[Bro-Dev] New proposal (Re: CBAN naming)

Azoff, Justin S jazoff at illinois.edu
Tue Jun 7 07:32:19 PDT 2016 

> On Jun 6, 2016, at 2:50 PM, Robin Sommer <robin at icir.org> wrote:
> 
> - At install time ("cban install" or whatever) <repo> gets copied into
>  a subdirectory <name> at a global location <install-base> ("cp -rp
>  <repo> <install-base>/<name>"). Uninstallation means removing that
>  installation directory.

One thing to think about is a distinction between installed vs. enabled for scripts and plugins.

A good system that I have used is how debian sets things up for the apache configuration.

When you install the apache package they setup things like mods-available and mods-enabled directories:

root at b28027aa3d70:/# ls -l /etc/apache2/mods-available/|head
total 524
-rw-r--r-- 1 root root  100 Oct 24  2015 access_compat.load
-rw-r--r-- 1 root root  377 Oct 24  2015 actions.conf
-rw-r--r-- 1 root root   66 Oct 24  2015 actions.load
-rw-r--r-- 1 root root  843 Oct 24  2015 alias.conf
-rw-r--r-- 1 root root   62 Oct 24  2015 alias.load

root at b28027aa3d70:/# ls -l /etc/apache2/mods-enabled/|head
total 0
lrwxrwxrwx 1 root root 36 Jun  7 13:46 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root 28 Jun  7 13:46 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 Jun  7 13:46 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 Jun  7 13:46 auth_basic.load -> ../mods-available/auth_basic.load

if I install the libapache2-mod-php5 package I end up with it enabled automatically:

root at b28027aa3d70:/# ls -l /etc/apache2/mods-*/php*
-rw-r--r-- 1 root root 865 Apr 27 11:42 /etc/apache2/mods-available/php5.conf
-rw-r--r-- 1 root root  59 Apr 27 11:42 /etc/apache2/mods-available/php5.load
lrwxrwxrwx 1 root root  27 Jun  7 13:48 /etc/apache2/mods-enabled/php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root  27 Jun  7 13:48 /etc/apache2/mods-enabled/php5.load -> ../mods-available/php5.load

but then can easily disable it without uninstalling it:

root at b28027aa3d70:/# a2dismod php5
Module php5 disabled.
To activate the new configuration, you need to run:
  service apache2 restart
root at b28027aa3d70:/# ls -l /etc/apache2/mods-*/php*
-rw-r--r-- 1 root root 865 Apr 27 11:42 /etc/apache2/mods-available/php5.conf
-rw-r--r-- 1 root root  59 Apr 27 11:42 /etc/apache2/mods-available/php5.load


This is just hooked up in the apache config using

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

They also do this available/enabled setup for standalone conf files and sites(vhost configs)

The nice thing about this system is that the base installation can include standard modules that are present but not enabled by default:

root at b28027aa3d70:/# ls -l /etc/apache2/mods-*/cgi.*
-rw-r--r-- 1 root root 58 Oct 24  2015 /etc/apache2/mods-available/cgi.load
root at b28027aa3d70:/# a2enmod cgi
root at b28027aa3d70:/# ls -l /etc/apache2/mods-*/cgi.*
-rw-r--r-- 1 root root 58 Oct 24  2015 /etc/apache2/mods-available/cgi.load
lrwxrwxrwx 1 root root 26 Jun  7 13:56 /etc/apache2/mods-enabled/cgi.load -> ../mods-available/cgi.load


The directory/symlink thing is just one implementation, automatically editing a special .bro file and adding/removing lines would work too.

So, the way this could work is that '$TOOL install foo' could both 'install' and 'enable' 'foo' and '$TOOL disable foo' could disable it without removing it.



-- 
- Justin Azoff

More information about the bro-dev mailing list