logrhythm/versions

Feedback on LRCTL

Opened this issue · 1 comments

heywoodlh commented

All,

Thank you for making Open Collector, it's a great tool and has made my life much nicer in being able to use LR with Elastic's beats, etc.

I just have a bit of feedback on lrctl and would love to have a bit of a discussion about it. Please let me know if I should move this discussion to the LogRhythm Community vs here on Github -- I just thought it'd make sense to do here since the repository is public and because I could submit a pull request with my changes if desired.

There are a couple things I'd love to see changed in lrctl or just with how OC is deployed:

  • Don't try to connect to the internet and grab the versions file on every single action (i.e. restarting OC) -- only grab the versions file when I want to update OC
  • Don't assume I want OC to always update, add an update flag or something similar so I can update it on my own timeframe
  • Don't make lrctl try to install and configure Docker for me -- put in the docs to install Docker beforehand (this will simplify things in the script)
  • Don't add an unprivileged user to the docker group as part of the Docker installation, that's a dumb idea as that unprivileged user could do all sorts of nefarious things (simple example: docker run -v /etc/shadow:/etc/shadow -it --rm ubuntu cat /etc/shadow) -- assume that lrctl will be used with root privileges
  • Don't assume I have sudo or curl installed, either make me install them beforehand or fail if they aren't in my $PATH
  • Provide documentation on how to run OC with just docker or docker-compose instead of having to use lrctl at all (it's pretty easy to figure out by just reading lrctl's source code anyway) -- this would remove the odd requirement of OC only being supported on CentOS/RHEL despite using a cross-platform container tool like Docker

I'm pretty opinionated on how tools on Unix should be made so please feel free to disregard my feedback but I would love to see these changes made. I would also be happy to submit a pull request with my proposed changes.

heywoodlh commented

For reference, I also submitted a post in LR's community:

LRCTL Feedback