use new burp default config

docker/components/docker-burp/assets/config/CA-2.1.cnf

@@ -0,0 +1,33 @@
+# simple config for burp_ca
+
+RANDFILE                = /dev/urandom
+CA_DIR                  = /var/lib/burp/CA
+
+
+[ ca ]
+dir                     = $ENV::CA_DIR
+database                = $dir/index.txt
+serial                  = $dir/serial.txt
+certs                   = $dir/certs
+new_certs_dir           = $dir/newcerts
+crlnumber               = $dir/crlnumber.txt
+
+unique_subject          = no
+
+default_md              = sha256
+default_days            = 7300
+default_crl_days        = 7300
+
+#????
+name_opt                = ca_default
+cert_opt                = ca_default
+
+x509_extensions         = usr_cert
+copy_extensions         = copy
+policy                  = policy_anything
+
+[ usr_cert ]
+basicConstraints        = CA:FALSE
+
+[ policy_anything ]
+commonName              = supplied

docker/components/docker-burp/assets/config/burp-server.conf

@@ -0,0 +1,178 @@
+# This is an example config file for the burp server.
+                                                                    
+mode = server                                                            
+                                                               
+# The default addresses to listen on depend upon compile time options.
+# They may be overridden here.
+# The port and address options have been removed in 2.2.10
+# You must use listen instead
+listen = 0.0.0.0:4971
+max_children = 5
+listen = 0.0.0.0:5971
+max_children = 5
+
+# Think carefully before changing the status port address, as it can be used
+# to view the contents of backups.
+# If you do not wish to run a status server at all, comment listen_status out.
+# The status_port and status_address options have been removed in 2.2.10
+# You must use listen_status instead
+listen_status = 0.0.0.0:4972
+max_status_children = 10
+
+directory = /var/spool/burp
+dedup_group = global
+clientconfdir = /etc/burp/clientconfdir
+# Choose the protocol to use.
+# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
+# with a pseudo mirrored storage on the server and optional rsync). 2 forces
+# protocol2 mode (inline deduplication with variable length blocks).
+# Like many other settings, this can be set per client in the clientconfdir
+# files.
+# protocol = 0
+pidfile = /run/burp/burp.server.pid
+hardlinked_archive = 0
+working_dir_recovery_method = delete
+umask = 0022
+syslog = 1
+stdout = 0
+# The following options can restrict what the client can do.
+# Restore clients can override all of these expect for force_backup.
+client_can_delete = 1
+# Set client_can_force_backup to 0 to only allow timed backups.
+client_can_force_backup = 1
+client_can_list = 1
+# Set client_can_restore to 0 if you want restores to only be initialised by
+# the server.
+client_can_restore = 1
+client_can_verify = 1
+# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
+# ratelimit = 1.5
+# Network timeout defaults to 7200 seconds (2 hours).
+# network_timeout = 7200
+
+# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
+#compression = zlib9
+
+# When the client version does not match the server version, log a warning.
+# Set to 0 to turn it off.
+version_warn = 1
+
+# More configuration files can be read, using syntax like the following
+# (without the leading '# ').
+# . path/to/more/conf
+# Location of autoupgrade files to serve to clients. Leave it commented out
+# to not autoupgrade clients.
+# autoupgrade_dir = /etc/burp/autoupgrade/server
+
+# You can have as many 'keep' lines as you like.
+# For example, if running backups daily, setting 7, 4, 6 will keep
+# 7 daily backups, 4 weekly, and 6 four-weekly backups.
+keep = 7
+# keep = 4
+# keep = 6
+
+# Run as different user/group.
+# user = burp
+# group = backup
+
+# CA options.
+# If you want your server to be a certificate authority and generate its own
+# certificates, uncomment the following lines. If the directory specified in
+# ca_conf does not exist, the server will create, populate it, and the paths
+# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
+# overwritten. See docs/burp_ca.txt for more information.
+ca_conf = /etc/burp/CA-2.1.cnf
+ca_name = burpCA
+ca_server_name = burpserver
+ca_burp_ca = /usr/sbin/burp_ca
+
+# Check for revoked certificates in the certificate revocation list.
+# Turn this off if you use the old ssl_extra_checks_script server script.
+ca_crl_check = 1
+
