use new burp default config

parent ba809521
Pipeline #1728 failed with stages
in 9 minutes and 55 seconds
# simple config for burp_ca
RANDFILE = /dev/urandom
CA_DIR = /var/lib/burp/CA
[ ca ]
dir = $ENV::CA_DIR
database = $dir/index.txt
serial = $dir/serial.txt
certs = $dir/certs
new_certs_dir = $dir/newcerts
crlnumber = $dir/crlnumber.txt
unique_subject = no
default_md = sha256
default_days = 7300
default_crl_days = 7300
#????
name_opt = ca_default
cert_opt = ca_default
x509_extensions = usr_cert
copy_extensions = copy
policy = policy_anything
[ usr_cert ]
basicConstraints = CA:FALSE
[ policy_anything ]
commonName = supplied
# This is an example config file for the burp server.
mode = server
# The default addresses to listen on depend upon compile time options.
# They may be overridden here.
# The port and address options have been removed in 2.2.10
# You must use listen instead
listen = 0.0.0.0:4971
max_children = 5
listen = 0.0.0.0:5971
max_children = 5
# Think carefully before changing the status port address, as it can be used
# to view the contents of backups.
# If you do not wish to run a status server at all, comment listen_status out.
# The status_port and status_address options have been removed in 2.2.10
# You must use listen_status instead
listen_status = 0.0.0.0:4972
max_status_children = 10
directory = /var/spool/burp
dedup_group = global
clientconfdir = /etc/burp/clientconfdir
# Choose the protocol to use.
# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
# with a pseudo mirrored storage on the server and optional rsync). 2 forces
# protocol2 mode (inline deduplication with variable length blocks).
# Like many other settings, this can be set per client in the clientconfdir
# files.
# protocol = 0
pidfile = /run/burp/burp.server.pid
hardlinked_archive = 0
working_dir_recovery_method = delete
umask = 0022
syslog = 1
stdout = 0
# The following options can restrict what the client can do.
# Restore clients can override all of these expect for force_backup.
client_can_delete = 1
# Set client_can_force_backup to 0 to only allow timed backups.
client_can_force_backup = 1
client_can_list = 1
# Set client_can_restore to 0 if you want restores to only be initialised by
# the server.
client_can_restore = 1
client_can_verify = 1
# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
# ratelimit = 1.5
# Network timeout defaults to 7200 seconds (2 hours).
# network_timeout = 7200
# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
#compression = zlib9
# When the client version does not match the server version, log a warning.
# Set to 0 to turn it off.
version_warn = 1
# More configuration files can be read, using syntax like the following
# (without the leading '# ').
# . path/to/more/conf
# Location of autoupgrade files to serve to clients. Leave it commented out
# to not autoupgrade clients.
# autoupgrade_dir = /etc/burp/autoupgrade/server
# You can have as many 'keep' lines as you like.
# For example, if running backups daily, setting 7, 4, 6 will keep
# 7 daily backups, 4 weekly, and 6 four-weekly backups.
keep = 7
# keep = 4
# keep = 6
# Run as different user/group.
# user = burp
# group = backup
# CA options.
# If you want your server to be a certificate authority and generate its own
# certificates, uncomment the following lines. If the directory specified in
# ca_conf does not exist, the server will create, populate it, and the paths
# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
# overwritten. See docs/burp_ca.txt for more information.
ca_conf = /etc/burp/CA-2.1.cnf
ca_name = burpCA
ca_server_name = burpserver
ca_burp_ca = /usr/sbin/burp_ca
# Check for revoked certificates in the certificate revocation list.
# Turn this off if you use the old ssl_extra_checks_script server script.
ca_crl_check = 1
# SSL certificate authority - same file on both server and client
ssl_cert_ca = /var/lib/burp/ssl/server/ssl_cert_ca.pem
# Server SSL certificate
ssl_cert = /var/lib/burp/ssl/server/ssl_cert-server.pem
# Server SSL key
ssl_key = /var/lib/burp/ssl/server/ssl_cert-server.key
# Server SSL ciphers
#ssl_ciphers =
# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
#ssl_compression = zlib5
# SSL key password, for loading a certificate with encryption.
#ssl_key_password = password
# Server DH file.
ssl_dhfile = /var/lib/burp/ssl/server/dhfile.pem
# The default timer_script treats the first timer_arg as the minimum interval
#timer_script = /usr/share/burp/scripts/timer_script
# Ensure that 20 hours elapse between backups
# Available units:
# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
timer_arg = 20h
# Allow backups to start in the evenings and nights during weekdays
timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
# Allow more hours at the weekend.
timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
# Note that, if you specify no timebands, the default timer script will never
# allow backups.
# Uncomment the notify_success_* lines for email notifications of backups that
# succeeded.
# In the subject line, the following are substituted:
# %b - "backup"/"restore"/"verify"
# %c - client name
# %w - number of warnings, if any
#notify_success_script = /usr/share/burp/scripts/notify_script
#notify_success_arg = sendmail -t
#notify_success_arg = To: youremail@example.com
#notify_success_arg = From: burp
#notify_success_arg = Subject: %b succeeded: %c %w
# Uncomment the following to have success notifications only if there were
# warnings.
#notify_success_warnings_only = 1
# Uncomment the following to have success notifications only if there were
# new or changed files.
#notify_success_changes_only = 1
# Uncomment the following for email notifications of backups that failed.
#notify_failure_script = /usr/share/burp/scripts/notify_script
#notify_failure_arg = sendmail -t
#notify_failure_arg = To: youremail@example.com
#notify_failure_arg = From: burp
#notify_failure_arg = Subject: %b failed: %c %w
# The server can run scripts on each connection after authentication and before
# disconnecting.
#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
#server_script_pre_arg = /etc/burp/crl
#server_script_pre_arg = /etc/burp/burp-server.conf
#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
# Set server_script_pre_notify to 1 to have notifications on server_script_pre
# returning non-zero. Most people will want to leave this off - it could
# result in a lot of emails because clients normally connect once every 20
# minutes. Requires notify_failure_script to be set above.
#server_script_pre_notify = 0
#server_script_post =
#server_script_post_arg =
#server_script_post_arg =
#server_script_post_run_on_fail=0
# As for server_script_pre_notify, but for post.
#server_script_post_notify = 0
# Clients that are able to list and restore files belonging to any other
# client. If this is too permissive, you may set a restore_client for
# individual original clients in the individual clientconfdir files.
# restore_client = someclient
# restore_client = someotherclient
# Whether or not the server process should cache the tree when a monitor client
# is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
#monitor_browse_cache = 1
......@@ -33,7 +33,7 @@ appStart () {
supervisorctl start burp-server >/dev/null
echo "Checking burp-server status..."
sleep 3
sleep 5
if ! supervisorctl status burp-server | awk '{print $2}' | grep -q RUNNING; then
echo "There seem to be a problem with your burp-server setup. Trying to fix it..."
if [ $(ls /etc/burp/ | grep -vE "^(burpui|bui.*).cfg$" | wc -l) != 0 ]; then
......
......@@ -50,13 +50,8 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
EOF
# add a dedicated listen port for burp-ui restorations
cat >>/etc/burp/burp-server.conf<<EOF
listen = 0.0.0.0:5971
max_children = 5
listen_status = 0.0.0.0:4972
max_status_children = 10
EOF
cp $CONFIG_DIR/burp-server.conf /etc/burp/burp-server.conf
cp $CONFIG_DIR/CA-2.1.cnf /etc/burp/CA-2.1.cnf
# the following file is checked by the burp-ui image
touch /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment