Puppet Class: misp::config

Inherits:
misp
Defined in:
manifests/config.pp

Overview



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'manifests/config.pp', line 2

class misp::config inherits misp {

  require '::misp::install'

  # Apache permissions

  file { "${misp::install_dir}/app/Plugin/CakeResque/Config/config.php":
    ensure    => file,
    owner     => $misp::default_high_user,
    group     => $misp::default_high_group,
    source    => "file://${misp::install_dir}/INSTALL/setup/config.php",
    subscribe => Exec['CakeResque install'],
  }

  exec {'Directory permissions':
    command     => "/usr/bin/chown -R ${misp::default_high_user}:${misp::default_high_group} ${misp::install_dir} && /usr/bin/find ${misp::install_dir} -type d -exec /usr/bin/chmod g=rx {} \\; && /usr/bin/chmod -R g+r,o= ${misp::install_dir}",
    refreshonly => true,
    require     => File["${misp::install_dir}/app/Plugin/CakeResque/Config/config.php"],
    subscribe   => Exec['CakeResque install'],
  }

  file {"${misp::install_dir}/app/files" :
    ensure    => directory,
    owner     => $misp::default_user,
    group     => $misp::default_group,
    seltype   => 'httpd_sys_rw_content_t',
    recurse   => false,
    subscribe => Exec['Directory permissions'],
    notify    => File["${misp::install_dir}/app/files/terms","${misp::install_dir}/app/files/scripts/tmp"],
  }

  file {["${misp::install_dir}/app/files/terms","${misp::install_dir}/app/files/scripts/tmp"] :
    ensure  => directory,
    owner   => $misp::default_user,
    group   => $misp::default_group,
    seltype => 'httpd_sys_rw_content_t',
    recurse => false,
  }

  file {"${misp::install_dir}/app/Plugin/CakeResque/tmp" :
    ensure    => directory,
    owner     => $misp::default_user,
    group     => $misp::default_group,
    seltype   => 'httpd_sys_rw_content_t',
    recurse   => false,
    subscribe => Exec['Directory permissions'],
  }

  file {["${misp::install_dir}/app/tmp","${misp::install_dir}/app/webroot/img/orgs", "${misp::install_dir}/app/webroot/img/custom"] :
    ensure    => directory,
    owner     => $misp::default_user,
    group     => $misp::default_group,
    mode      => '0750',
    recurse   => true,
    seltype   => 'httpd_sys_rw_content_t',
    subscribe => Exec['Directory permissions'],
    notify    => File["${misp::install_dir}/app/tmp/logs/"],#Comment for logrotate usage
  }

  #selinux::fcontext{'tmp_fcontext' :
  #  pathname  => '/var/www/MISP/app/tmp/logs(/.*)?',
  #  filemode  => 'a',
  #  context   => 'httpd_log_t' ,
  #  subscribe => File["${misp::install_dir}/app/tmp","${misp::install_dir}/app/webroot/img/orgs", "${misp::install_dir}/app/webroot/img/custom"] ,
  #  notify    => File["${misp::install_dir}/app/tmp/logs/"],
  #}

  file {"${misp::install_dir}/app/tmp/logs/" :
    ensure  => directory,
    mode    => '0750',
    owner   => $misp::default_user,
    group   => $misp::default_group,
    recurse => true,
    #seltype => 'httpd_log_t', #Uncomment for logrotate usage
    seltype => 'httpd_sys_rw_content_t',
  }

  file { "${misp::config_dir}/bootstrap.php":
    ensure    => file,
    owner     => $misp::default_high_user,
    group     => $misp::default_high_group,
    content   => template('misp/bootstrap.php.erb'),
    subscribe => Exec['Directory permissions'],
  }

  file { "${misp::config_dir}/core.php":
    ensure    => file,
    owner     => $misp::default_high_user,
    group     => $misp::default_high_group,
    content   => template('misp/core.php.erb'),
    subscribe => Exec['Directory permissions'],
  }

  file{"${misp::config_dir}/database.php":
    ensure    => file,
    owner     => $misp::default_high_user,
    group     => $misp::default_high_group,
    mode      => '0640',
    content   => template('misp/database.php.erb'),
    subscribe => Exec['Directory permissions'],
  }

  file{"${misp::config_dir}/config.php":
    ensure    => file,
    owner     => $misp::default_user,
    group     => $misp::default_group,
    content   => template('misp/config.php.erb'),
    seltype   => 'httpd_sys_rw_content_t',
    subscribe => Exec['Directory permissions'],
  }

  exec{'setsebool redis':
    command   => '/usr/sbin/setsebool -P httpd_can_network_connect on',
    unless    => '/usr/sbin/getsebool httpd_can_network_connect | grep -e  "--> on"',
    subscribe => File['/etc/opt/rh/rh-php56/php.d/99-redis.ini'],
  }

  Exec['setsebool redis'] ~> Service <| title == $misp::webservername |>

  file{"${misp::install_dir}/app/Console/worker/start.sh":
    owner => $misp::default_high_user,
    group => $misp::default_high_group,
    mode  => '+x',
  }
}