { contain '::misp::dependencies' diff --git a/manifests/install.pp b/manifests/install.pp index 66c010d..7652220 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -111,6 +111,7 @@ revision => $misp::cybox_git_tag, owner => $misp::default_user, group => $misp::default_group, + require => Vcsrepo[$misp::install_dir], } vcsrepo { "${misp::install_dir}/app/files/scripts/python-stix": @@ -121,6 +122,7 @@ revision => $misp::stix_git_tag, owner => $misp::default_user, group => $misp::default_group, + require => Vcsrepo[$misp::install_dir], } vcsrepo { "${misp::install_dir}/app/files/scripts/mixbox": @@ -131,6 +133,7 @@ revision => $misp::mixbox_git_tag, owner => $misp::default_user, group => $misp::default_group, + require => Vcsrepo[$misp::install_dir], } vcsrepo { "${misp::install_dir}/app/files/scripts/python-maec": @@ -141,6 +144,7 @@ revision => $misp::maec_git_tag, owner => $misp::default_user, group => $misp::default_group, + require => Vcsrepo[$misp::install_dir], } vcsrepo { "${misp::install_dir}/app/files/scripts/pydeep": @@ -151,6 +155,7 @@ revision => $misp::pydeep_git_tag, owner => $misp::default_user, group => $misp::default_group, + require => Vcsrepo[$misp::install_dir], } if $misp::build_lief { @@ -162,6 +167,7 @@ revision => $misp::lief_git_tag, provider => git, force => false, + require => Vcsrepo[$misp::install_dir], } Exec <| title == 'Create MISP virtualenv' |> @@ -250,7 +256,8 @@ exec { default: - cwd => "${misp::install_dir}/"; + cwd => "${misp::install_dir}/", + require => Vcsrepo[$misp::install_dir]; 'Pear install Console_CommandLine': creates => "/opt/rh/rh-${misp::php_version}/root/usr/share/pear/Console/CommandLine.php", @@ -272,9 +279,10 @@ file { default: - ensure => directory, - owner => $misp::default_user, - group => $misp::default_group; + ensure => directory, + owner => $misp::default_user, + group => $misp::default_group, + require => Vcsrepo[$misp::install_dir]; '/usr/share/httpd/.composer':; "${misp::install_dir}/app/Plugin/CakeResque":; @@ -283,8 +291,9 @@ "${misp::install_dir}/app/vendor":; } file { "${misp::install_dir}/app/Vendor": - ensure => link, - target => "${misp::install_dir}/app/vendor", + ensure => link, + target => "${misp::install_dir}/app/vendor", + require => Vcsrepo[$misp::install_dir], } file { @@ -293,7 +302,8 @@ content => '{}', owner => $misp::default_user, group => $misp::default_group, - replace => false; + replace => false, + require => Vcsrepo[$misp::install_dir]; "${misp::install_dir}/app/composer.json":; "${misp::install_dir}/app/composer.lock":; @@ -330,12 +340,14 @@ file { "/etc/opt/rh/rh-${misp::php_version}/php-fpm.d/timezone.ini": ensure => file, content => "date.timezone = '${misp::timezone}'", + require => Package["rh-${misp::php_version}-php-fpm"], } file { "/etc/opt/rh/rh-${misp::php_version}/php.d/99-timezone.ini": ensure => link, target => "/etc/opt/rh/rh-${misp::php_version}/php-fpm.d/timezone.ini", subscribe => File["/etc/opt/rh/rh-${misp::php_version}/php-fpm.d/timezone.ini"], + require => Package["rh-${misp::php_version}"], } @@ -356,9 +368,12 @@ } file{"${misp::install_dir}/app/Console/worker/start.sh": - owner => $misp::default_high_user, - group => $misp::default_high_group, - mode => '+x', + ensure => file, + owner => $misp::default_high_user, + group => $misp::default_high_group, + mode => '+x', + replace => false, + require => Vcsrepo[$misp::install_dir], } # Logrotate diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index 7f7f7e8..caa4600 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -11,7 +11,7 @@ it { is_expected.to contain_class('Misp::Config').that_requires('Class[Misp::Install]') } context 'With default values' do it do - is_expected.to contain_file('/var/www/MISP//app/Plugin/CakeResque/Config/config.php'). + is_expected.to contain_file('/var/www/MISP/app/Plugin/CakeResque/Config/config.php'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -21,37 +21,37 @@ it do is_expected.to contain_exec('Directory permissions'). - with_command(%r{(root).*(apache).*(/var/www/MISP/)}). + with_command(%r{(root).*(apache).*(/var/www/MISP)}). with_refreshonly('true'). - that_requires('File[/var/www/MISP//app/Plugin/CakeResque/Config/config.php]'). + that_requires('File[/var/www/MISP/app/Plugin/CakeResque/Config/config.php]'). that_subscribes_to('Exec[CakeResque install]') end it do - is_expected.to contain_file('/var/www/MISP//app/files'). + is_expected.to contain_file('/var/www/MISP/app/files'). with_ensure('directory'). with_owner('apache'). with_group('apache'). that_subscribes_to('Exec[Directory permissions]'). - that_notifies(['File[/var/www/MISP//app/files/terms]', 'File[/var/www/MISP//app/files/scripts/tmp]']) + that_notifies(['File[/var/www/MISP/app/files/terms]', 'File[/var/www/MISP/app/files/scripts/tmp]']) end it do - is_expected.to contain_file('/var/www/MISP//app/files/scripts/tmp'). + is_expected.to contain_file('/var/www/MISP/app/files/scripts/tmp'). with_ensure('directory'). with_owner('apache'). with_group('apache') end it do - is_expected.to contain_file('/var/www/MISP//app/files/terms'). + is_expected.to contain_file('/var/www/MISP/app/files/terms'). with_ensure('directory'). with_owner('apache'). with_group('apache') end it do - is_expected.to contain_file('/var/www/MISP//app/Plugin/CakeResque/tmp'). + is_expected.to contain_file('/var/www/MISP/app/Plugin/CakeResque/tmp'). with_ensure('directory'). with_owner('apache'). with_group('apache'). @@ -59,41 +59,41 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/tmp'). + is_expected.to contain_file('/var/www/MISP/app/tmp'). with_ensure('directory'). with_owner('apache'). with_group('apache'). that_subscribes_to('Exec[Directory permissions]'). - that_notifies('File[/var/www/MISP//app/tmp/logs/]') + that_notifies('File[/var/www/MISP/app/tmp/logs/]') end it do - is_expected.to contain_file('/var/www/MISP//app/webroot/img/orgs'). + is_expected.to contain_file('/var/www/MISP/app/webroot/img/orgs'). with_ensure('directory'). with_owner('apache'). with_group('apache'). that_subscribes_to('Exec[Directory permissions]'). - that_notifies('File[/var/www/MISP//app/tmp/logs/]') + that_notifies('File[/var/www/MISP/app/tmp/logs/]') end it do - is_expected.to contain_file('/var/www/MISP//app/webroot/img/custom'). + is_expected.to contain_file('/var/www/MISP/app/webroot/img/custom'). with_ensure('directory'). with_owner('apache'). with_group('apache'). that_subscribes_to('Exec[Directory permissions]'). - that_notifies('File[/var/www/MISP//app/tmp/logs/]') + that_notifies('File[/var/www/MISP/app/tmp/logs/]') end it do - is_expected.to contain_file('/var/www/MISP//app/tmp/logs/'). + is_expected.to contain_file('/var/www/MISP/app/tmp/logs/'). with_ensure('directory'). with_owner('apache'). with_group('apache') end it do - is_expected.to contain_file('/var/www/MISP/app/Config//bootstrap.php'). + is_expected.to contain_file('/var/www/MISP/app/Config/bootstrap.php'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -101,7 +101,7 @@ end it do - is_expected.to contain_file('/var/www/MISP/app/Config//core.php'). + is_expected.to contain_file('/var/www/MISP/app/Config/core.php'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -109,7 +109,7 @@ end it do - is_expected.to contain_file('/var/www/MISP/app/Config//config.php'). + is_expected.to contain_file('/var/www/MISP/app/Config/config.php'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -117,7 +117,7 @@ end it do - is_expected.to contain_file('/var/www/MISP/app/Config//database.php'). + is_expected.to contain_file('/var/www/MISP/app/Config/database.php'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -129,7 +129,7 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/Console/worker/start.sh'). + is_expected.to contain_file('/var/www/MISP/app/Console/worker/start.sh'). with_owner('root'). with_group('apache') end diff --git a/spec/classes/install_spec.rb b/spec/classes/install_spec.rb index de110d2..f9991fd 100644 --- a/spec/classes/install_spec.rb +++ b/spec/classes/install_spec.rb @@ -11,29 +11,29 @@ it { is_expected.to contain_class('Misp::Install').that_requires('Class[Misp::Dependencies]') } context 'With default values' do it do - is_expected.to contain_vcsrepo('/var/www/MISP/'). + is_expected.to contain_vcsrepo('/var/www/MISP'). with_ensure('present'). with_revision(%r{v2.4.[0-9]*}) end it do - is_expected.to contain_file('/var/www/MISP//.git/ORIG_HEAD'). + is_expected.to contain_file('/var/www/MISP/.git/ORIG_HEAD'). with_ensure('file'). with_owner('apache'). with_group('apache'). with_replace(false). - that_requires('Vcsrepo[/var/www/MISP/]') + that_requires('Vcsrepo[/var/www/MISP]') end it do is_expected.to contain_exec('git ignore permissions'). - with_cwd(%r{/var/www/MISP/}). - that_subscribes_to('Vcsrepo[/var/www/MISP/]'). - that_notifies(['Vcsrepo[/var/www/MISP//app/files/scripts/python-cybox]', 'Vcsrepo[/var/www/MISP//app/files/scripts/python-stix]']) + with_cwd('/var/www/MISP'). + that_subscribes_to('Vcsrepo[/var/www/MISP]'). + that_notifies(['Vcsrepo[/var/www/MISP/app/files/scripts/python-cybox]', 'Vcsrepo[/var/www/MISP/app/files/scripts/python-stix]']) end it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/python-stix'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/python-stix'). with_ensure('present'). with_source('https://github.com/STIXProject/python-stix.git'). with_revision('v1.2.0.6') @@ -41,15 +41,15 @@ it do is_expected.to contain_exec('Install python-stix'). - with_cwd('/var/www/MISP//app/files/scripts/python-stix/'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/python-stix/'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/python-stix]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/python-stix]') end it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/python-cybox'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/python-cybox'). with_ensure('present'). with_source('https://github.com/CybOXProject/python-cybox.git'). with_revision('85f975a89119e63bc2d7a67513b0f18e358c468f') @@ -57,22 +57,22 @@ it do is_expected.to contain_exec('Uninstall old cybox'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install python-cybox'). - with_cwd('/var/www/MISP//app/files/scripts/python-cybox/'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/python-cybox/'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/python-cybox]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/python-cybox]') end it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/mixbox'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/mixbox'). with_ensure('present'). with_source('https://github.com/CybOXProject/mixbox.git'). with_revision('v1.0.3') @@ -80,15 +80,15 @@ it do is_expected.to contain_exec('Install mixbox'). - with_cwd('/var/www/MISP//app/files/scripts/mixbox/'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/mixbox/'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/mixbox]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/mixbox]') end it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/python-maec'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/python-maec'). with_ensure('present'). with_source('https://github.com/MAECProject/python-maec.git'). with_revision('v4.1.0.14') @@ -96,15 +96,15 @@ it do is_expected.to contain_exec('Install python-maec'). - with_cwd('/var/www/MISP//app/files/scripts/python-maec/'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/python-maec/'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/python-maec]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/python-maec]') end it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/pydeep'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/pydeep'). with_ensure('present'). with_source('https://github.com/kbandla/pydeep.git'). with_revision('60b0a00ba7f30cfa21ff92d871799685bc612cad') @@ -112,90 +112,90 @@ it do is_expected.to contain_exec('Install pydeep'). - with_cwd('/var/www/MISP//app/files/scripts/pydeep/'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/pydeep/'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/pydeep]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/pydeep]') end it do is_expected.to contain_exec('Pear install Console_CommandLine'). - with_cwd('/var/www/MISP//') + with_cwd('/var/www/MISP/') end it do is_expected.to contain_exec('Pear install Crypt_GPG'). - with_cwd('/var/www/MISP//') + with_cwd('/var/www/MISP/') end it do - is_expected.to contain_file('/var/www/MISP//venv'). + is_expected.to contain_file('/var/www/MISP/venv'). with_ensure('directory'). with_owner('apache'). with_group('apache'). - that_requires('Vcsrepo[/var/www/MISP/]') + that_requires('Vcsrepo[/var/www/MISP]') end it do is_expected.to contain_exec('Create MISP virtualenv'). - with_creates('/var/www/MISP//venv/bin/activate'). + with_creates('/var/www/MISP/venv/bin/activate'). with_user('apache'). - that_requires('File[/var/www/MISP//venv]') + that_requires('File[/var/www/MISP/venv]') end it do is_expected.to contain_exec('Install python-dateutil'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install python-magic'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install enum34'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install lxml'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install six'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install zmq'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install stix2 v1.1.1'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022') end it do is_expected.to contain_exec('Install pymisp'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). with_umask('0022'). that_requires('Exec[Create MISP virtualenv]') @@ -209,14 +209,14 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/Plugin/CakeResque'). + is_expected.to contain_file('/var/www/MISP/app/Plugin/CakeResque'). with_ensure('directory'). with_owner('apache'). with_group('apache') end it do - is_expected.to contain_file('/var/www/MISP//app/cache'). + is_expected.to contain_file('/var/www/MISP/app/cache'). with_ensure('directory'). with_owner('apache'). with_group('apache'). @@ -224,20 +224,20 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/vendor'). + is_expected.to contain_file('/var/www/MISP/app/vendor'). with_ensure('directory'). with_owner('apache'). with_group('apache') end it do - is_expected.to contain_file('/var/www/MISP//app/Vendor'). + is_expected.to contain_file('/var/www/MISP/app/Vendor'). with_ensure('link'). - with_target('/var/www/MISP//app/vendor') + with_target('/var/www/MISP/app/vendor') end it do - is_expected.to contain_file('/var/www/MISP//app/composer.json'). + is_expected.to contain_file('/var/www/MISP/app/composer.json'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -245,7 +245,7 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/composer.lock'). + is_expected.to contain_file('/var/www/MISP/app/composer.lock'). with_ensure('file'). with_owner('apache'). with_group('apache'). @@ -254,24 +254,24 @@ it do is_expected.to contain_exec('CakeResque require'). - with_cwd('/var/www/MISP//app/'). - with_environment(['COMPOSER_HOME=/var/www/MISP//app/']). + with_cwd('/var/www/MISP/app/'). + with_environment(['COMPOSER_HOME=/var/www/MISP/app/']). with_user('apache'). that_notifies('Exec[CakeResque install]') end it do is_expected.to contain_exec('CakeResque config'). - with_cwd('/var/www/MISP//app/'). - with_environment(['COMPOSER_HOME=/var/www/MISP//app/']). + with_cwd('/var/www/MISP/app/'). + with_environment(['COMPOSER_HOME=/var/www/MISP/app/']). with_refreshonly('true'). that_notifies('Exec[CakeResque install]') end it do is_expected.to contain_exec('CakeResque