Merge pull request #6187 from SteveClement/guides

INSTALL/workerstartsh.te

@@ -0,0 +1,18 @@
+module my-startsh 1.0;
+
+require {
+	type httpd_sys_script_exec_t;
+	type init_t;
+	type httpd_sys_rw_content_t;
+	class file { execute execute_no_trans open read };
+}
+
+#============= init_t ==============
+
+#!!!! This avc is allowed in the current policy
+allow init_t httpd_sys_rw_content_t:file execute;
+allow init_t httpd_sys_rw_content_t:file { open read };
+allow init_t httpd_sys_script_exec_t:file execute_no_trans;
+
+#!!!! This avc is allowed in the current policy
+allow init_t httpd_sys_script_exec_t:file { execute open read };

docs/INSTALL.rhel7.md

@@ -169,6 +169,7 @@ yumInstallCoreDeps () {
                    rh-php72-php-xml \
                    rh-php72-php-bcmath \
                    rh-php72-php-opcache \
+                   rh-php72-php-zip \
                    rh-php72-php-gd -y
 
   # Python 3.6 is now available in RHEL 7.7 base

docs/INSTALL.rhel8.md

@@ -134,7 +134,9 @@ yumInstallCoreDeps () {
                    mariadb-server \
                    python3-devel python3-pip python3-virtualenv \
                    python3-policycoreutils \
-                   libxslt-devel zlib-devel ssdeep-devel -y
+                   policycoreutils-python-utils \
+                   libxslt-devel zlib-devel -y
+  # ssdeep-devel available: dnf install https://extras.getpagespeed.com/release-el8-latest.rpm
   sudo alternatives --set python /usr/bin/python3
 
   # Enable and start redis
@@ -148,6 +150,7 @@ yumInstallCoreDeps () {
        php-bcmath \
        php-opcache \
        php-json \
+       php-zip \
        php-gd -y
 }
 # <snippet-end 0_yumInstallCoreDeps.sh>
@@ -165,14 +168,7 @@ yumInstallCoreDeps () {
 sudo systemctl enable --now php-fpm.service
 ```
 
-```bash
-# <snippet-begin 0_yumInstallHaveged.sh>
-# GPG needs lots of entropy, haveged provides entropy
-# /!\ Only do this if you're not running rngd to provide randomness and your kernel randomness is not sufficient.
-sudo yum install haveged -y
-sudo systemctl enable --now haveged.service
-# <snippet-end 0_yumInstallHaveged.sh>
-```
+TODO: Add a CentOS/RHEL rng thing, à la haveged (not in base anymore) or similar.
 
 ### 3/ MISP code
 ## 3.01/ Download MISP code using git in /var/www/ directory
@@ -268,7 +264,8 @@ installCoreRHEL () {
   echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.6/site-packages/lief.pth
 
   # install magic, pydeep
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
+##$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
+  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic plyara
 
   # install PyMISP
   cd $PATH_TO_MISP/PyMISP
@@ -688,7 +685,7 @@ Make the workers' script executable and reload the systemd units :
 ```bash
 sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
 sudo systemctl daemon-reload
-sudo checkmodule -M -m -o /tmp/workerstartsh.mod $PATH_TO_MISP/INSTALL/worker/startsh.te
+sudo checkmodule -M -m -o /tmp/workerstartsh.mod $PATH_TO_MISP/INSTALL/workerstartsh.te
 sudo semodule_package -o /tmp/workerstartsh.pp -m /tmp/workerstartsh.mod
 sudo semodule -i /tmp/workerstartsh.pp
 ```

docs/INSTALL.ubuntu1804.md

@@ -114,7 +114,7 @@ installDepsPhp72 () {
   libapache2-mod-php \
   php php-cli \
   php-dev \
-  php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring \
+  php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \
   php-redis php-gnupg \
   php-gd
 

docs/INSTALL.ubuntu2004.md

@@ -114,7 +114,7 @@ installDepsPhp74 () {
   libapache2-mod-php \
   php php-cli \
   php-dev \
-  php-json php-xml php-mysql php-opcache php-readline php-mbstring \
+  php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \
   php-redis php-gnupg \
   php-gd
 

docs/generic/supportFunctions.md

@@ -648,7 +648,7 @@ installDepsPhp70 () {
   libapache2-mod-php \
   php php-cli \
   php-dev \
-  php-json php-xml php-mysql php-opcache php-readline php-mbstring \
+  php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \
   php-redis php-gnupg \
   php-gd
 

docs/xINSTALL.OpenBSD.md

@@ -253,7 +253,7 @@ doas pkg_add -v fcgi-cgi fcgi
     If on OpenBSD 6.3, upgrade to 6.7 to make your life much easier.
 
 ```
-doas pkg_add -v php-mysqli--%7.4 php-pcntl--%7.4 php-pdo_mysql--%7.4 php-apache--%7.4 pecl74-redis php-gd--%7.4
+doas pkg_add -v php-mysqli--%7.4 php-pcntl--%7.4 php-pdo_mysql--%7.4 php-apache--%7.4 pecl74-redis php-gd--%7.4 php-zip--%7.4
 ```
 
 #### /etc/php-7.4.ini 

docs/xINSTALL.centos6.md

@@ -97,7 +97,7 @@ sudo yum install gcc git zip \
        libxslt-devel zlib-devel ssdeep-devel -y
 
 # Install PHP 7.0 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php70/
-sudo yum install rh-php70 rh-php70-php-fpm rh-php70-php-devel rh-php70-php-mysqlnd rh-php70-php-mbstring rh-php70-php-xml rh-php70-php-bcmath rh-php70-php-gd
+sudo yum install rh-php70 rh-php70-php-fpm rh-php70-php-devel rh-php70-php-mysqlnd rh-php70-php-mbstring rh-php70-php-xml rh-php70-php-bcmath rh-php70-php-gd rh-php70-php-zip
 
 # Install Python 3.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
 sudo yum install rh-python36 -y

docs/xINSTALL.centos7.md

@@ -93,7 +93,7 @@ sudo yum install gcc git zip \
        libxslt-devel zlib-devel ssdeep-devel -y
 
 # Install PHP 7.2 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php72/
-sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd -y
+sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd rh-php72-php-zip -y
 
 # Python 3.6 in now available in CentOS 7.7 base
 sudo yum install python3 python3-devel -y

docs/xINSTALL.debian10.md

@@ -66,7 +66,7 @@ python3-setuptools python3-dev python3-pip python3-redis python3-zmq virtualenv
 mariadb-client \
 mariadb-server \
 apache2 apache2-doc apache2-utils \
-libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg php-gd \
+libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg php-gd php-zip \
 libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
 jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \
 libxml2-dev libxslt1-dev zlib1g-dev -y

docs/xINSTALL.debian9.md

@@ -91,7 +91,7 @@ jq ntp ntpdate imagemagick tesseract-ocr \
 libxml2-dev libxslt1-dev zlib1g-dev \
 net-tools -qqy
 
-sudo apt install libapache2-mod-php php php-cli php-mbstring php-dev php-json php-xml php-mysql php7.0-opcache php-readline php-redis php-gnupg php-gd -qqy
+sudo apt install libapache2-mod-php php php-cli php-mbstring php-dev php-json php-xml php-mysql php7.0-opcache php-readline php-redis php-gnupg php-gd php-zip -qqy
 
 sudo apt install \
 mariadb-client \

docs/xINSTALL.ubuntu1804.with.webmin.md

@@ -141,7 +141,7 @@ Also make sure the variable ${VIRT_USER} is set to the user you created when you
 
 #### Install PHP and dependencies
 ```bash
-sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring php-gd -y
+sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring php-gd php-zip -y
 ```
 
 # Apply all changes