+# SSL certificate authority - same file on both server and client
+ssl_cert_ca = /var/lib/burp/ssl/server/ssl_cert_ca.pem
+
+# Server SSL certificate
+ssl_cert = /var/lib/burp/ssl/server/ssl_cert-server.pem
+
+# Server SSL key
+ssl_key = /var/lib/burp/ssl/server/ssl_cert-server.key
+
+# Server SSL ciphers
+#ssl_ciphers =
+
+# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
+#ssl_compression = zlib5
+
+# SSL key password, for loading a certificate with encryption.
+#ssl_key_password = password
+
+# Server DH file.
+ssl_dhfile = /var/lib/burp/ssl/server/dhfile.pem
+
+# The default timer_script treats the first timer_arg as the minimum interval
+#timer_script = /usr/share/burp/scripts/timer_script
+# Ensure that 20 hours elapse between backups
+# Available units:
+# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
+timer_arg = 20h
+# Allow backups to start in the evenings and nights during weekdays
+timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
+# Allow more hours at the weekend.
+timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
+# Note that, if you specify no timebands, the default timer script will never
+# allow backups.
+
+# Uncomment the notify_success_* lines for email notifications of backups that
+# succeeded.
+# In the subject line, the following are substituted:
+# %b - "backup"/"restore"/"verify"
+# %c - client name
+# %w - number of warnings, if any
+#notify_success_script = /usr/share/burp/scripts/notify_script
+#notify_success_arg = sendmail -t
+#notify_success_arg = To: youremail@example.com
+#notify_success_arg = From: burp
+#notify_success_arg = Subject: %b succeeded: %c %w
+# Uncomment the following to have success notifications only if there were
+# warnings.
+#notify_success_warnings_only = 1
+# Uncomment the following to have success notifications only if there were
+# new or changed files.
+#notify_success_changes_only = 1
+
+# Uncomment the following for email notifications of backups that failed.
+#notify_failure_script = /usr/share/burp/scripts/notify_script
+#notify_failure_arg = sendmail -t
+#notify_failure_arg = To: youremail@example.com
+#notify_failure_arg = From: burp
+#notify_failure_arg = Subject: %b failed: %c %w
+
+# The server can run scripts on each connection after authentication and before
+# disconnecting.
+#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
+#server_script_pre_arg = /etc/burp/crl
+#server_script_pre_arg = /etc/burp/burp-server.conf
+#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
+# Set server_script_pre_notify to 1 to have notifications on server_script_pre
+# returning non-zero. Most people will want to leave this off - it could
+# result in a lot of emails because clients normally connect once every 20
+# minutes. Requires notify_failure_script to be set above.
+#server_script_pre_notify = 0
+#server_script_post =
+#server_script_post_arg =
+#server_script_post_arg =
+#server_script_post_run_on_fail=0
+# As for server_script_pre_notify, but for post.
+#server_script_post_notify = 0
+
+# Clients that are able to list and restore files belonging to any other
+# client. If this is too permissive, you may set a restore_client for
+# individual original clients in the individual clientconfdir files.
+# restore_client = someclient
+# restore_client = someotherclient
+
+# Whether or not the server process should cache the tree when a monitor client
+# is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
+#monitor_browse_cache = 1

docker/components/docker-burp/assets/init

@@ -33,7 +33,7 @@ appStart () {
   supervisorctl start burp-server >/dev/null
 
   echo "Checking burp-server status..."
-  sleep 3
+  sleep 5
   if ! supervisorctl status burp-server | awk '{print $2}' | grep -q RUNNING; then
     echo "There seem to be a problem with your burp-server setup. Trying to fix it..."
     if [ $(ls /etc/burp/ | grep -vE "^(burpui|bui.*).cfg$" | wc -l) != 0 ]; then

docker/components/docker-burp/assets/setup/install

@@ -50,13 +50,8 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 EOF
 
-# add a dedicated listen port for burp-ui restorations
+cp $CONFIG_DIR/burp-server.conf /etc/burp/burp-server.conf
-cat >>/etc/burp/burp-server.conf<<EOF
+cp $CONFIG_DIR/CA-2.1.cnf /etc/burp/CA-2.1.cnf
-listen = 0.0.0.0:5971
-max_children = 5
-listen_status = 0.0.0.0:4972
-max_status_children = 10
-EOF
 
 # the following file is checked by the burp-ui image
 touch /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown