add: Dockerfile to build release

Dockerfile

@@ -0,0 +1,28 @@
+FROM debian:jessie
+MAINTAINER hi+burpui@ziirish.me
+
+RUN apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl python2.7-dev git python-virtualenv gunicorn python-pip cron libffi-dev redis-server \
+ && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
+ && locale-gen en_US.UTF-8 \
+ && dpkg-reconfigure -f noninteractive locales \
+ && echo "Europe/Paris" >/etc/timezone \
+ && dpkg-reconfigure -f noninteractive tzdata \
+ && rm -rf /var/lib/apt/lists/*
+
+ADD . /burp-ui
+
+ADD docker/docker-release/assets/setup/ /app/setup/
+ADD docker/docker-release/assets/config/ /app/setup/config/
+ADD docker/docker-release/assets/init /app/init
+
+RUN chmod 755 /app/init
+RUN chmod 755 /app/setup/install
+RUN /app/setup/install
+
+EXPOSE 5000/tcp
+EXPOSE 4971/tcp
+EXPOSE 4972/tcp
+
+ENTRYPOINT ["/app/init"]
+CMD ["app:start"]

docker/docker-release/assets/config/burp-ui/burpui.cfg

@@ -0,0 +1,186 @@
+[Global]
+# On which port is the application listening
+port = 5000
+# On which address is the application listening
+# '::' is the default for all IPv6
+bind = ::
+# enable SSL
+ssl = false
+# ssl cert
+sslcert = /etc/burp/ssl_cert-server.pem
+# ssl key
+sslkey = /etc/burp/ssl_cert-server.key
+# burp server version 1 or 2
+version = 1
+# Handle multiple bui-servers or not
+# If set to 'false', you will need to declare at least one 'Agent' section (see
+# bellow)
+standalone = true
+# authentication plugin (mandatory)
+# list the misc/auth directory to see the available backends
+# to disable authentication you can set "auth: none"
+# you can also chain multiple backends. Example: "auth: ldap,basic"
+# the order will be respected unless you manually set a higher backend priority
+auth = basic
+# acl plugin
+# list misc/acl directory to see the available backends
+# default is no ACL
+acl = basic
+# You can change the prefix if you are behind a reverse-proxy under a custom
+# root path. For example: /burpui
+# You can also configure your reverse-proxy to announce the prefix through the
+# 'X-Script-Name' header. In this case, the bellow prefix will be ignored in
+# favour of the one announced by your reverse-proxy
+prefix = none
+
+[UI]
+# refresh interval of the pages in seconds
+refresh = 180
+# refresh interval of the live-monitoring page in seconds
+liverefresh = 5
+
+[Production]
+# storage backend (only used with gunicorn) for session and cache
+# may be either 'default' or 'redis'
+storage = redis
+# redis server to connect to
+redis = 127.0.0.1:6379
+
+[Security]
+## This section contains some security options. Make sure you understand the
+## security implications before changing these.
+# list of 'root' paths allowed when sourcing files in the configuration.
+# Set this to 'none' if you don't want any restrictions, keeping in mind this
+# can lead to accessing sensible files. Defaults to '/etc/burp'.
+# Note: you can have several paths separated by comas.
+# Example: /etc/burp,/etc/burp.d
+includes = /etc/burp
+# remember_cookie duration in days
+cookietime = 14
+# whether to use a secure cookie for https or not. If set to false, cookies
+# won't have the 'secure' flag.
+# This setting is only useful when HTTPS is detected
+scookie = true
+# application secret to secure cookies. If you don't set anything, the default
+# value is 'random' which will generate a new secret after every restart of your
+# application. You can also set it to 'none' although this is not recommended.
+# /!\ YOU CANNOT USE THE MAGIC 'random' VALUE WHEN USING GUNICORN /!\
+appsecret = random
+
+## burp1 backend specific options
+#[Burp1]
+## burp status address (can only be '127.0.0.1' or '::1')
+#bhost = ::1
+## burp status port
+#bport = 4972
+## burp binary
+#burpbin = /usr/sbin/burp
+## vss_strip binary
+#stripbin = /usr/sbin/vss_strip
+## burp client configuration file used for the restoration (Default: None)
+#bconfcli = /etc/burp/burp.conf
+## burp server configuration file used for the setting page
+#bconfsrv = /etc/burp/burp-server.conf
