I’ve been in the industry a while. I learned Unix and Linux administration in the mid to late 90s. I remember the old monolithic configurations, and I’ve seen the overly complex modular configurations for things we have now.
I’m going to show 2 examples below.
This is what a Kismet looks like
Fail2Ban on Debian.
chrisj@village:/etc/fail2ban$ ls -R
action.d fail2ban.conf fail2ban.d filter.d jail.conf jail.d paths-common.conf paths-debian.conf
apf.conf firewallcmd-ipset.conf iptables-ipset-proto6.conf mynetwatchman.conf sendmail-whois-ipmatches.conf
badips.conf firewallcmd-multiport.conf iptables-multiport-log.conf nsupdate.conf sendmail-whois-lines.conf
badips.py firewallcmd-new.conf iptables-multiport.conf osx-afctl.conf sendmail-whois-matches.conf
blocklist_de.conf hostsdeny.conf iptables-new.conf osx-ipfw.conf sendmail-whois.conf
bsd-ipfw.conf ipfilter.conf iptables-xt_recent-echo.conf pf.conf sendmail.conf
cloudflare.conf ipfw.conf iptables.conf route.conf shorewall.conf
complain.conf iptables-allports.conf mail-buffered.conf sendmail-buffered.conf smtp.py
dshield.conf iptables-common.conf mail-whois-lines.conf sendmail-common.conf symbiosis-blacklist-allports.conf
dummy.conf iptables-ipset-proto4.conf mail-whois.conf sendmail-geoip-lines.conf ufw.conf
firewallcmd-allports.conf iptables-ipset-proto6-allports.conf mail.conf sendmail-whois-ipjailmatches.conf xarf-login-attack.conf
3proxy.conf assp.conf drupal-auth.conf kerio.conf pam-generic.conf roundcube-auth.conf sshd.conf
apache-auth.conf asterisk.conf ejabberd-auth.conf lighttpd-auth.conf perdition.conf selinux-common.conf stunnel.conf
apache-badbots.conf botsearch-common.conf exim-common.conf monit.conf php-url-fopen.conf selinux-ssh.conf suhosin.conf
apache-botsearch.conf common.conf exim-spam.conf mysqld-auth.conf portsentry.conf sendmail-auth.conf tine20.conf
apache-common.conf counter-strike.conf exim.conf nagios.conf postfix-rbl.conf sendmail-reject.conf uwimap-auth.conf
apache-fakegooglebot.conf courier-auth.conf freeswitch.conf named-refused.conf postfix-sasl.conf sieve.conf vsftpd.conf
apache-modsecurity.conf courier-smtp.conf groupoffice.conf nginx-botsearch.conf postfix.conf sogo-auth.conf webmin-auth.conf
apache-nohome.conf cyrus-imap.conf gssftpd.conf nginx-http-auth.conf proftpd.conf solid-pop3d.conf wuftpd.conf
apache-noscript.conf directadmin.conf guacamole.conf nsd.conf pure-ftpd.conf squid.conf xinetd-fail.conf
apache-overflows.conf dovecot.conf horde.conf openwebmail.conf qmail.conf squirrelmail.conf
apache-shellshock.conf dropbear.conf ignorecommands oracleims.conf recidive.conf sshd-ddos.conf
As can be seen from the above copy and pastes, Kismet has 2 monolithic files. One for the server, and one for Kismet Drones. The administrator modifies the one that he needs to use. Looking at Fail 2 ban, why do we need so many different files?
I like the thought of having modules to work with, it makes it easier to make changes (I remember the days of the Mono file and compiling it for Sendmail) over the Monolithic file, but I think we have gone too far in to the modular forest. There are too many trees, and it makes finding what needs to be changed hard to do. Even when you find the right file, it’s a pain in the ass to trouble shoot problems.
Most recently I was working with Automater on Kali 2.0. It took several minutes to hunt down the proper location for the script, so I could add my VirusTotal API key. But it doesn’t seem to be working when I call the script. The other problem I had was with using text files with multiple URLs in it.
Now those could be problems with Kali, and how Kali is using a bash script in /usr/bin to call the python script in /usr/share/Automater/ (which I can look in to now that I thought about it)
But back to the main point, there are more files in that directory (the automater python script directory) than are probably really needed. Although I’m sure that some people could make the argument that it should be 1 xml file per lookup site, meaning more config files to deal with.
The point I’m trying to make, is we’ve gone too modular in our configuration files, and it takes a yellow legal pad and lots of notes to figure out what the calls between the configuration files are doing. We’ve traded a single large tree in the field for a redwood forest in some cases and it’s not making maintaining the programs and scripts any easier from a System Admin’s standpoint.