install'). - with_cwd('/var/www/MISP//app/'). - with_environment(['COMPOSER_HOME=/var/www/MISP//app/']). + with_cwd('/var/www/MISP/app/'). + with_environment(['COMPOSER_HOME=/var/www/MISP/app/']). with_refreshonly('true'). that_notifies(['File[/etc/opt/rh/rh-php72/php-fpm.d/timezone.ini]']) end @@ -294,7 +294,7 @@ end it do - is_expected.to contain_file('/var/www/MISP//app/Console/worker/start.sh'). + is_expected.to contain_file('/var/www/MISP/app/Console/worker/start.sh'). with_owner('root'). with_group('apache'). with_mode('+x') @@ -332,7 +332,7 @@ it { is_expected.to compile.with_all_deps } it do - is_expected.to contain_vcsrepo('/var/www/MISP//app/files/scripts/lief'). + is_expected.to contain_vcsrepo('/var/www/MISP/app/files/scripts/lief'). with_ensure('present'). with_source('https://github.com/lief-project/LIEF.git'). with_revision('0.9.0') @@ -342,39 +342,39 @@ is_expected.to contain_exec('Ensure LIEF build dir'). with_cwd('/'). with_user('apache'). - with_creates('/var/www/MISP//app/files/scripts/lief/build'). - that_requires('Vcsrepo[/var/www/MISP//app/files/scripts/lief]') + with_creates('/var/www/MISP/app/files/scripts/lief/build'). + that_requires('Vcsrepo[/var/www/MISP/app/files/scripts/lief]') end it do is_expected.to contain_exec('Set up LIEF build'). - with_cwd('/var/www/MISP//app/files/scripts/lief/build'). + with_cwd('/var/www/MISP/app/files/scripts/lief/build'). with_user('apache'). - with_creates('/var/www/MISP//app/files/scripts/lief/build/CMakeCache.txt'). + with_creates('/var/www/MISP/app/files/scripts/lief/build/CMakeCache.txt'). that_requires('Exec[Ensure LIEF build dir]'). - that_subscribes_to('Vcsrepo[/var/www/MISP//app/files/scripts/lief]') + that_subscribes_to('Vcsrepo[/var/www/MISP/app/files/scripts/lief]') end it do is_expected.to contain_exec('Compile LIEF'). - with_cwd('/var/www/MISP//app/files/scripts/lief/build'). + with_cwd('/var/www/MISP/app/files/scripts/lief/build'). with_user('apache'). - with_creates('/var/www/MISP//app/files/scripts/lief/build/api/python/_pylief.so'). + with_creates('/var/www/MISP/app/files/scripts/lief/build/api/python/_pylief.so'). that_subscribes_to('Exec[Set up LIEF build]') end it do is_expected.to contain_exec('Uninstall faulty LIEF'). - with_cwd('/var/www/MISP//app/files/scripts/lief/build'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/lief/build'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). that_notifies('Exec[Install LIEF]') end it do is_expected.to contain_exec('Install LIEF'). - with_cwd('/var/www/MISP//app/files/scripts/lief/build/api/python'). - with_path(%w[/var/www/MISP//venv/bin /usr/bin /bin]). + with_cwd('/var/www/MISP/app/files/scripts/lief/build/api/python'). + with_path(%w[/var/www/MISP/venv/bin /usr/bin /bin]). with_user('apache'). that_subscribes_to('Exec[Compile LIEF]') end diff --git a/templates/bootstrap.php.erb b/templates/bootstrap.php.epp similarity index 91% rename from templates/bootstrap.php.erb rename to templates/bootstrap.php.epp index 5fce98f..7c6a71c 100644 --- a/templates/bootstrap.php.erb +++ b/templates/bootstrap.php.epp @@ -1,3 +1,9 @@ +<%- | + Optional[Variant[String,Array[String]]] $auth_method, +| -%> +<%- + $auth_methods = flatten([$auth_method]) +-%> 'Redis', //[required] * 'duration'=> 3600, //[optional] * 'probability'=> 100, //[optional] * 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string - * 'server' => '<%= @redis_host -%>' // localhost - * 'port' => <%= @redis_port -%> // default port 6379 - * 'timeout' => <%= @redis_timeout -%> // timeout in seconds, 0 = unlimited + * 'server' => '127.0.0.1' // localhost + * 'port' => 6379 // default port 6379 + * 'timeout' => 0 // timeout in seconds, 0 = unlimited * 'persistent' => true, // [optional] set this to false for non-persistent connections - * )); + * )); */ - Cache::config('default', array('engine' => 'File')); Configure::load('config'); @@ -127,9 +132,16 @@ CakePlugin::load('UrlCache'); * Uncomment the following line to enable client SSL certificate authentication. * It's also necessary to configure the plugin — for more information, please read app/Plugin/CertAuth/reame.md */ +<%- if 'CertAuth.Certificate' in $auth_methods { -%> +CakePlugin::load('CertAuth'); +<%- } else { -%> // CakePlugin::load('CertAuth'); -<% if (@auth_method == 'ShibbAuth.ApacheShibb') then %> CakePlugin::load('ShibbAuth'); -<% else %>// CakePlugin::load('ShibbAuth');<% end %> +<%- } -%> +<%- if 'ShibbAuth.ApacheShibb' in $auth_methods { -%> +CakePlugin::load('ShibbAuth'); +<%- } else { -%> +// CakePlugin::load('ShibbAuth'); +<%- } -%> /** * You can attach event listeners to the request lifecyle as Dispatcher Filter . By Default CakePHP bundles two filters: * diff --git a/templates/config.php.epp b/templates/config.php.epp new file mode 100644 index 0000000..bfd3550 --- /dev/null +++ b/templates/config.php.epp @@ -0,0 +1,85 @@ +<%- | + Type[Class[misp]] $context, +| -%> + <%= $context[debug] -%>, + 'site_admin_debug' => <%= $context[site_admin_debug] -%>, +<%= epp('misp/config.php/_security.epp', { context => $context }) -%> +<%= epp('misp/config.php/_secureauth.epp', { context => $context }) -%> +<%= epp('misp/config.php/_session.epp', { context => $context }) -%> +<%= epp('misp/config.php/_misp.epp', { context => $context }) -%> +<%= epp('misp/config.php/_gnupg.epp', { context => $context }) -%> +<%= epp('misp/config.php/_smime.epp', { context => $context }) -%> +<%= epp('misp/config.php/_proxy.epp', { context => $context }) -%> +<%= epp('misp/config.php/_plugin.epp', { context => $context }) -%> + // Uncomment the following to enable client SSL certificate authentication + /* + 'CertAuth' => + array( + 'ca' => array( 'FIRST.Org' ), // allowed CAs + 'caId' => 'O', // which attribute will be used to verify the CA + 'userModel' => 'User', // name of the User class to check if user exists + 'userModelKey' => 'nids_sid', // User field that will be used for querying + 'map' => array( // maps client certificate attributes to User properties + 'O' => 'org', + 'emailAddress'=>'email', + ), + 'syncUser' => true, // should the User be synchronized with an external REST API + 'userDefaults'=> array( // default user attributes, only used when creating new users + 'role_id' => 4, + ), + 'restApi' => array( // API parameters + 'url' => 'https://example.com/data/users', // URL to query + 'headers' => array(), // additional headers, used for authentication + 'param' => array( 'email' => 'email' ), // query parameters to add to the URL, mapped to User properties + 'map' => array( // maps REST result to the User properties + 'uid' => 'nids_sid', + 'team' => 'org', + 'email' => 'email', + 'pgp_public'=> 'gpgkey', + ), + ), + 'userDefaults' => array ( 'role_id' => 3 ), // default attributes for new users + ), + */ + 'ApacheShibbAuth' => // Configuration for shibboleth authentication + array( + 'MailTag' => 'ADFS_EMAIL', + 'OrgTag' => 'ADFS_FEDERATION', + 'GroupTag' => 'ADFS_GROUP', + 'GroupSeparator' => ';', + 'GroupRoleMatching' => array( // 3:User, 1:admin. May be good to set "1" for the first user +<%- if $context[egroup_role_match] { -%> +<%- $context[egroup_role_match].each |$key, $value| { -%> + '<%= $key %>' => <%= $value %>, +<%- } -%> +<%- } -%> + ), + 'UseDefaultOrg' => '<%= $context[shib_use_default_org] -%>', + 'DefaultOrg' => '<%= $context[shib_default_org] -%>', + ), + + // Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team. + // Feel free to enable it and report back to us if you run into any issues. + // + // Uncomment the following to enable Kerberos authentication + // needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap) + /* + 'ApacheSecureAuth' => // Configuration for kerberos authentication + array( + 'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER + 'ldapServer' => 'ldap://example.com', // FQDN or IP + 'ldapProtocol' => 3, + 'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right + 'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password + 'ldapDN' => 'dc=example,dc=com', + 