+## temporary directory to use for restoration
+#tmpdir = /tmp/bui
+
+## burp2 backend specific options
+[Burp2]
+## burp binary
+#burpbin = /usr/sbin/burp
+## vss_strip binary
+#stripbin = /usr/sbin/vss_strip
+## burp client configuration file used for the restoration (Default: None)
+#bconfcli = /etc/burp/burp.conf
+## burp server configuration file used for the setting page
+#bconfsrv = /etc/burp/burp-server.conf
+## temporary directory to use for restoration
+tmpdir = /srv/temp/
+
+## ldapauth specific options
+#[LDAP]
+## Backend priority. Higher is first
+#priority = 1
+## LDAP host
+#host = 127.0.0.1
+## LDAP port
+#port = 389
+## Encryption type to LDAP server (none, ssl or tls)
+## - try tls if unsure, otherwise ssl on port 636
+#encryption = ssl
+## specifies if the server certificate must be validated, values can be:
+##  - none (certificates are ignored)
+##  - optional (not required, but validated if provided)
+##  - required (required and validated)
+#validate = none
+## SSL or TLS version to use, can be one of the following:
+##  - SSLv2
+##  - SSLv3
+##  - SSLv23
+##  - TLSv1
+##  - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
+#version = TLSv1
+## the file containing the certificates of the certification authorities
+#cafile = none
+## Attribute to use when searching the LDAP repository
+##searchattr = sAMAccountName
+#searchattr = uid
+## LDAP filter to find users in the LDAP repository
+##  - {0} will be replaced by the search attribute
+##  - {1} will be replaced by the login name
+##filter = (&({0}={1})(burpui=1))
+##filter = (&({0}={1})(|(userAccountControl=512)(userAccountControl=66048)))
+## LDAP base
+#base = ou=users,dc=example,dc=com
+## Binddn to list existing users
+#binddn = cn=admin,dc=example,dc=com
+## Bindpw to list existing users
+#bindpw = Sup3rS3cr3tPa$$w0rd
+
+## basicauth specific options
+## Note: in case you leave this section commented, the default login/password
+## is admin/admin
+## Please DO NOT touch the following line
+## @salted@
+#[BASIC]
+## Backend priority. Higher is first
+#priority = 2
+#admin = password
+#user1 = otherpassword
+
+## basicacl specific options
+## Note: in case you leave this section commented, the user 'admin' will have
+## access to all clients whereas other users will only see the client that have
+## the same name
+#[BASIC:ACL]
+## Please note the double-quote around the username on the admin line are
+## mandatory!
+#admin = user1,user2
+## You can also overwrite the default behavior by specifying which clients a
+## user can access
+#user3 = '["client4", "client5"]'
+## In case you are not in a standalone mode, you can also specify which clients
+## a user can access on a specific Agent
+#user4 = '{"agent1": ["client6", "client7"], "agent2": ["client8"]}'
+
+## If you set standalone to 'false', add at least one section like this per
+## bui-agent
+#[Agent:agent1]
+## bui-agent address
+#host = 192.168.1.1
+## bui-agent port
+#port = 10000
+## bui-agent password
+#password = azerty
+## enable SSL
+#ssl = true
+
+#[Agent:agent2]
+## bui-agent address
+#host = 192.168.2.1
+## bui-agent port
+#port = 10000
+## bui-agent password
+#password = ytreza
+## enable SSL
+#ssl = true

docker/docker-release/assets/config/burp/CA.cnf

@@ -0,0 +1,34 @@
+# simple config for burp_ca
+
+RANDFILE                = /dev/urandom
+CA_DIR                  = /tmp/burp2/CA
+
+
+[ ca ]
+dir                     = $ENV::CA_DIR
+database                = $dir/index.txt
+serial                  = $dir/serial.txt
+certs                   = $dir/certs
+new_certs_dir           = $dir/newcerts
+crlnumber               = $dir/crlnumber.txt
+
+unique_subject          = no
+
+default_md              = sha1
+default_days            = 7300
+default_crl_days        = 7300
+
+#????
+name_opt                = ca_default
+cert_opt                = ca_default
+
+x509_extensions         = usr_cert
+copy_extensions         = copy
+policy                  = policy_anything
+
+[ usr_cert ]
+basicConstraints        = CA:FALSE
+
+[ policy_anything ]
+commonName              = supplied
+

