From cbc4e34f655891056bfdf967a7613fdf45a4dada Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Wed, 12 Aug 2020 09:40:18 +0900
Subject: [PATCH] fix: [doc]  Amended CentOS8 install doc. Removed ssdeep, not
 working anymore.

---
 INSTALL/workerstartsh.te | 18 ++++++++++++++++++
 docs/INSTALL.rhel8.md    | 18 +++++++-----------
 2 files changed, 25 insertions(+), 11 deletions(-)
 create mode 100644 INSTALL/workerstartsh.te

diff --git a/INSTALL/workerstartsh.te b/INSTALL/workerstartsh.te
new file mode 100644
index 000000000..2acbf9c1d
--- /dev/null
+++ b/INSTALL/workerstartsh.te
@@ -0,0 +1,18 @@
+module my-startsh 1.0;
+
+require {
+	type httpd_sys_script_exec_t;
+	type init_t;
+	type httpd_sys_rw_content_t;
+	class file { execute execute_no_trans open read };
+}
+
+#============= init_t ==============
+
+#!!!! This avc is allowed in the current policy
+allow init_t httpd_sys_rw_content_t:file execute;
+allow init_t httpd_sys_rw_content_t:file { open read };
+allow init_t httpd_sys_script_exec_t:file execute_no_trans;
+
+#!!!! This avc is allowed in the current policy
+allow init_t httpd_sys_script_exec_t:file { execute open read };
diff --git a/docs/INSTALL.rhel8.md b/docs/INSTALL.rhel8.md
index ddf78d052..216f03e4b 100644
--- a/docs/INSTALL.rhel8.md
+++ b/docs/INSTALL.rhel8.md
@@ -134,7 +134,9 @@ yumInstallCoreDeps () {
                    mariadb-server \
                    python3-devel python3-pip python3-virtualenv \
                    python3-policycoreutils \
-                   libxslt-devel zlib-devel ssdeep-devel -y
+                   policycoreutils-python-utils \
+                   libxslt-devel zlib-devel -y
+  # ssdeep-devel available: dnf install https://extras.getpagespeed.com/release-el8-latest.rpm
   sudo alternatives --set python /usr/bin/python3
 
   # Enable and start redis
@@ -166,14 +168,7 @@ yumInstallCoreDeps () {
 sudo systemctl enable --now php-fpm.service
 ```
 
-```bash
-# <snippet-begin 0_yumInstallHaveged.sh>
-# GPG needs lots of entropy, haveged provides entropy
-# /!\ Only do this if you're not running rngd to provide randomness and your kernel randomness is not sufficient.
-sudo yum install haveged -y
-sudo systemctl enable --now haveged.service
-# <snippet-end 0_yumInstallHaveged.sh>
-```
+TODO: Add a CentOS/RHEL rng thing, à la haveged (not in base anymore) or similar.
 
 ### 3/ MISP code
 ## 3.01/ Download MISP code using git in /var/www/ directory
@@ -269,7 +264,8 @@ installCoreRHEL () {
   echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.6/site-packages/lief.pth
 
   # install magic, pydeep
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
+##$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
+  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic plyara
 
   # install PyMISP
   cd $PATH_TO_MISP/PyMISP
@@ -689,7 +685,7 @@ Make the workers' script executable and reload the systemd units :
 ```bash
 sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
 sudo systemctl daemon-reload
-sudo checkmodule -M -m -o /tmp/workerstartsh.mod $PATH_TO_MISP/INSTALL/worker/startsh.te
+sudo checkmodule -M -m -o /tmp/workerstartsh.mod $PATH_TO_MISP/INSTALL/workerstartsh.te
 sudo semodule_package -o /tmp/workerstartsh.pp -m /tmp/workerstartsh.mod
 sudo semodule -i /tmp/workerstartsh.pp
 ```