scVENUS / PeekabooAV-Installer

This repository provides scripts and configuration files to install, update and test a Peekaboo installation
GNU General Public License v3.0
7 stars 9 forks source link

Difference between configs files in /opt/peekaboo/ and /opt/peekaboo/etc/ #21

Closed Clevero closed 5 years ago

Clevero commented 5 years ago

Short question: What is the difference between those config directories?

I'm thinking about that /opt/peekaboo/ is the place for the config that is overwritten with every update and /opt/peekaboo/etc/ is the place where we can modify our config that is kept over updates?

michaelweiser commented 5 years ago

/opt/peekaboo is now a virtualenv to separate python dependencies from the system and especially Cuckoo's dependencies. This allows Peekaboo to use more up-to-date and security-fixed versions of its dependencies.

virtualenv introduces a prefix-like path structure with bin, share and lib. It seemed only logical to move peekaboo.conf into etc. Nothing else has changed. Every run of the installer still overwrites it in etc. /opt/peekaboo/peekaboo.conf from a previous installation currenlty remains as a leftover.

I think we could and maybe should:

Is your problem or use-case reflected in these options?

Clevero commented 5 years ago

Thanks for the clarification!

If peekaboo.conf was moved to etc/ I think it should be removed if the new version was installed

I do think that working-out-of-the-box is a great feature, especially to new users. So I would still install the config to /opt/peekaboo/etc/peekaboo.conf and not to /opt/peekaboo/peekaboo.conf.sample

But I do think that it would be good if peekaboo has some option for the admin to have their own config that is persistent across updates. E.g. a /opt/peekaboo/etc/conf.d directory. That way we could update our instances easily and we don't need to migrate our old modifications of the config to the new written. For example when changed ruleset.conf

michaelweiser commented 5 years ago

Addendum: Both peekaboo.conf and ruleset.conf get backed up if different from the new copy so that the admin can restore their changes. To keep adjustments across upgrades I'd like to have an /opt/peekaboo/etc/peekaboo.conf.local or even /opt/peekaboo/etc/peekaboo.d/local.conf implemented in Peekaboo itself. See scVENUS/PeekabooAV#69.