docker/docker-release/assets/config/burp/burp-server.conf

@@ -0,0 +1,175 @@
+# This is an example config file for the burp server.
+
+mode = server
+
+# The default addresses to listen on depend upon compile time options.
+# They may be overridden here.
+address = 0.0.0.0
+port = 4971
+# Think carefully before changing the status port address, as it can be used
+# to view the contents of backups.
+status_address = 0.0.0.0
+# If you do not wish to run a status server at all, comment status_port out.
+status_port = 4972
+
+directory = /srv/backup
+dedup_group = global
+clientconfdir = /etc/burp/clientconfdir
+# Choose the protocol to use.
+# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
+# with a pseudo mirrored storage on the server and optional rsync). 2 forces
+# protocol2 mode (inline deduplication with variable length blocks).
+# Like many other settings, this can be set per client in the clientconfdir
+# files.
+protocol = 1
+pidfile = /tmp/burp.server.pid
+hardlinked_archive = 1
+working_dir_recovery_method = resume
+max_children = 5
+max_status_children = 10
+umask = 0022
+syslog = 1
+stdout = 0
+# The following options can restrict what the client can do.
+# Restore clients can override all of these expect for force_backup.
+client_can_delete = 1
+# Set client_can_force_backup to 0 to only allow timed backups.
+client_can_force_backup = 1
+client_can_list = 1
+# Set client_can_restore to 0 if you want restores to only be initialised by
+# the server.
+client_can_restore = 1
+client_can_verify = 1
+# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
+# ratelimit = 1.5
+# Network timeout defaults to 7200 seconds (2 hours).
+network_timeout = 1800
+
+# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
+compression = gzip5
+
+# When the client version does not match the server version, log a warning.
+# Set to 0 to turn it off.
+version_warn = 1
+
+# More configuration files can be read, using syntax like the following
+# (without the leading '# ').
+# . path/to/more/conf
+
+# Location of autoupgrade files to serve to clients. Leave it commented out
+# to not autoupgrade clients.
+# autoupgrade_dir = /etc/burp/autoupgrade/server
+
+# You can have as many 'keep' lines as you like.
+# For example, if running backups daily, setting 7, 4, 6 will keep
+# 7 daily backups, 4 weekly, and 6 four-weekly backups.
+keep = 7
+keep = 4
+keep = 6
+
+# Run as different user/group.
+user = burpui
+group = burpui
+
+# CA options.
+# If you want your server to be a certificate authority and generate its own
+# certificates, uncomment the following lines. If the directory specified in
+# ca_conf does not exist, the server will create, populate it, and the paths
+# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
+# overwritten. See docs/burp_ca.txt for more information.
+ca_conf = /etc/burp/CA.cnf
+ca_name = burpCA
+ca_server_name = burpserver
+ca_burp_ca = /usr/sbin/burp_ca
+
+# Check for revoked certificates in the certificate revocation list.
+# Turn this off if you use the old ssl_extra_checks_script server script.
+ca_crl_check = 1
+
+# SSL certificate authority - same file on both server and client
+ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
+
+# Server SSL certificate