'ldapSearchAttribut' => 'uid', // filter for search + 'ldapFilter' => array( + 'mail', + ), + 'ldapDefaultRoleId' => 3, // 3:User, 1:admin. May be good to set "1" for the first user + 'ldapDefaultOrg' => '1', // uses 1st local org in MISP if undefined + ), + */ +); diff --git a/templates/config.php.erb b/templates/config.php.erb deleted file mode 100644 index 49faa74..0000000 --- a/templates/config.php.erb +++ /dev/null @@ -1,279 +0,0 @@ - <%= @debug -%>, - 'site_admin_debug' => <%= @site_admin_debug -%>, - 'Security' => - array ( - 'level' => '<%= @security_level -%>', - 'salt' => '<%= @salt -%>', - 'cipherSeed' => '<%= @cipherseed -%>', - <% if (@auth_method != '') then %> - 'auth'=>array('<%= @auth_method -%>'), - <% else %> - //'auth'=>array('CertAuth.Certificate'), // additional authentication methods - <% end %> - 'password_policy_length' => <%= @password_policy_length -%>, - 'password_policy_complexity' => '<%= @password_policy_complexity -%>', - 'sanitise_attribute_on_delete' => <%= @sanitise_attribute_on_delete -%>, - 'require_password_confirmation' => <%= @require_password_confirmation -%>, - 'hide_organisation_index_from_users' => <%= @hide_organisation_index_from_users -%>, - ), - 'MISP' => - array ( - 'uuid' => '<%= @uuid -%>', - 'baseurl' => 'https://<%= @fqdn -%>', - 'live' => <%= @live -%>, - 'language' => '<%= @language -%>', - 'enable_advanced_correlations' => <%= @enable_advanced_correlations -%>, -<% if @python_bin -%> - 'python_bin' => '<%= @python_bin %>', -<% end -%> - 'ssdeep_correlation_threshold' => <%= @ssdeep_correlation_threshold -%>, - 'max_correlations_per_event' => <%= @max_correlations_per_event -%>, - 'maintenance_message' => '<%= @maintenance_message -%>', - 'footermidleft' => '<%= @footermidleft -%>', - 'footermidright' => '<%= @footermidright -%>', - 'footer_logo' => '<%= @footer_logo -%>', - 'home_logo' => '<%= @home_logo -%>', - 'main_logo' => '<%= @main_logo -%>', - 'org' => '<%= @org -%>', - 'host_org_id' => '<%= @host_org_id -%>', - 'showorg' => <%= @showorg -%>, - 'threatlevel_in_email_subject' => <%= @threatlevel_in_email_subject -%>, - 'email_subject_TLP_string' => '<%= @email_subject_tlp_string -%>', - 'email_subject_tag' => '<%= @email_subject_tag -%>', - 'email_subject_include_tag_name' => <%= @email_subject_include_tag_name -%>, - 'background_jobs' => <%= @background_jobs -%>, - 'attachments_dir' => '<%= @attachments_dir -%>', - 'cached_attachments' => <%= @cached_attachments -%>, - 'download_attachments_on_load' => <%= @download_attachments_on_load -%>, - 'email' => '<%= @email -%>', - 'disable_emailing' => <%= @disable_emailing -%>, - 'contact' => '<%= @contact -%>', - 'cveurl' => '<%= @cveurl -%>', - 'disablerestalert' => <%= @disablerestalert -%>, - 'extended_alert_subject' => <%= @extended_alert_subject -%>, - 'default_event_distribution' => '<%= @default_event_distribution -%>', - 'default_attribute_distribution' => '<%= @default_attribute_distribution -%>', - 'default_event_threat_level' => '<%= @default_event_threat_level -%>', - 'tagging' => <%= @tagging -%>, - 'full_tags_on_event_index' => <%= @full_tags_on_event_index -%>, - 'welcome_text_top' => '<%= @welcome_text_top -%>', - 'welcome_text_bottom' => '<%= @welcome_text_bottom -%>', - 'welcome_logo' => '<%= @welcome_logo -%>', - 'welcome_logo2' => '<%= @welcome_logo2 -%>', - 'title_text' => '<%= @title_text -%>', - 'take_ownership_xml_import' => <%= @take_ownership_xml_import -%>, - 'terms_download' => <%= @terms_download -%>, - 'terms_file' => '<%= @terms_file -%>', - 'showorgalternate' => <%= @showorgalternate -%>, - 'unpublishedprivate' => <%= @unpublishedprivate -%>, - 'newUserText' => "<%= @new_user_text -%>", - 'passwordResetText' => "<%= @password_reset_text -%>", - 'enableEventBlacklisting' => <%= @enable_event_blacklisting -%>, - 'enableOrgBlacklisting' => <%= @enable_org_blacklisting -%>, - 'log_client_ip' => <%= @log_client_ip -%>, - 'log_auth' => <%= @log_auth -%>, - 'ManglePushTo23' => <%= @mangle_push_to_23 -%>, - 'delegation' => <%= @delegation -%>, - 'showCorrelationsOnIndex' => <%= @show_correlations_on_index -%>, - 'showProposalsCountOnIndex' => <%= @show_proposals_count_on_index -%>, - 'showSightingsCountOnIndex' => <%= @show_sightings_count_on_index -%>, - 'showDiscussionsCountOnIndex' => <%= @show_discussions_count_on_index -%>, - 'disableUserSelfManagement' => <%= @disable_user_self_management -%>, - 'block_event_alert' => <%= @block_event_alert -%>, - 'block_event_alert_tag' => '<%= @block_event_alert_tag -%>', - 'block_old_event_alert' => <%= @block_old_event_alert -%>, - 'block_old_event_alert_age' => <%= @block_old_event_alert_age -%>, - 'rh_shell_fix' => <%= @rh_shell_fix -%>, - 'rh_shell_fix_path' => '<%= @rh_shell_fix_path -%>', - 'tmpdir' => '<%= @tmpdir -%>', - 'custom_css' => '<%= @custom_css -%>', - 'proposals_block_attributes' => <%= @proposals_block_attributes -%>, - 'incoming_tags_disabled_by_default' => <%= @incoming_tags_disabled_by_default -%>, - 'completely_disable_correlation' => <%= @completely_disable_correlation -%>, - 'allow_disabling_correlation' => <%= @allow_disabling_correlation -%>, - 'redis_host' => '<%= @redis_host -%>', - 'redis_port' => <%= @redis_port -%>, - 'redis_database' => <%= @redis_database -%>, - 'redis_password' => '<%= @redis_password -%>', - 'event_view_filter_fields' => '<%= @event_view_filter_fields -%>', - 'manage_workers' => '<%= @manage_workers -%>', - 'deadlock_avoidance' => <%= @deadlock_avoidance -%>, - 'allow_unsafe_apikey_named_param' => <%= @allow_unsafe_apikey_named_param -%>, - ), - 'GnuPG' => - array ( - 'binary' => '<%= @gpg_binary -%>', - 'onlyencrypted' => <%= @gpg_onlyencrypted -%>, - 'bodyonlyencrypted' => <%= @gpg_bodyonlyencrypted -%>, - 'email' => '<%= @gpg_email -%>', - 'password' => '<%= @gpg_password -%>', - 'homedir' => '<%= @gpg_homedir -%>', - ), - 'SMIME' => - array ( - 'enabled' => <%= @smime_enabled -%>, - 'email' => '<%= @smime_email -%>', - 'cert_public_sign' => '<%= @smime_cert_public_sign -%>', - 'key_sign' => '<%= @smime_key_sign -%>', - 'password' => '<%= @smime_password -%>', - ), - 'Proxy' => - array ( - 'host' => '<%= @proxy_host -%>', - 'port' => '<%= @proxy_port -%>', - 'method' => '<%= @proxy_method -%>', - 'user' => '<%= @proxy_user -%>', - 'password' => '<%= @proxy_password -%>', - ), - 'SecureAuth' => - array ( - 'amount' => <%= @secure_auth_amount -%>, - 'expire' => <%= @secure_auth_expire -%>, - ), - 'Session' => - array ( - 'autoRegenerate' => <%= @session_auto_regenerate -%>, - 'checkAgent' => '<%= @session_check_agent -%>', - 'defaults' => '<%= @session_defaults -%>', - 'timeout' => '<%= @session_timeout -%>', - 'cookie_timeout' => '<%= @session_cookie_timeout -%>' - ), - 'Plugin' => - array ( - 'RPZ_policy' => <%= @rpz_policy -%>, - 'RPZ_walled_garden' => '<%= @rpz_walled_garden -%>', - 'RPZ_serial' => '<%= @rpz_serial -%>', - 'RPZ_refresh' => '<%= @rpz_refresh -%>', - 'RPZ_retry' => '<%= @rpz_retry -%>', - 'RPZ_expiry' => '<%= @rpz_expiry -%>', - 'RPZ_minimum_ttl' => '<%= @rpz_minimum_ttl -%>', - 'RPZ_ttl' => '<%= @rpz_ttl -%>', - 'RPZ_ns' => '<%= @rpz_ns -%>.', - 'RPZ_ns_alt' => '<%= @rpz_ns_alt -%>', - 'RPZ_email' => '<%= @rpz_email -%>', - 'ZeroMQ_enable' => <%= @zeromq_enable -%>, - 'ZeroMQ_port' => <%= @zeromq_port -%>, - 'ZeroMQ_redis_host' => '<%= @zeromq_redis_host -%>', - 'ZeroMQ_redis_port' => <%= @zeromq_redis_port -%>, - 'ZeroMQ_redis_password' => '<%= @zeromq_redis_password -%>', - 'ZeroMQ_redis_database' => '<%= @zeromq_redis_database -%>', - 'ZeroMQ_redis_namespace' => '<%= @zeromq_redis_namespace -%>', - 'ZeroMQ_include_attachments' => <%= @zeromq_include_attachments -%>, - 'ZeroMQ_event_notifications_enable' => <%= @zeromq_event_notifications_enable -%>, - 'ZeroMQ_object_notifications_enable' => <%= @zeromq_object_notifications_enable -%>, - 