Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move to Ubuntu 14.04 #814

Closed
dougburks opened this issue Sep 17, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@petiepooo

This comment has been minimized.

Copy link

commented Oct 2, 2015

Is this a good forum to discuss some ideas that could be implemented as part of the BDR2?

Ubuntu 12.04 and 14.04 both use upstart to manage startup and shutdown dependencies. I'd long disliked the need for soup as a wrapper for apt-get to handle these dependencies. If one were to convert the apache2 and mysql SysVinit scripts with Upstart scripts instead, and use Upstart for managing all of the NSM components currently managed by the nsm-now scripts, then one could ensure apache2, barnyard2, and sguild were shutdown before mysql was, avoiding the need for that portion of soup. Similarly, if the pfring module were loaded via upstart, one could rely on upstart for shutting down snort-alert (or suricata) and bro as needed too. For details, see http://upstart.ubuntu.com/cookbook/#stop-before-depended-upon-service

I also have dreams of using dpkg-reconfigure instead of sosetup, but that's a whole different ball of wax...

I expect 16.04 to use systemd rather than upstart, but many of the same principals apply, and anything developed for 14.04 to this end should be easily transferred.

@dougburks

This comment has been minimized.

Copy link
Contributor Author

commented Oct 2, 2015

Hi petiepooo,

I think the last time we talked about this we ended up fixing the PF_RING issue and so the only special case remaining is MySQL updates. I'm thinking we might be able to solve that with a dpkg trigger, but haven't done much research yet. Fixing the MySQL case is certainly a whole lot easier and less error-prone than converting all NSM scripts to Upstart.

My overall goal for BDR2 is to change as little as possible so that we can move as quickly as possible and hopefully make the migration as smooth as possible.

@petiepooo

This comment has been minimized.

Copy link

commented Oct 2, 2015

Hi Doug,

Yes, PF_RING now behaves much better during upgrades. However, I don't believe an upgrade of PF_RING would replace the loaded module without first shutting down the apps that use it, and soup doesn't account for that, meaning a reboot would be required if the user didn't manually stop apps that used it first.

A dpkg trigger may take care of that as well as MySQL dependencies, for any SecurityOnion packages that use it. If any other apps are installed that also use MySQL, they would be out of luck. A generalized solution would give more flexibility for a user adding other apps to a sensor, as I have done.

All that said, there's nothing tying these ideas to the BDR2. They could be developed and rolled out separately on either 12.04 or 14.04. When I get some free time... I wish there were more of it in the day. :)

I concur; keep BDR2 simple and quick.

@dougburks

This comment has been minimized.

Copy link
Contributor Author

commented Jan 20, 2016

@dougburks dougburks closed this Jan 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.