Merge branch 'faq' of github.com:SteveClement/misp-book into faq

pull/179/head
Steve Clement 2019-12-18 11:31:37 +09:00
commit e7ca65ef97
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
1 changed files with 62 additions and 0 deletions

View File

@ -156,6 +156,68 @@ This means that the main repository has an update available.
If you want to play it safer or want to integrate it in your Weekly/Bi-Monthly update routine you can track our [Changelog](https://www.misp-project.org/Changelog.txt) a more up to date version is available [here](https://misp.github.io/MISP/Changelog/)
Further on we do regular tagged releases. (Approximately once per month.)
The releases happen either if a milestone has been hit for a certain feature/improvement/fix or for any security related matters.
Thus you have the choice of either tracking 2.4 which is on a rolling release schedule, or track the tagged releases.
### How to switch from tagged releases and back?
This can be achieved with the following git commands:
```bash
$ cd /var/www/MISP # aka. $PATH_TO_MISP
$ sudo -H -u www-data git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
## OS Upgrades
In theory all should "just work"(tm), but in practice the following dependencies might make your install unstable and need a little though before just doing the updates.
* php/pear
* python
* apache
* init scheme/scripts
* mariadb/mysql
* redis
* git
### PHP
This is probably the most likely one that might get you into trouble.
The following happened on a Debian Testing lately. During the upgrade php got upgraded to php-7.3 and seemingly some php-7.2 dependencies were deinstalled and the system now had 2 concurrent versions of php installed.
The fix was to remove any *libapache2-mod-php7.2* packages and make sure that *apt remove libapache2-mod-php7.3* was installed. Most certainly you need to add symbolic links to */etc/apache2/mods-enabled* to make php7.3 work.
Then double check if all the php dependencies are install, refer to the install documents.
The same for pear, where we mostly use 2 (bundled) packages: Console Command Line, Crypt GPG.
If you upgrade from a very old and out of date version of MISP this might raise issues.
php.ini might also become problematic if you just erase the recommended defaults.
### Python3
If you use python2 for MISP, please read the install docs about MISP being Python 3 only.
Currently Python3.6 is minimum. It is known working on 3.7 with some minor difficulties (see PyMISP issues).
The biggest issue is certainly with PyMISP doig unexpected things when python might be updated.
Using a virtualenv, whilst not always ideal for all setups, will at least make sure that problems are contained a little more.
### Apache
Mostly config issues might be a show stopper. And major version updates where some underlying config might need to be changed.
### init/systemd
MISP launches a couple of things on boot. Changing what handles boot behavious might have an impact.
### MariaDB/MySQL/redis
Similar to apache, most importantly always take good care that the DB engine is not all of a sudden changed without you noticing it.
From minor to major updates, rarely things might need to be adapted.
### git
Currently (as of v2.4.108) the git-cli command is used in MISP core. In very rare cases where the expected output changes, this might be an issue.
Included here more as an FYI then anything else.
## Hardening
### How do I harden my MISP instance?