'ZeroMQ_object_reference_notifications_enable' => <%= @zeromq_object_reference_notifications_enable -%>, - 'ZeroMQ_attribute_notifications_enable' => <%= @zeromq_attribute_notifications_enable -%>, - 'ZeroMQ_tag_notifications_enable' => <%= @zeromq_tag_notifications_enable -%>, - 'ZeroMQ_audit_notifications_enable' => <%= @zeromq_audit_notifications_enable -%>, - 'ElasticSearch_logging_enable' => <%= @elasticsearch_logging_enable -%>, - 'ElasticSearch_connection_string' => '<%= @elasticsearch_connection_string -%>', - 'ElasticSearch_log_index' => '<%= @elasticsearch_log_index -%>', - 'syslog' => <%= @syslog -%>, - 'Sightings_enable' => <%= @sightings_enable -%>, - 'Sightings_policy' => <%= @sightings_policy -%>, - 'Sightings_anonymise' => <%= @sightings_anonymise -%>, - 'Sightings_range' => <%= @sightings_range -%>, - 'CustomAuth_enable' => <%= @customauth_enable -%>, - 'CustomAuth_header' => '<%= @customauth_header -%>', - 'CustomAuth_use_header_namespace' => <%= @customauth_use_header_namespace -%>, - 'CustomAuth_header_namespace' => '<%= @customauth_header_namespace -%>', - 'CustomAuth_required' => <%= @customauth_required -%>, - 'CustomAuth_only_allow_source' => '<%= @customauth_only_allow_source -%>', - 'CustomAuth_name' => '<%= @customauth_name -%>', - 'CustomAuth_disable_logout' => <%= @customauth_disable_logout -%>, - 'CustomAuth_custom_password_reset' => '<%= @customauth_custom_password_reset -%>', - 'CustomAuth_custom_logout' => '<%= @customauth_custom_logout -%>', - 'Enrichment_services_enable' => <%= @enrichment_services_enable -%>, - 'Enrichment_timeout' => <%= @enrichment_timeout -%>, - 'Enrichment_hover_enable' => <%= @enrichment_hover_enable -%>, - 'Enrichment_hover_timeout' => <%= @enrichment_hover_timeout -%>, - 'Enrichment_services_url' => '<%= @enrichment_services_url -%>', - 'Enrichment_services_port' => <%= @enrichment_services_port -%>, - 'Import_services_enable' => <%= @import_services_enable -%>, - 'Import_timeout' => <%= @import_timeout -%>, - 'Import_services_url' => '<%= @import_services_url -%>', - 'Import_services_port' => <%= @import_services_port -%>, - 'Export_services_enable' => <%= @export_services_enable -%>, - 'Export_timeout' => <%= @export_timeout -%>, - 'Export_services_url' => '<%= @export_services_url -%>', - 'Export_services_port' => <%= @export_services_port -%>, - 'Cortex_services_enable' => <%= @cortex_services_enable -%>, - 'Cortex_services_url' => '<%= @cortex_services_url -%>', - 'Cortex_services_port' => <%= @cortex_services_port -%>, - 'Cortex_authkey' => '<%= @cortex_authkey -%>', - 'Cortex_timeout' => <%= @cortex_timeout -%>, - 'Cortex_ssl_verify_peer' => <%= @cortex_ssl_verify_peer -%>, - 'Cortex_ssl_verify_host' => <%= @cortex_ssl_verify_host -%>, - 'Cortex_ssl_allow_self_signed' => <%= @cortex_ssl_allow_self_signed -%>, - 'Cortex_ssl_cafile' => '<%= @cortex_ssl_cafile -%>' - ), - // Uncomment the following to enable client SSL certificate authentication - /* - 'CertAuth' => - array( - 'ca' => array( 'FIRST.Org' ), // allowed CAs - 'caId' => 'O', // which attribute will be used to verify the CA - 'userModel' => 'User', // name of the User class to check if user exists - 'userModelKey' => 'nids_sid', // User field that will be used for querying - 'map' => array( // maps client certificate attributes to User properties - 'O' => 'org', - 'emailAddress'=>'email', - ), - 'syncUser' => true, // should the User be synchronized with an external REST API - 'userDefaults'=> array( // default user attributes, only used when creating new users - 'role_id' => 4, - ), - 'restApi' => array( // API parameters - 'url' => 'https://example.com/data/users', // URL to query - 'headers' => array(), // additional headers, used for authentication - 'param' => array( 'email' => 'email' ), // query parameters to add to the URL, mapped to User properties - 'map' => array( // maps REST result to the User properties - 'uid' => 'nids_sid', - 'team' => 'org', - 'email' => 'email', - 'pgp_public'=> 'gpgkey', - ), - ), - 'userDefaults' => array ( 'role_id' => 3 ), // default attributes for new users - ), - */ - 'ApacheShibbAuth' => // Configuration for shibboleth authentication - array( - 'MailTag' => 'ADFS_EMAIL', - 'OrgTag' => 'ADFS_FEDERATION', - 'GroupTag' => 'ADFS_GROUP', - 'GroupSeparator' => ';', - 'GroupRoleMatching' => array( // 3:User, 1:admin. May be good to set "1" for the first user - <% @egroup_role_match.each do |key,value| -%> - '<%= key %>' => <%= value %>, - <% end %> - ), - 'UseDefaultOrg' => '<%= @shib_use_default_org -%>', - 'DefaultOrg' => '<%= @shib_default_org -%>', - ), - - // Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team. - // Feel free to enable it and report back to us if you run into any issues. - // - // Uncomment the following to enable Kerberos authentication - // needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap) - /* - 'ApacheSecureAuth' => // Configuration for kerberos authentication - array( - 'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER - 'ldapServer' => 'ldap://example.com', // FQDN or IP - 'ldapProtocol' => 3, - 'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right - 'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password - 'ldapDN' => 'dc=example,dc=com', - 'ldapSearchAttribut' => 'uid', // filter for search - 'ldapFilter' => array( - 'mail', - ), - 'ldapDefaultRoleId' => 3, // 3:User, 1:admin. May be good to set "1" for the first user - 'ldapDefaultOrg' => '1', // uses 1st local org in MISP if undefined - ), - */ -); diff --git a/templates/config.php/_gnupg.epp b/templates/config.php/_gnupg.epp new file mode 100644 index 0000000..f34a9bc --- /dev/null +++ b/templates/config.php/_gnupg.epp @@ -0,0 +1,21 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'GnuPG' => + array ( + 'onlyencrypted' => <%= $context[gpg_onlyencrypted] %>, + 'email' => <%= $context[gpg_email] %>, + 'homedir' => <%= $context[gpg_homedir] %>, +<%- if $context[gpg_password] != undef { -%> + 'password' => '<%= $context[gpg_password] %>', +<%- } -%> +<%- if $context[gpg_binary] != undef { -%> + 'binary' => '<%= $context[gpg_binary] %>', +<%- } -%> +<%- if $context[gpg_bodyonlyencrypted] != undef { -%> + 'bodyonlyencrypted' => <%= $context[gpg_bodyonlyencrypted] %>, +<%- } -%> +<%- if $context[gpg_sign] != undef { -%> + 'sign' => <%= $context[gpg_sign] %>, +<%- } -%> + ), diff --git a/templates/config.php/_misp.epp b/templates/config.php/_misp.epp new file mode 100644 index 0000000..73fd63c --- /dev/null +++ b/templates/config.php/_misp.epp @@ -0,0 +1,203 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'MISP' => + array ( + 'baseurl' => '<%= $context[baseurl] %>' , + 'external_baseurl' => '<%= $context[external_baseurl] %>' , + 'live' => <%= $context[live] %>, + 'language' => '<%= $context[language] %>', + 'enable_advanced_correlations' => <%= $context[enable_advanced_correlations] %>, + 'host_org_id' => <%= $context[host_org_id] %>, + 'uuid' => '<%= $context[uuid] %>', + 'showorg' => <%= $context[showorg] %>, + 'email' => '<%= $context[email] %>', + 'disable_emailing' => <%= $context[disable_emailing] %>, + 'default_event_distribution' => <%= $context[default_event_distribution] %>, + 'default_attribute_distribution' => '<%= $context[default_attribute_distribution] %>', + 'default_event_tag_collection' => <%= $context[default_event_tag_collection] %>, + 'proposals_block_attributes' => <%= $context[proposals_block_attributes] %>, + 'completely_disable_correlation' => <%= $context[completely_disable_correlation] %>, + 'allow_disabling_correlation' => <%= $context[allow_disabling_correlation] %>, + 'redis_host' => '<%= $context[redis_host] %>', + 'redis_port' => <%= $context[redis_port] %>, + 'redis_database' => <%= $context[redis_database] %>, + 'redis_password' => '<%= $context[redis_password] %>', +<%- if $context[python_bin] != undef { -%> + 'python_bin' => '<%= $context[python_bin] %>', +<%- } -%> +<%- if $context[disable_auto_logout] != undef { -%> + 'disable_auto_logout' => <%= $context[disable_auto_logout] %>, +<%- } -%> +<%- if $context[ssdeep_correlation_threshold] != undef { -%> + 'ssdeep_correlation_threshold' => <%= $context[ssdeep_correlation_threshold] %>, +<%- } -%> +<%- if $context[max_correlations_per_event] != undef { -%> + 'max_correlations_per_event' => <%= $context[max_correlations_per_event] %>, +<%- } -%> +<%- if $context[disable_cached_exports] != undef { -%> + 'disable_cached_exports' => <%= $context[disable_cached_exports] %>, +<%- } -%> +<%- if $context[org] != undef { -%> + 'org' => '<%= $context[org] %>', +<%- } -%> +<%- if $context[background_jobs] != undef { -%> + 'background_jobs' => <%= $context[background_jobs] %>, +<%- } -%> +<%- if $context[cached_attachments] != undef { -%> + 'cached_attachments' => <%= $context[cached_attachments] %>, +<%- } -%> +<%- if $context[contact] != undef { -%> + 'contact' => '<%= $context[contact] %>', +<%- } -%> +<%- if $context[cveurl] != undef { -%> + 'cveurl' => '<%= $context[cveurl] %>', +<%- } -%> +<%- if $context[disablerestalert] != undef { -%> + 'disablerestalert' => <%= $context[disablerestalert] %>, +<%- } -%> +<%- if $context[extended_alert_subject] != undef { -%> + 'extended_alert_subject' => <%= $context[extended_alert_subject] %>, +<%- } -%> +<%- if $context[default_event_threat_level] != undef { -%> + 'default_event_threat_level' => '<%= $context[default_event_threat_level] %>', +<%- } -%> +<%- if $context[tagging] != undef { -%> + 'tagging' => <%= $context[tagging] %>, +<%- } -%> +<%- if $context[new_user_text] != undef { -%> + 'newUserText' => "<%= $context[new_user_text] %>", +<%- } -%> +<%- if $context[password_reset_text] != undef { -%> + 'passwordResetText' => "<%= $context[password_reset_text] %>", +<%- } -%> +<%- if $context[enable_event_blacklisting] != undef { -%> + 'enableEventBlacklisting' => <%= $context[enable_event_blacklisting] %>, +<%- } -%> +<%- if $context[enable_org_blacklisting] != undef { -%> + 'enableOrgBlacklisting' => <%= $context[enable_org_blacklisting] %>, +<%- } -%> +<%- if $context[log_client_ip] != undef { -%> + 'log_client_ip' => <%= $context[log_client_ip] %>, +<%- } -%> +<%- if $context[log_auth] != undef { -%> + 'log_auth' => <%= $context[log_auth] %>, +<%- } -%> +<%- if $context[delegation] != undef { -%> + 'delegation' => <%= $context[delegation] %>, +<%- } -%> +<%- if $context[show_correlations_on_index] != undef { -%> + 'showCorrelationsOnIndex' => <%= $context[show_correlations_on_index] %>, +<%- } -%> +<%- if $context[show_proposals_count_on_index] != undef { -%> + 'showProposalsCountOnIndex' => <%= $context[show_proposals_count_on_index] %>, +<%- } -%> +<%- if $context[show_sightings_count_on_index] != undef { -%> + 'showSightingsCountOnIndex' => <%= $context[show_sightings_count_on_index] %>, +<%- } -%> +<%- if $context[show_discussions_count_on_index] != undef { -%> + 'showDiscussionsCountOnIndex' => <%= $context[show_discussions_count_on_index] %>, +<%- } -%> +<%- if $context[disable_user_self_management] != undef { -%> + 'disableUserSelfManagement' => <%= $context[disable_user_self_management] %>, +<%- } -%> +<%- if $context[block_event_alert] != undef { -%> + 'block_event_alert' => <%= $context[block_event_alert] %>, +<%- } -%> +<%- if $context[block_event_alert_tag] != undef { -%> + 'block_event_alert_tag' => '<%= $context[block_event_alert_tag] %>', +<%- } -%> +<%- if $context[block_old_event_alert] != undef { -%> + 'block_old_event_alert' => <%= $context[block_old_event_alert] %>, +<%- } -%> +<%- if $context[block_old_event_alert_age] != undef { -%> + 'block_old_event_alert_age' => <%= $context[block_old_event_alert_age] %>, +<%- } -%> +<%- if $context[tmpdir] != undef { -%> + 'tmpdir' => '<%= $context[tmpdir] %>', +<%- } -%> +<%- if $context[incoming_tags_disabled_by_default] != undef { -%> + 'incoming_tags_disabled_by_default' => <%= $context[incoming_tags_disabled_by_default] %>, +<%- } -%> +<%- if $context[deadlock_avoidance] != undef { -%> + 'deadlock_avoidance' => <%= $context[deadlock_avoidance] %>, +<%- } -%> +<%- if $context[maintenance_message] != undef { -%> + 'maintenance_message' => '<%= $context[maintenance_message] %>', +<%- } -%> +<%- if $context[footermidleft] != undef { -%> + 'footermidleft' => '<%= $context[footermidleft] %>', +<%- } -%> +<%- if $context[footermidright] != undef { -%> + 'footermidright' => '<%= $context[footermidright] %>', +<%- } -%> +<%- if $context[footer_logo] != undef { -%> + 'footer_logo' => '<%= $context[footer_logo] %>', +<%- } -%> +<%- if $context[home_logo] != undef { -%> + 'home_logo' => '<%= $context[home_logo] %>', +<%- } -%> +<%- if $context[main_logo] != undef { -%> + 'main_logo' => '<%= $context[main_logo] %>', +<%- } -%> +<%- if $context[threatlevel_in_email_subject] != undef { -%> + 'threatlevel_in_email_subject' => <%= $context[threatlevel_in_email_subject] %>, +<%- } -%> +<%- if $context[email_subject_tlp_string] != undef { -%> + 'email_subject_TLP_string' => '<%= $context[email_subject_tlp_string] %>', +<%- } -%> +<%- if $context[email_subject_tag] != undef { -%> + 'email_subject_tag' => '<%= $context[email_subject_tag] %>', +<%- } -%> +<%- if $context[email_subject_include_tag_name] != undef { -%> + 'email_subject_include_tag_name' => <%= $context[email_subject_include_tag_name] %>, +<%- } -%> +<%- if $context[attachments_dir] != undef { -%> + 'attachments_dir' => '<%= $context[attachments_dir] %>', +<%- } -%> +<%- if $context[download_attachments_on_load] != undef { -%> + 'download_attachments_on_load' => <%= $context[download_attachments_on_load] %>, +<%- } -%> +<%- if $context[full_tags_on_event_index] != undef { -%> + 'full_tags_on_event_index' => <%= $context[full_tags_on_event_index] %>, +<%- } -%> +<%- if $context[welcome_text_top] != undef { -%> + 'welcome_text_top' => '<%= $context[welcome_text_top] %>', +<%- } -%> +<%- if $context[welcome_text_bottom] != undef { -%> + 'welcome_text_bottom' => '<%= $context[welcome_text_bottom] %>', +<%- } -%> +<%- if $context[welcome_logo] != undef { -%> + 'welcome_logo' => '<%= $context[welcome_logo] %>', +<%- } -%> +<%- if $context[welcome_logo2] != undef { -%> + 'welcome_logo2' => '<%= $context[welcome_logo2] %>', +<%- } -%> +<%- if $context[title_text] != undef { -%> + 'title_text' => '<%= $context[title_text] %>', +<%- } -%> +<%- if $context[take_ownership_xml_import] != undef { -%> + 'take_ownership_xml_import' => <%= $context[take_ownership_xml_import] %>, +<%- } -%> +<%- if $context[terms_download] != undef { -%> + 'terms_download' => <%= $context[terms_download] %>, +<%- } -%> +<%- if $context[terms_file] != undef { -%> + 'terms_file' => '<%= $context[terms_file] %>', +<%- } -%> +<%- if $context[showorgalternate] != undef { -%> + 'showorgalternate' => <%= $context[showorgalternate] %>, +<%- } -%> +<%- if $context[unpublishedprivate] != undef { -%> + 'unpublishedprivate' => <%= $context[unpublishedprivate] %>, +<%- } -%> +<%- if $context[custom_css] != undef { -%> + 'custom_css' => '<%= $context[custom_css] %>', +<%- } -%> +<%- if $context[event_view_filter_fields] != undef { -%> + 'event_view_filter_fields' => '<%= $context[event_view_filter_fields] %>', +<%- } -%> +<%- if $context[manage_workers] != undef { -%> + 'manage_workers' => '<%= $context[manage_workers] %>', +<%- } -%> + ), diff --git a/templates/config.php/_plugin.epp b/templates/config.php/_plugin.epp new file mode 100644 index 0000000..27eccd5 --- /dev/null +++ b/templates/config.php/_plugin.epp @@ -0,0 +1,201 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'Plugin' => + array ( +<%- if $context[rpz_policy] != undef { -%> + 'RPZ_policy' => <%= $context[rpz_policy] %>, +<%- } -%> +<%- if $context[rpz_walled_garden] != undef { -%> + 'RPZ_walled_garden' => '<%= $context[rpz_walled_garden] %>', +<%- } -%> +<%- if $context[rpz_serial] != undef { -%> + 'RPZ_serial' => '<%= $context[rpz_serial] %>', +<%- } -%> +<%- if $context[rpz_refresh] != undef { -%> + 'RPZ_refresh' => '<%= $context[rpz_refresh] %>', +<%- } -%> +<%- if $context[rpz_retry] != undef { -%> + 'RPZ_retry' => '<%= $context[rpz_retry] %>', +<%- } -%> +<%- if $context[rpz_expiry] != undef { -%> + 'RPZ_expiry' => '<%= $context[rpz_expiry] %>', +<%- } -%> +<%- if $context[rpz_minimum_ttl] != undef { -%> + 'RPZ_minimum_ttl' => '<%= $context[rpz_minimum_ttl] %>', +<%- } -%> +<%- if $context[rpz_ttl] != undef { -%> + 'RPZ_ttl' => '<%= $context[rpz_ttl] %>', +<%- } -%> +<%- if $context[rpz_ns] != undef { -%> + 'RPZ_ns' => '<%= $context[rpz_ns] %>.', +<%- } -%> +<%- if $context[rpz_ns_alt] != undef { -%> + 'RPZ_ns_alt' => '<%= $context[rpz_ns_alt] %>', +<%- } -%> +<%- if $context[rpz_email] != undef { -%> + 'RPZ_email' => '<%= $context[rpz_email] %>', +<%- } -%> +<%- if $context[zeromq_enable] != undef { -%> + 'ZeroMQ_enable' => <%= $context[zeromq_enable] %>, +<%- } -%> +<%- if $context[zeromq_port] != undef { -%> + 'ZeroMQ_port' => <%= $context[zeromq_port] %>, +<%- } -%> +<%- if $context[zeromq_redis_host] != undef { -%> + 'ZeroMQ_redis_host' => '<%= $context[zeromq_redis_host] %>', +<%- } -%> +<%- if $context[zeromq_redis_port] != undef { -%> + 'ZeroMQ_redis_port' => <%= $context[zeromq_redis_port] %>, +<%- } -%> +<%- if $context[zeromq_redis_password] != undef { -%> + 'ZeroMQ_redis_password' => '<%= $context[zeromq_redis_password] %>', +<%- } -%> +<%- if $context[zeromq_redis_database] != undef { -%> + 'ZeroMQ_redis_database' => '<%= $context[zeromq_redis_database] %>', +<%- } -%> +<%- if $context[zeromq_redis_namespace] != undef { -%> + 'ZeroMQ_redis_namespace' => '<%= $context[zeromq_redis_namespace] %>', +<%- } -%> +<%- if $context[zeromq_include_attachments] != undef { -%> + 'ZeroMQ_include_attachments' => <%= $context[zeromq_include_attachments] %>, +<%- } -%> +<%- if $context[zeromq_event_notifications_enable] != undef { -%> + 'ZeroMQ_event_notifications_enable' => <%= $context[zeromq_event_notifications_enable] %>, +<%- } -%> +<%- if $context[zeromq_object_notifications_enable] != undef { -%> + 'ZeroMQ_object_notifications_enable' => <%= $context[zeromq_object_notifications_enable] %>, +<%- } -%> +<%- if $context[zeromq_object_reference_notifications_enable] != undef { -%> + 'ZeroMQ_object_reference_notifications_enable' => <%= $context[zeromq_object_reference_notifications_enable] %>, +<%- } -%> +<%- if $context[zeromq_attribute_notifications_enable] != undef { -%> + 'ZeroMQ_attribute_notifications_enable' => <%= $context[zeromq_attribute_notifications_enable] %>, +<%- } -%> +<%- if $context[zeromq_tag_notifications_enable] != undef { -%> + 'ZeroMQ_tag_notifications_enable' => <%= $context[zeromq_tag_notifications_enable] %>, +<%- } -%> +<%- if $context[zeromq_audit_notifications_enable] != undef { -%> + 'ZeroMQ_audit_notifications_enable' => <%= $context[zeromq_audit_notifications_enable] %>, +<%- } -%> +<%- if $context[elasticsearch_logging_enable] != undef { -%> + 'ElasticSearch_logging_enable' => <%= $context[elasticsearch_logging_enable] %>, +<%- } -%> +<%- if $context[elasticsearch_connection_string] != undef { -%> + 'ElasticSearch_connection_string' => <%= $context[elasticsearch_connection_string] %>, +<%- } -%> +<%- if $context[elasticsearch_log_index] != undef { -%> + 'ElasticSearch_log_index' => <%= $context[elasticsearch_log_index] %>, +<%- } -%> +<%- if $context[sightings_enable] != undef { -%> + 'Sightings_enable' => <%= $context[sightings_enable] %>, +<%- } -%> +<%- if $context[sightings_policy] != undef { -%> + 'Sightings_policy' => <%= $context[sightings_policy] %>, +<%- } -%> +<%- if $context[sightings_anonymise] != undef { -%> + 'Sightings_anonymise' => <%= $context[sightings_anonymise] %>, +<%- } -%> +<%- if $context[sightings_range] != undef { -%> + 'Sightings_range' => <%= $context[sightings_range] %>, +<%- } -%> +<%- if $context[customauth_enable] != undef { -%> + 'CustomAuth_enable' => <%= $context[customauth_enable] %>, +<%- } -%> +<%- if $context[customauth_header] != undef { -%> + 'CustomAuth_header' => '<%= $context[customauth_header] %>', +<%- } -%> +<%- if $context[customauth_use_header_namespace] != undef { -%> + 'CustomAuth_use_header_namespace' => <%= $context[customauth_use_header_namespace] %>, +<%- } -%> +<%- if $context[customauth_header_namespace] != undef { -%> + 'CustomAuth_header_namespace' => '<%= $context[customauth_header_namespace] %>', +<%- } -%> +<%- if $context[customauth_required] != undef { -%> + 'CustomAuth_required' => <%= $context[customauth_required] %>, +<%- } -%> +<%- if $context[customauth_only_allow_source] != undef { -%> + 'CustomAuth_only_allow_source' => '<%= $context[customauth_only_allow_source] %>', +<%- } -%> +<%- if $context[customauth_name] != undef { -%> + 'CustomAuth_name' => '<%= $context[customauth_name] %>', +<%- } -%> +<%- if $context[customauth_disable_logout] != undef { -%> + 'CustomAuth_disable_logout' => <%= $context[customauth_disable_logout] %>, +<%- } -%> +<%- if $context[customauth_custom_password_reset] != undef { -%> + 'CustomAuth_custom_password_reset' => '<%= $context[customauth_custom_password_reset] %>', +<%- } -%> +<%- if $context[customauth_custom_logout] != undef { -%> + 'CustomAuth_custom_logout' => '<%= $context[customauth_custom_logout] %>', +<%- } -%> +<%- if $context[enrichment_services_enable] != undef { -%> + 'Enrichment_services_enable' => <%= $context[enrichment_services_enable] %>, +<%- } -%> +<%- if $context[enrichment_timeout] != undef { -%> + 'Enrichment_timeout' => <%= $context[enrichment_timeout] %>, +<%- } -%> +<%- if $context[enrichment_hover_enable] != undef { -%> + 'Enrichment_hover_enable' => <%= $context[enrichment_hover_enable] %>, +<%- } -%> +<%- if $context[enrichment_hover_timeout] != undef { -%> + 'Enrichment_hover_timeout' => <%= $context[enrichment_hover_timeout] %>, +<%- } -%> +<%- if $context[enrichment_services_url] != undef { -%> + 'Enrichment_services_url' => '<%= $context[enrichment_services_url] %>', +<%- } -%> +<%- if $context[enrichment_services_port] != undef { -%> + 'Enrichment_services_port' => <%= $context[enrichment_services_port] %>, +<%- } -%> +<%- if $context[import_services_enable] != undef { -%> + 'Import_services_enable' => <%= $context[import_services_enable] %>, +<%- } -%> +<%- if $context[import_timeout] != undef { -%> + 'Import_timeout' => <%= $context[import_timeout] %>, +<%- } -%> +<%- if $context[import_services_url] != undef { -%> + 'Import_services_url' => '<%= $context[import_services_url] %>', +<%- } -%> +<%- if $context[import_services_port] != undef { -%> + 'Import_services_port' => <%= $context[import_services_port] %>, +<%- } -%> +<%- if $context[export_services_enable] != undef { -%> + 'Export_services_enable' => <%= $context[export_services_enable] %>, +<%- } -%> +<%- if $context[export_timeout] != undef { -%> + 'Export_timeout' => <%= $context[export_timeout] %>, +<%- } -%> +<%- if $context[export_services_url] != undef { -%> + 'Export_services_url' => '<%= $context[export_services_url] %>', +<%- } -%> +<%- if $context[export_services_port] != undef { -%> + 'Export_services_port' => <%= $context[export_services_port] %>, +<%- } -%> +<%- if $context[cortex_services_enable] != undef { -%> + 'Cortex_services_enable' => <%= $context[cortex_services_enable] %>, +<%- } -%> +<%- if $context[cortex_services_url] != undef { -%> + 'Cortex_services_url' => '<%= $context[cortex_services_url] %>', +<%- } -%> +<%- if $context[cortex_services_port] != undef { -%> + 'Cortex_services_port' => <%= $context[cortex_services_port] %>, +<%- } -%> +<%- if $context[cortex_authkey] != undef { -%> + 'Cortex_authkey' => '<%= $context[cortex_authkey] %>', +<%- } -%> +<%- if $context[cortex_timeout] != undef { -%> + 'Cortex_timeout' => <%= $context[cortex_timeout] %>, +<%- } -%> +<%- if $context[cortex_ssl_verify_peer] != undef { -%> + 'Cortex_ssl_verify_peer' => <%= $context[cortex_ssl_verify_peer] %>, +<%- } -%> +<%- if $context[cortex_ssl_verify_host] != undef { -%> + 'Cortex_ssl_verify_host' => <%= $context[cortex_ssl_verify_host] %>, +<%- } -%> +<%- if $context[cortex_ssl_allow_self_signed] != undef { -%> + 'Cortex_ssl_allow_self_signed' => <%= $context[cortex_ssl_allow_self_signed] %>, +<%- } -%> +<%- if $context[cortex_ssl_cafile] != undef { -%> + 'Cortex_ssl_cafile' => '<%= $context[cortex_ssl_cafile] %>' +<%- } -%> + ), diff --git a/templates/config.php/_proxy.epp b/templates/config.php/_proxy.epp new file mode 100644 index 0000000..1cb5be9 --- /dev/null +++ b/templates/config.php/_proxy.epp @@ -0,0 +1,21 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'Proxy' => + array ( +<%- if $context[proxy_host] != undef { -%> + 'host' => '<%= $context[proxy_host] %>', +<%- } -%> +<%- if $context[proxy_port] != undef { -%> + 'port' => '<%= $context[proxy_port] %>', +<%- } -%> +<%- if $context[proxy_method] != undef { -%> + 'method' => '<%= $context[proxy_method] %>', +<%- } -%> +<%- if $context[proxy_user] != undef { -%> + 'user' => '<%= $context[proxy_user] %>', +<%- } -%> +<%- if $context[proxy_password] != undef { -%> + 'password' => '<%= $context[proxy_password] %>', +<%- } -%> + ), diff --git a/templates/config.php/_secureauth.epp b/templates/config.php/_secureauth.epp new file mode 100644 index 0000000..12b340c --- /dev/null +++ b/templates/config.php/_secureauth.epp @@ -0,0 +1,8 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'SecureAuth' => + array ( + 'amount' => <%= $context[secure_auth_amount] %>, + 'expire' => <%= $context[secure_auth_expire] %>, + ), diff --git a/templates/config.php/_security.epp b/templates/config.php/_security.epp new file mode 100644 index 0000000..8d03026 --- /dev/null +++ b/templates/config.php/_security.epp @@ -0,0 +1,39 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'Security' => + array ( + 'level' => '<%= $context[security_level] %>', + 'salt' => '<%= $context[security_salt] %>', + 'cipherSeed' => '<%= $context[security_cipher_seed] %>', + 'syslog' => <%= $context[security_syslog] %>, + 'allow_unsafe_apikey_named_param' => <%= $context[security_allow_unsafe_apikey_named_param] %>, +<%- if $context[security_require_password_confirmation] != undef { -%> + 'require_password_confirmation' => <%= $context[security_require_password_confirmation] %>, +<%- } -%> +<%- if $context[security_sanitise_attribute_on_delete] != undef { -%> + 'sanitise_attribute_on_delete' => <%= $context[security_sanitise_attribute_on_delete] %>, +<%- } -%> +<%- if $context[security_hide_organisation_index_from_users] != undef { -%> + 'hide_organisation_index_from_users' => <%= $context[security_hide_organisation_index_from_users] %>, +<%- } -%> +<%- if $context[security_allow_cors] != undef { -%> + 'allow_cors' => <%= $context[security_allow_cors] %>, +<%- } -%> +<%- if $context[security_cors_origins] != undef { -%> + 'cors_origins' => '<%= $context[security_cors_origins] %>', +<%- } -%> +<%- if $context[security_password_policy_length] != undef { -%> + 'password_policy_length' => <%= $context[security_password_policy_length] %>, +<%- } -%> +<%- if $context[security_password_policy_complexity] != undef { -%> + 'password_policy_complexity' => '<%= $context[security_password_policy_complexity] %>', +<%- } -%> +<%- if $context[security_auth_method] { -%> + <%- if $context[security_auth_method] =~ String { -%> + 'auth'=>array('<%= $context[security_auth_method] %>'), + <%- } else { -%> + 'auth'=>array(<%= $context[security_auth_method].map |String $method| { "'${method}'" }.join(', ') %>), + <%- } -%> +<%- } -%> + ), diff --git a/templates/config.php/_session.epp b/templates/config.php/_session.epp new file mode 100644 index 0000000..fee8f3c --- /dev/null +++ b/templates/config.php/_session.epp @@ -0,0 +1,11 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'Session' => + array ( + 'autoRegenerate' => <%= $context[session_auto_regenerate] %>, + 'checkAgent' => <%= $context[session_check_agent] %>, + 'defaults' => '<%= $context[session_defaults] %>', + 'timeout' => '<%= $context[session_timeout] %>', + 'cookieTimeout' => '<%= $context[session_cookie_timeout] %>' + ), diff --git a/templates/config.php/_smime.epp b/templates/config.php/_smime.epp new file mode 100644 index 0000000..1599dd5 --- /dev/null +++ b/templates/config.php/_smime.epp @@ -0,0 +1,21 @@ +<%- | + Type[Class[misp]] $context, +| -%> + 'SMIME' => + array ( +<%- if $context[smime_enabled] != undef { -%> + 'enabled' => <%= $context[smime_enabled] %>, +<%- } -%> +<%- if $context[smime_email] != undef { -%> + 'email' => '<%= $context[smime_email] %>', +<%- } -%> +<%- if $context[smime_cert_public_sign] != undef { -%> + 'cert_public_sign' => '<%= $context[smime_cert_public_sign] %>', +<%- } -%> +<%- if $context[smime_key_sign] != undef { -%> + 'key_sign' => '<%= $context[smime_key_sign] %>', +<%- } -%> +<%- if $context[smime_password] != undef { -%> + 'password' => '<%= $context[smime_password] %>', +<%- } -%> + ), diff --git a/templates/core.php.erb b/templates/core.php.epp similarity index 93% rename from templates/core.php.erb rename to templates/core.php.epp index c9c34f0..b9c477d 100644 --- a/templates/core.php.erb +++ b/templates/core.php.epp @@ -1,3 +1,13 @@ +<%- | + String $level, + String $salt, + String $cipher_seed, + Boolean $auto_regenerate, + Boolean $check_agent, + Enum['php','database','cake','cache'] $defaults, + Integer $timeout, + Integer $cookie_timeout, +| -%> <%= @session_timeout -%>, // Session timeout, default is 1 hour - 'cookie_timeout' => <%= @session_cookie_timeout -%>, // Cookie timeout, default is 1 week - 'defaults' => '<%= @session_defaults -%>', - 'autoRegenerate' => <%= @session_auto_regenerate -%>, - 'checkAgent' => <%= @session_check_agent -%> + 'timeout' => <%= $timeout %>, // Session timeout, default is 1 hour + 'cookie_timeout' => <%= $cookie_timeout %>, // Cookie timeout, default is 1 week + 'defaults' => <%= $defaults %>, + 'autoRegenerate' => <%= $auto_regenerate %>, + 'checkAgent' => <%= $check_agent %> )); /** * The level of CakePHP security. */ -Configure::write('Security.level', 'medium'); +Configure::write('Security.level', '<%= $level %>'); /** * A random string used in security hashing methods. */ -Configure::write('Security.salt', 'Rooraenietu8Eeyo'); /** * A random numeric string (digits only) used to encrypt/decrypt strings. */ -Configure::write('Security.cipherSeed', '395786739573056621429506834955'); +Configure::write('Security.cipherSeed', '<%= $cipher_seed %>'); /** * Apply timestamps with the last modified time to static assets (js, css, images). @@ -286,4 +296,4 @@ Cache::config('_cake_model_', array( //Comment the following out if you do not with to use the background workers (not recommended) -require_once dirname(__DIR__) . '/vendor/autoload.php'; +require_once dirname(__DIR__) . '/Vendor/autoload.php'; diff --git a/templates/database.php.erb b/templates/database.php.epp similarity index 87% rename from templates/database.php.erb rename to templates/database.php.epp index 9677f8e..923b6aa 100644 --- a/templates/database.php.erb +++ b/templates/database.php.epp @@ -1,3 +1,11 @@ +<%- | + String $host, + String $user, + Integer $port, + String $password, + String $db_name, + Optional[String] $prefix = undef, +| -%> 'Database/Mysql', 'persistent' => false, -'host' => '<%= @db_host -%>', -'login' => '<%= @db_user -%>', -'port' => <%= @db_port -%>, -'password' => '<%= @db_password -%>', -'database' => '<%= @db_name -%>', -'prefix' => '', +'host' => '<%= $host -%>', +'login' => '<%= $user -%>', +'port' => <%= $port -%>, +'password' => '<%= $password -%>', +'database' => '<%= $db_name -%>', +'prefix' => '<%= $prefix %>', //'encoding' => 'utf8', ); -} \ No newline at end of file +}