<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Thanks!</div><div dir="ltr"><br><blockquote type="cite">On Nov 22, 2019, at 9:30 AM, "ericooi@gmail.com" <ericooi@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><meta http-equiv="Content-Type" content="text/html; charset=utf-8">Ok, I updated the articles based on Michal’s feedback. I’m still learning and appreciate the comments. <div class=""><br class=""></div><div class="">I understand the reasoning around packaging everything. That’s a bit beyond me so I’ll have to dig more into that.</div><div class=""><br class=""></div><div class="">The 3 links, well, hey, it’s my blog. Don’t click if you don’t want. :P</div><div class=""><br class=""></div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Nov 21, 2019, at 5:13 PM, Eric Ooi <<a href="mailto:ericooi@gmail.com" class="">ericooi@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250" class="">
<div class="">
<div class="">
<div class="">
<div class="">
<div style="direction: ltr;" class="">Ouch. Can’t please everyone I guess.</div>
</div>
<div class=""><br class="">
</div>
<div class="ms-outlook-ios-signature"></div>
</div>
<div class=""> </div>
<hr style="display:inline-block;width:98%" tabindex="-1" class="">
<div id="divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" class=""><b class="">From:</b> Michał Purzyński <<a href="mailto:michalpurzynski1@gmail.com" class="">michalpurzynski1@gmail.com</a>><br class="">
<b class="">Sent:</b> Thursday, November 21, 2019 5:10 PM<br class="">
<b class="">To:</b> <a href="mailto:ericooi@gmail.com" class="">ericooi@gmail.com</a><br class="">
<b class="">Cc:</b> venkatesh bandari; zeek<br class="">
<b class="">Subject:</b> Re: [Zeek] af_packet
<div class=""> </div>
</font></div>
<meta content="text/html; charset=utf-8" class="">
<div dir="ltr" class="">
<div class="">TBH I see quite a few reasons why plugins and Zeek should not be installed like that article describes.<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">- everything should be packaged. This includes Zeek and all plugins, each as a separate package. Running zkg to install plugin on production will result in building code on the server (and we don't even have compilers there).</div>
<div class="">- the sudo + pip install means you now have python packages installed for the entire OS but outside of the OS control and packaging, making vulnerability management difficult (most likely never detected, forgotten and left there)</div>
<div class="">- looks like zeek user can sudo to root. There's no need for that dangerous capability.<br class="">
</div>
<div class="">- cap_net_admin is not needed and dangerous</div>
<div class="">- assigning any capabilities to zeekctl is not needed and also dangerous</div>
<div class="">- and those 3 affiliation links at the bottom...<br class="">
</div>
</div>
<br class="">
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Nov 21, 2019 at 7:46 AM <a href="mailto:ericooi@gmail.com" class="">
ericooi@gmail.com</a> <<a href="mailto:ericooi@gmail.com" class="">ericooi@gmail.com</a>> wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div style="" class="">Any particular reason you don’t want to use the package manager? It’s designed to simplify the process.
<div class=""><br class="">
</div>
<div class="">I wrote a how-to guide for installation on CentOS 8 that covers using the package manager: <a href="https://www.ericooi.com/zeekurity-zen-part-ii-zeek-package-manager/" target="_blank" class="">https://www.ericooi.com/zeekurity-zen-part-ii-zeek-package-manager/</a><br class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">On Nov 21, 2019, at 9:25 AM, venkatesh bandari <<a href="mailto:austin522@gmail.com" target="_blank" class="">austin522@gmail.com</a>> wrote:</div>
<br class="">
<div class="">
<div dir="ltr" class="">Hello Team,<br class="">
<div class=""><br class="">
</div>
<div class="">Iam trying to install af_packet and i see we can only install using package manager.</div>
<div class=""><br class="">
</div>
<div class="">could you please help to answer if there is a alternative way to install af_packet</div>
<div class=""><br class="">
</div>
<div class="">Thanks</div>
<div class="">Venkatesh</div>
</div>
_______________________________________________<br class="">
Zeek mailing list<br class="">
<a href="mailto:zeek@zeek.org" target="_blank" class="">zeek@zeek.org</a><br class="">
<a href="http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek" target="_blank" class="">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a></div>
</blockquote>
</div>
<br class="">
</div>
</div>
_______________________________________________<br class="">
Zeek mailing list<br class="">
<a href="mailto:zeek@zeek.org" target="_blank" class="">zeek@zeek.org</a><br class="">
<a href="http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek" rel="noreferrer" target="_blank" class="">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a></blockquote>
</div>
</div>
</div>
</div></blockquote></div><br class=""></div></div></blockquote></body></html>