mirror of https://github.com/MISP/misp-book
chg: [appendix] Added sam-bot from https://github.com/IRATEAU/sam-bot (#164)
chg: [appendix] Added sam-bot from https://github.com/IRATEAU/sam-botpull/165/head
commit
ffa6d442eb
|
@ -292,6 +292,7 @@ This section lists some projects we know of but not officially support and rely
|
||||||
| [MispSharp](https://github.com/DBHeise/MispSharp) | C# Library for MISP | Not tested by MISP core team |
|
| [MispSharp](https://github.com/DBHeise/MispSharp) | C# Library for MISP | Not tested by MISP core team |
|
||||||
| [misp_btc](https://github.com/rommelfs/misp_btc) | get BTC addresses from MISP and fetch BTC transactions | Tested by MISP core team |
|
| [misp_btc](https://github.com/rommelfs/misp_btc) | get BTC addresses from MISP and fetch BTC transactions | Tested by MISP core team |
|
||||||
| [Privacy Aware Sharing of IoCs in MISP](https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis) | [Master Thesis](https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis/blob/master/report/report.pdf) including MISP data. | Master thesis |
|
| [Privacy Aware Sharing of IoCs in MISP](https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis) | [Master Thesis](https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis/blob/master/report/report.pdf) including MISP data. | Master thesis |
|
||||||
|
| [sam-bot ](https://github.com/IRATEAU/sam-bot) | Bot to create MISP events from data in Slack | Not tested by MISP core team |
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
| []() | | Not tested by MISP core team |
|
| []() | | Not tested by MISP core team |
|
||||||
|
|
|
@ -78,7 +78,7 @@ sudo ausearch -c 'php-fpm' --message AVC
|
||||||
sudo ausearch --message AVC
|
sudo ausearch --message AVC
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Redis Connection problems
|
### Redis Connection problems
|
||||||
|
|
||||||
If you have the following in **error.log**
|
If you have the following in **error.log**
|
||||||
|
|
||||||
|
@ -109,6 +109,42 @@ sudo systemctl restart rh-php72-php-fpm.service
|
||||||
sudo systemctl restart httpd.service
|
sudo systemctl restart httpd.service
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## RHEL/CentOS SELinux debug
|
||||||
|
|
||||||
|
More often than not there might be issues with SELinux when not configured correctly. The below will give you pointers where to look and how to figure out what is wrong.
|
||||||
|
|
||||||
|
You can investigate SELinux issues without any tools by opening the audit log it generates. This log is found at /var/log/audit/audit.log. However, unless you know exactly what to look for and have a lot of free time, you’re going to find it difficult making sense of the log.
|
||||||
|
|
||||||
|
Install some handy tools:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Note: This will pull in some X tools, you have been warned
|
||||||
|
sudo yum install setroubleshoot setools
|
||||||
|
```
|
||||||
|
|
||||||
|
We now have a tool called sealert that analyzes the audit log used by SELinux. Sealert will scan the log file and will then generate a report containing all discovered SELinux issues.
|
||||||
|
In this overview of what went wrong you will see suggestions on how to fix them after the issue detected.
|
||||||
|
|
||||||
|
To run sealert from the command-line, we need to point it to the SELinux audit log.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo sealert -a /var/log/audit/audit.log
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Clearing the audit logs
|
||||||
|
|
||||||
|
It is not recommended to clear the audit logs as they might contain information needed in the future for troubleshooting or security investigations. However, if that is not the case, just empty the audit log:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# > /var/log/audit/audit.log
|
||||||
|
```
|
||||||
|
|
||||||
|
[Partial source](https://www.serverlab.ca/tutorials/linux/administration-linux/troubleshooting-selinux-centos-red-hat/)
|
||||||
|
|
||||||
|
[StackExchange](https://unix.stackexchange.com/questions/337704/selinux-is-preventing-nginx-from-writing-via-php-fpm)
|
||||||
|
|
||||||
|
[Gentoo Wiki](https://wiki.gentoo.org/wiki/SELinux/Logging#Clearing_the_audit_logs)
|
||||||
|
|
||||||
## When to update MISP?
|
## When to update MISP?
|
||||||
|
|
||||||
One question might be how often to update MISP.
|
One question might be how often to update MISP.
|
||||||
|
|
Loading…
Reference in New Issue