+ssl_cert = /etc/burp/ssl_cert-server.pem
+
+# Server SSL key
+ssl_key = /etc/burp/ssl_cert-server.key
+
+# Server SSL ciphers
+#ssl_ciphers =
+
+# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
+#ssl_compression = zlib5
+
+# SSL key password, for loading a certificate with encryption.
+#ssl_key_password = password
+
+# Server DH file.
+ssl_dhfile = /etc/burp/dhfile.pem
+
+timer_script = /usr/share/burp/scripts/timer_script
+# Ensure that 20 hours elapse between backups
+# Available units:
+# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
+timer_arg = 1h
+timer_arg = Mon,Tue,Wed,Thu,Fri,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21
+timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
+# Allow backups to start in the evenings and nights during weekdays
+# Allow more hours at the weekend.
+# Note that, if you specify no timebands, the default timer script will never
+# allow backups.
+
+# Uncomment the notify_success_* lines for email notifications of backups that
+# succeeded.
+# In the subject line, the following are substituted:
+# %b - "backup"/"restore"/"verify"
+# %c - client name
+# %w - number of warnings, if any
+#notify_success_script = /usr/share/burp/scripts/notify_script
+#notify_success_arg = sendmail -t
+#notify_success_arg = To: youremail@example.com
+#notify_success_arg = From: burp
+#notify_success_arg = Subject: %b succeeded: %c %w
+# Uncomment the following to have success notifications only if there were
+# warnings.
+#notify_success_warnings_only = 1
+# Uncomment the following to have success notifications only if there were
+# new or changed files.
+#notify_success_changes_only = 1
+
+# Uncomment the following for email notifications of backups that failed.
+#notify_failure_script = /usr/share/burp/scripts/notify_script
+#notify_failure_arg = sendmail -t
+#notify_failure_arg = To: youremail@example.com
+#notify_failure_arg = From: burp
+#notify_failure_arg = Subject: %b failed: %c %w
+
+# The server can run scripts on each connection after authentication and before
+# disconnecting.
+#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
+#server_script_pre_arg = /etc/burp/crl
+#server_script_pre_arg = /etc/burp/burp-server.conf
+#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
+# Set server_script_pre_notify to 1 to have notifications on server_script_pre
+# returning non-zero. Most people will want to leave this off - it could
+# result in a lot of emails because clients normally connect once every 20
+# minutes. Requires notify_failure_script to be set above.
+#server_script_pre_notify = 0
+#server_script_post =
+#server_script_post_arg =
+#server_script_post_arg =
+#server_script_post_run_on_fail=0
+# As for server_script_pre_notify, but for post.
+#server_script_post_notify = 0
+
+# Clients that are able to list and restore files belonging to any other
+# client. If this is too permissive, you may set a restore_client for
+# individual original clients in the individual clientconfdir files.
+# restore_client = someclient
+# restore_client = someotherclient
+restore_client = agent
+
+# Whether or not the server process should cache the tree when a monitor client
+# is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
+monitor_browse_cache = 1
+

