Closed cbrenton-acm closed 3 months ago
william-stearns
commented
3 months ago The instructions for a "single command install of both tools" is in the google doc "docker-zeek 6.2.1 install". If these instructions and the associated script cover what you need, feel free to close this issue.
joswr1ght
commented
3 months ago I was surprised to see that the installer script does a silent apt-get update && apt-get upgrade -q -y, which is a pretty significant change in an automated script. I think the intention for automating an install is nice, but operationally that's a pretty dangerous command to run without explicitly indicating that the installer is going to make drastic system changes.
cbrenton-acm
commented
3 months ago Install has been streamlined to a single command. Doing an apt update/upgrade prior to install is pretty common. We are not updating the OS version which I agree could break things, we are just installing patches for existing tools. If performing an upgrade breaks things, they are hosed anyway as that's the common process for installing patches.
Prior to RITA version 5, RITA required you to download a single install script. When you ran the script, all needed files were downloaded and automatically installed. Further, at the end of the install, you were given the option to install Zeek as well. Besides selecting the interface Zeek should listen on, that process was also automated.
As of version 5, the RITA install is a lot more challenging. Users have to download a tarball, expand it, and run the included install script. Further, there is no option for installing Zeek. The user is given some instructions but left to manually get it running for themselves.
The install process for RITA5 needs to be updated so that the install process is as simple as previous versions.