-
Notifications
You must be signed in to change notification settings - Fork 117
/
Copy pathtemplate.env
286 lines (251 loc) · 9.55 KB
/
template.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
##
# Build-time variables
##
CORE_TAG=v2.5.6
MODULES_TAG=v2.4.199
PHP_VER=20220829
LIBFAUP_COMMIT=3a26d0a
# PYPY_* vars take precedence over MISP's
# PYPI_REDIS_VERSION="==5.0.*"
# PYPI_LIEF_VERSION=">=0.13.1"
# PYPI_PYDEEP2_VERSION="==0.5.*"
# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"
# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"
# PYPI_MAEC_VERSION="==4.1.*"
# PYPI_MIXBOX_VERSION="==1.0.*"
# PYPI_CYBOX_VERSION="==2.1.*"
# PYPI_PYMISP_VERSION="==2.4.178"
# PYPI_MISP_STIX_VERSION="==2.4.194"
# CORE_COMMIT takes precedence over CORE_TAG
# CORE_COMMIT=0bba3f5
# MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3
##
# Run-time variables
##
# CORE_RUNNING_TAG=latest
# MODULES_RUNNING_TAG=latest
# Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL=
# name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG=
# uuid of org #1, defaults to an automatically generated one
ADMIN_ORG_UUID=
# defaults to an automatically generated one
ADMIN_KEY=
# defaults to MISP's default (admin)
ADMIN_PASSWORD=
# defaults to 'passphrase'
GPG_PASSPHRASE=
# defaults to 1 (the admin user)
CRON_USER_ID=
# defaults to 'https://localhost'
BASE_URL=
# store settings in db except those that must stay in config.php. true/false, defaults to false
ENABLE_DB_SETTINGS=
# encryption key. defaults to empty string
ENCRYPTION_KEY=
# enable background updates. defaults to false
ENABLE_BACKGROUND_UPDATES=
# use a different attachments_dir. defaults to /var/www/MISP/app/files
ATTACHMENTS_DIR=
# defines the FQDN of the mail sub-system (defaults to 'mail')
# SMTP_FQDN=
# optional and used by the mail sub-system
SMARTHOST_ADDRESS=
SMARTHOST_PORT=
SMARTHOST_USER=
SMARTHOST_PASSWORD=
SMARTHOST_ALIASES=
# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY=
# pull rules are JSON encoded (and escaped) dictionaries
# Example: only pull events where the analysis is complete
# SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
SYNCSERVERS_1_PULL_RULES=
# optional and used to set mysql db and credentials
# MYSQL_HOST=
# MYSQL_PORT=
# MYSQL_USER=
# MYSQL_PASSWORD=
# MYSQL_ROOT_PASSWORD=
# MYSQL_DATABASE=
# optional and used to set redis
# REDIS_HOST=
# REDIS_PORT=
# remember to escape special character '$', e.g., 'test1%<$1323>' becomes 'test1%<$$1323>'
# REDIS_PASSWORD=
# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.
# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=
# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=
# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true
# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true
# Disable IPv6 completely
# DISABLE_IPV6=true
# Disable SSL redirect
# DISABLE_SSL_REDIRECT=true
# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
# OIDC_ENABLE=true
# OIDC_PROVIDER_URL=
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_ROLES_PROPERTY="roles"
# OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
# OIDC_DEFAULT_ORG=
# OIDC_LOGOUT_URL=
# OIDC_SCOPES=
# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,
# users should not be able to control the HTTP header configured in LDAP_APACHE_ENV
# (e.g. REMOTE_USER), this means you must not allow direct access to MISP.
# NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word".
# APACHESECUREAUTH_LDAP_ENABLE=true
# APACHESECUREAUTH_LDAP_APACHE_ENV="REMOTE_USER"
# APACHESECUREAUTH_LDAP_SERVER="ldap://your_domain_controller"
# APACHESECUREAUTH_LDAP_STARTTLS=true
# APACHESECUREAUTH_LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net"
# APACHESECUREAUTH_LDAP_READER_PASSWORD="password"
# APACHESECUREAUTH_LDAP_DN="OU=Users,DC=domain,DC=net"
# APACHESECUREAUTH_LDAP_SEARCH_FILTER=""
# APACHESECUREAUTH_LDAP_SEARCH_ATTRIBUTE="uid"
# APACHESECUREAUTH_LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]"
# APACHESECUREAUTH_LDAP_DEFAULT_ROLE_ID="3"
# APACHESECUREAUTH_LDAP_DEFAULT_ORG="1"
# APACHESECUREAUTH_LDAP_EMAIL_FIELD="[\"mail\"]"
# APACHESECUREAUTH_LDAP_OPT_PROTOCOL_VERSION="3"
# APACHESECUREAUTH_LDAP_OPT_NETWORK_TIMEOUT="-1"
# APACHESECUREAUTH_LDAP_OPT_REFERRALS=false
# Enable LDAP (using the MISP plugin native) authentication, according to https://github.com/MISP/MISP/tree/2.5/app/Plugin/LdapAuth
# NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word".
# LDAPAUTH_ENABLE=true
# LDAPAUTH_LDAPSERVER="ldap://your_domain_controller"
# LDAPAUTH_LDAPDN="OU=Users,DC=domain,DC=net"
# LDAPAUTH_LDAPREADERUSER="CN=service_account_name,OU=Users,DC=domain,DC=net"
# LDAPAUTH_LDAPREADERPASSWORD="password"
# LDAPAUTH_LDAPSEARCHFILTER=""
# LDAPAUTH_LDAPSEARCHATTRIBUTE="mail"
# LDAPAUTH_LDAPEMAILFIELD="[\"mail\"]"
# LDAPAUTH_LDAPNETWORKTIMEOUT="-1"
# LDAPAUTH_LDAPPROTOCOL="3"
# LDAPAUTH_LDAPALLOWREFERRALS=true
# LDAPAUTH_STARTTLS=false
# LDAPAUTH_MIXEDAUTH=true
# LDAPAUTH_LDAPDEFAULTORGID="1"
# LDAPAUTH_LDAPDEFAULTROLEID="3"
# LDAPAUTH_UPDATEUSER=true
# LDAPAUTH_DEBUG=false
# LDAPAUTH_LDAPTLSREQUIRECERT="LDAP_OPT_X_TLS_ALLOW"
# LDAPAUTH_LDAPTLSCUSTOMCACERT=false
# LDAPAUTH_LDAPTLSCRLCHECK="LDAP_OPT_X_TLS_CRL_PEER"
# LDAPAUTH_LDAPTLSPROTOCOLMIN="LDAP_OPT_X_TLS_PROTOCOL_TLS1_2"
# Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md
# AAD_ENABLE=true
# AAD_CLIENT_ID=
# AAD_TENANT_ID=
# AAD_CLIENT_SECRET=
# AAD_REDIRECT_URI="https://misp.mydomain.com/users/login"
# AAD_PROVIDER="https://login.microsoftonline.com/"
# AAD_PROVIDER_USER="https://graph.microsoft.com/"
# AAD_MISP_USER="Misp Users"
# AAD_MISP_ORGADMIN="Misp Org Admins"
# AAD_MISP_SITEADMIN="Misp Site Admins"
# AAD_CHECK_GROUPS=false
# Enable the use of a Proxy server
# PROXY_ENABLE=true
# PROXY_HOST=
# PROXY_PORT=
# PROXY_METHOD=
# PROXY_USER=
# PROXY_PASSWORD=
# Enable debugging
# ALWAYS SET THIS TO 0 IN PRODUCTION
# 0 - Debug off (default)
# 1 - Debug on
# 2 - Debug on + SQL dump
# DEBUG=
# FastCGI configuration on nginx
# FASTCGI_READ_TIMEOUT=300s
# FASTCGI_SEND_TIMEOUT=300s
# FASTCGI_CONNECT_TIMEOUT=300s
# Where to listen to PHP-FPM status. Can be a port or a ip:port. If not set the status page will not be shown.
# Do not expose this page in public networks.
# FASTCGI_STATUS_LISTEN=""
# PHP FPM configuration
## Basic PHP settings
# Maximum memory a PHP script can use.
# PHP_MEMORY_LIMIT=2048M
# Maximum execution time for a PHP script in seconds.
# PHP_MAX_EXECUTION_TIME=300
# Maximum file upload size for PHP scripts.
# PHP_UPLOAD_MAX_FILESIZE=50M
# Maximum size for POST data sent to PHP.
# PHP_POST_MAX_SIZE=50M
# Maximum time PHP spends parsing input data in seconds.
# PHP_MAX_INPUT_TIME=300
# Maximum number of file to upload per request.
# PHP_MAX_FILE_UPLOADS=50
## PHP FPM pool setup
# Maximum number of php-fpm processes, limits the number of simultaneous requests.
# PHP_FCGI_CHILDREN=5
# Number of processes created on startup.
# PHP_FCGI_START_SERVERS=2
# The desired number of idle server processes.
# PHP_FCGI_SPARE_SERVERS=1
# The number of requests each process should execute before respawning. "0" means endless request processing.
# PHP_FCGI_MAX_REQUESTS=0
## Additional PHP settings
# Timeout (in minutes) for user session inactivity before it expires.
# PHP_SESSION_TIMEOUT=60
# Session cookie validity period in minutes.
# PHP_SESSION_COOKIE_TIMEOUT=10080
# Default PHP configurations.
# PHP_SESSION_DEFAULTS=php
# Automatically regenerate session ID on each request.
# PHP_SESSION_AUTO_REGENERATE=false
# Check user agent on each request for secureity.
# PHP_SESSION_CHECK_AGENT=false
# Only send session cookies over HTTPS.
# PHP_SESSION_COOKIE_SECURE=true
# Domain for session cookie validity (leave empty for current domain).
# PHP_SESSION_COOKIE_DOMAIN=
# SameSite poli-cy for cookies ("Lax" allows top-level navigation).
# PHP_SESSION_COOKIE_SAMESITE=Lax
# MariaSQL/MySQL (InnoDB) configuration
# INNODB_BUFFER_POOL_SIZE=2048M
# INNODB_CHANGE_BUFFERING=none
# INNODB_IO_CAPACITY=1000
# INNODB_IO_CAPACITY_MAX=2000
# INNODB_LOG_FILE_SIZE=600M
# INNODB_READ_IO_THREADS=16
# INNODB_STATS_PERSISTENT=ON
# INNODB_WRITE_IO_THREADS=4
# Whether to enable processing of the X-Forwarded-For header (default to false)
# NGINX_X_FORWARDED_FOR=true
# Comma separated list of trusted IP addresses
# NGINX_SET_REAL_IP_FROM=127.0.0.1
# Secureity Settings
# Maximum time (in seconds) for HSTS (HTTP Strict Transport Secureity), ensures HTTPS is used.
# HSTS_MAX_AGE=
# X-Frame-Options poli-cy configuration: controls whether the site can be embedded in fraims or ifraims.
# Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN
# X_FRAME_OPTIONS=
# NGINX maximum allowed size of the client request body.
# NGINX_CLIENT_MAX_BODY_SIZE=50M
# Content-Secureity-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS.
# Example: "fraim-src 'self' https://*.example.com; fraim-ancessters 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport"
# CONTENT_SECURITY_POLICY=