docker/docker-release/assets/config/burp/burp.conf

@@ -0,0 +1,125 @@
+# This is an example config file for the burp client.
+
+mode = client
+port = 4971
+status_port = 4972
+server = ::1
+password = abcdefgh
+cname = agent
+# Choose the protocol to use.
+# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
+# with a pseudo mirrored storage on the server and optional rsync). 2 forces
+# protocol2 mode (inline deduplication with variable length blocks).
+protocol = 1
+pidfile = /tmp/burp.client.pid
+syslog = 1
+stdout = 0
+progress_counter = 1
+# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
+# ratelimit = 1.5
+# Network timeout defaults to 7200 seconds (2 hours).
+network_timeout = 72000
+# The directory to which autoupgrade files will be downloaded.
+# To never autoupgrade, leave it commented out.
+# autoupgrade_dir=/opt/burp2/etc/autoupgrade/client
+# OS path component for the autoupgrade directory on the server.
+# autoupgrade_os=test_os
+# Wait a random number of seconds between 0 and the given number before
+# contacting the server on a timed backup.
+# randomise = 1200
+
+# Set server_can_restore to 0 if you do not want the server to be able to
+# initiate a restore.
+server_can_restore = 0
+
+# Set an encryption password if you do not trust the server with your data.
+# Note that this will mean that network deltas will not be possible. Each time
+# a file changes, the whole file will be transferred on the next backup.
+# encryption_password = My^$pAsswIrD%@
+
+# More configuration files can be read, using syntax like the following
+# (without the leading '# ').
+# . path/to/more/conf
+
+# Run as different user/group.
+# user=graham
+# group=nogroup
+
+cross_filesystem=/home
+cross_all_filesystems=0
+
+# Uncomment the following lines to automatically generate a certificate signing
+# request and send it to the server.
+ca_burp_ca = /usr/sbin/burp_ca
+ca_csr_dir = /etc/burp/CA-client
+
+# SSL certificate authority - same file on both server and client
+ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
+
+# Client SSL certificate
+ssl_cert = /etc/burp/ssl_cert-client.pem
+
+# Client SSL key
+ssl_key = /etc/burp/ssl_cert-client.key
+
+# Client SSL ciphers
+#ssl_ciphers = 
+
+# Client SSL compression. Default is zlib5. Set to zlib0 to turn it off.
+#ssl_compression = zlib5
+
+# SSL key password
+ssl_key_password = password
+
+# Common name in the certificate that the server gives us
+ssl_peer_cn = burpserver
+
+# Example syntax for pre/post scripts
+#backup_script_pre=/path/to/a/script
+#backup_script_post=/path/to/a/script
+#restore_script_pre=/path/to/a/script
+#restore_script_post=/path/to/a/script
+
+# The following options specify exactly what to backup.
+# The server will override them if there is at least one 'include=' line on
+# the server side.
+include = /etc
+include = /home
+#exclude = /home/graham/testdir/librsync-0.9.7/testsuite
+#include = /home/graham/testdir/librsync-0.9.7/testsuite/deep
+#include = /home/graham/xdir
+#exclude = /home/graham/testdir/libr
+# Exclude file names ending in '.vdi' or '.vmdk' (case insensitive)
+#exclude_ext = vdi
+#exclude_ext = vmd
+# Exlude file path matching a regular expression
+# (note that 'include_regex' is not yet implemented)
+#exclude_regex = \.cache
+# Exclude various temporary file systems. You may want to add devfs, devpts,
+# proc, ramfs, etc.
+exclude_fs = sysfs
+exclude_fs = tmpfs
+# Exclude files based on size. Defaults are 0, which means no limit.
+#min_file_size = 0 Mb
+#max_file_size = 0 Mb
+# The content of directories containing a filesystem entry named like this
+# will not be backed up.
+nobackup = .nobackup
+# By default, burp backups up the fifos themselves, rather than reading from
+# them. These two options let you choose a particular fifo to read, or read
+# from all fifos.
+#read_fifo=/path/to/a/fifo
+#read_all_fifos=0
+# The same for block device nodes.
+#read_blockdev=/path/to/a/blockdev
+#read_all_blockdevs=0
+# Exclude files from compression by extension.
+exclude_comp=bz2
+exclude_comp=gz
+# When backing up, whether to enable O_NOATIME when opening files and
+# directories. The default is atime=0, which enables O_NOATIME.
+#atime=1
+# When enabled, this causes problems in the phase1 scan (such as an 'include'
+# being missing) to be treated as fatal errors. The default is 0.
+#scan_problem_raises_error=1
+

docker/docker-release/assets/config/burp/clientconfdir/agent

@@ -0,0 +1 @@
+password = abcdefgh

docker/docker-release/assets/config/burp/clientconfdir/demo3

@@ -0,0 +1,5 @@
+password = abcdefgh
+
+label = color: #ffcc00
+
+. inc/rules

docker/docker-release/assets/config/burp/clientconfdir/demo4

@@ -0,0 +1,5 @@
+password = abcdefgh
+
+label = color: #9966ff
+
+. inc/rules

docker/docker-release/assets/config/burp/clientconfdir/inc/rules

@@ -0,0 +1,5 @@
+timer_arg = 5m
+timer_arg = Mon,Tue,Wed,Thu,Fri,Sat,Sun,00,01,02,03,04,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+
+keep = 7
+keep = 4

docker/docker-release/assets/config/gunicorn.d/burp-ui

@@ -0,0 +1,11 @@
+CONFIG = {
+    'args': (
+        '--bind=0.0.0.0:5000',
+        '--user=burpui',
+        '--workers=5',
+        '--worker-class=gevent',
+        '--access-logfile=/var/log/gunicorn/burp-ui_access.log',
+        '--error-logfile=/var/log/gunicorn/burp-ui_error.log',
+        'burpui:init(logfile="/var/log/gunicorn/burp-ui_info.log")',
+    ),
+}

