[ossec-dev] Re: 2 PERL ! 2 PERL

[gentuxx <gentuxx@xxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Meir Michanie wrote:
> I would like to open a dialog about the subject brought by gentuxx
> 
> I love PERL, but ... a month ago PERL was not requiered to run OSSEC.

AFAIK, it's still not.  The config2xml tool (and the oncoming
xml2config) is for the "lay-user" who would rather look at a traditional
style config.  It is separate from the mainstream development of ossec,
and is in no way meant to divert the direction of the overall tool.
It's like the little dog in the cartoons running circles around the big
bulldog yelping "What are we going to do today, Butch?"

> As more contribution gets in more dependencies are brought.
> What is someone writes a beatiful piece of code in python, what should
> we do?
> 

Put it in the contrib directory and leave users to their own devices.
It just so happens that python is *necessary* for gentoo linux users,
because gentoo's package distribution method (Portage) is written in
python.  Obviously, other distros have their own means.  And Windows is
an entirely different animal.

> 
> PERL and libraries
> I avoid using libraries whenever I code PERL to be run in any computer
> where I may be unable to run CPAN or do system wide deployment.
> This is may sound as re-inventing the wheel. Sometimes I prefer to
> reinvent a wheel that to buy a whole car or parking lot when all that I
> need is a wheel.

I have run into this problem many times, writing perl code for systems
where I don't know what extra modules might be installed, or even what
version of perl they might be running (if they are running perl at all).
 There are times that the wheel must be reinvented.  However, I believe
perl is so ubiquitous (especially on *nix systems) that including perl
shouldn't be an issue (for *nix).  Again, leave it in the contrib
directory, and leave users to their own devices.

On a more specific note, the only module I used in config2xml was
Getopt::Std, which has been included in the base perl package since *at
least* perl v5.6, and likely long before.  "Cleaner" code might include
the "require 5.006;" statement, which would exit if an earlier perl
version was being used.  I supposed it could be rewritten in shell, but
for pure Borne compatibility, it would be an *ugly* script - ignoring
the fact that it would require non-shell binaries that aren't guaranteed
to exist, or be the right version, on the target system.

> 
> I Like the plan2xml. Plain text is for humans and XML is for computer
> code. I see a place for text to XML as a UI but I think it is more
> natural XML when the one reading it is a program.

I agree.  But, how do you address the problem when text has to be read
by both (humans and programs)?

> 
> XML is more interoperatible
> When later on we would like to make other tools. They would have a
> better way to interact with XML than start learning the whole syntax
> logic of a plain text.
> 
> ArcSight for example loads nmap outputs and nessus outpout in XML, even
> do nmap has csv ,...
> 
> Shout back.
> 

I definitely see the value in using XML.  And, as you point out, XML is
becoming more mainstream.  As was recently made aware to me, it's
ability to organize and store complex data cannot be matched by plain
text configs.  And, by name, its extensibility allows for more complex
data structures as ossec matures.  I don't think that one, vocal
newcomer to ossec should change the direction of ossec's development, I
just wrote the tool to satisfy the "niche market".

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE7JN+TPA54hjTSp4RAn3DAJ9oqDHiNxK9Wj0YXB1Q7q4t02IY4wCg7YKz
Ypoh9H/fpQSs/j4eonbHfBE=
=uXeb
-----END PGP SIGNATURE-----