docker/docker-release/assets/init

@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+trap appStop SIGINT SIGTERM
+
+appStart () {
+  # start supervisord
+  /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+
+  chown -R burpui: /srv
+
+  echo "Starting crond..."
+  supervisorctl start cron >/dev/null
+
+  echo "Starting burp..."
+  supervisorctl start burp >/dev/null
+
+  echo "Starting redis..."
+  supervisorctl start redis >/dev/null
+
+  echo "Starting gunicorn..."
+  /etc/init.d/gunicorn restart >/dev/null
+
+  # watch the access logs
+  tail -F /var/log/gunicorn/burp-ui_info.log
+}
+
+appStop() {
+  echo ""
+  echo "Stopping gunicorn..."
+  /etc/init.d/gunicorn stop >/dev/null
+  echo "Stopping burp..."
+  supervisorctl stop burp >/dev/null
+  echo "Stopping redis..."
+  supervisorctl stop redis >/dev/null
+  echo "Stopping crond..."
+  supervisorctl stop cron >/dev/null
+  echo "Stopping supervisord..."
+  kill -15 $(cat /var/run/supervisord.pid)
+  exit
+}
+
+appHelp () {
+  echo "Available options:"
+  echo " app:start          - Starts the gitlab server (default)"
+  echo " app:help           - Displays the help"
+  echo " [command]          - Execute the specified linux command eg. bash."
+}
+
+case "$1" in
+  app:start)
+    appStart
+    ;;
+  *)
+    if [ -x $1 ]; then
+      $1
+    else
+      prog=$(which $1)
+      if [ -n "${prog}" ] ; then
+        shift 1
+        $prog $@
+      else
+        appHelp
+      fi
+    fi
+    ;;
+esac
+
+exit 0

docker/docker-release/assets/setup/install

@@ -0,0 +1,114 @@
+#!/bin/bash
+# Build: @build@
+set -e
+
+SETUP_DIR="/app/setup"
+CONFIG_DIR="${SETUP_DIR}/config"
+BURPUI="https://burpui.ziirish.me/builds/burp-ui.dev.tar.gz"
+
+echo "deb http://ziirish.info/repos/debian/jessie zi-latest main" >/etc/apt/sources.list.d/ziirish.list
+wget https://ziirish.info/repos/debian.gpg -O- | apt-key add -
+
+cd
+
+apt-get remove -y python-cffi
+apt-get update
+apt-get install -y libssl-dev burp-server burp-client
+
+# Install burp-ui
+pip install --upgrade pip
+pip install "requests[security]"
+pip install --upgrade cffi
+cd /burp-ui
+python setup.py install
+pip install ujson
+pip install gevent
+pip install redis
+pip install Flask-Session
+
+# Create burp-ui User
+useradd -r -d /var/lib/burpui -c 'Burp-UI daemon user' -u 5337 burpui
+
+mkdir -p /var/log/gunicorn
+chown -R burpui: /var/log/gunicorn
+
+# configure supervisord log rotation
+cat > /etc/logrotate.d/supervisord <<EOF
+/var/log/supervisor/*.log {
+  weekly
+  missingok
+  rotate 52
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+# configure gunicorn log rotation
+cat > /etc/logrotate.d/gunicorn <<EOF
+/var/log/gunicorn/*.log {
+  daily
+  missingok
+  rotate 14
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+# configure supervisord to start crond
+cat > /etc/supervisor/conf.d/cron.conf <<EOF
+[program:cron]
+priority=20
+directory=/tmp
+command=/usr/sbin/cron -f
+user=root
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+# configure supervisord to start redis
+cat >/etc/supervisor/conf.d/redis.conf <<EOF
+[program:redis]
+directory=/tmp
+command=/usr/bin/redis-server /etc/redis/redis.conf
+user=root
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+# configure supervisord to start burp
+cat > /etc/supervisor/conf.d/burp.conf <<EOF
+[program:burp]
+priority=20
+directory=/tmp
+command=/usr/sbin/burp -F -c /etc/burp/burp-server.conf
+user=burpui
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+cp ${CONFIG_DIR}/gunicorn.d/burp-ui /etc/gunicorn.d/burp-ui
+
+mkdir -p /etc/burp
+cp ${CONFIG_DIR}/burp-ui/burpui.cfg /etc/burp/burpui.cfg
+
+cat ${CONFIG_DIR}/burp/burp.conf >/etc/burp/burp.conf
+cat ${CONFIG_DIR}/burp/burp-server.conf >/etc/burp/burp-server.conf
+
+# configure redis
+sed -i "s/^daemonize yes/daemonize no/" /etc/redis/redis.conf
+sed -i "s|^dir /var/lib/redis|dir /srv/redis|" /etc/redis/redis.conf
+
+chown -R burpui: /etc/burp
+
+# cleanup
+rm -rf /var/lib/apt/lists/*