[Bro] BRO, BPF and FreeBSD 5.4
jwebster at es.net
Thu Oct 20 13:25:12 PDT 2005
I use the following script in /usr/local/etc/rc.d to setup bpf,
since I couldn't seem to get /etc/devfs.conf to work correctly.
You'll need to add the bro user to the bpf group.
# name: 0devfs.sh so it runs before bro
case "$1" in
devfs ruleset 10
devfs rule add path "bpf*" mode 660 group bpf
devfs rule applyset
--On Thursday, October 20, 2005 15:36:12 -0400 Mike Weaver <weaver at er.doe.gov> wrote:
> Hi All,
> I didn't see this issue addressed on the list before, but my apologies
> if I missed something. I relatively new to FreeBSD, but not to
> UN*X/Linux in general. I realize that BRO is developed on FreeBSD 4.x
> and not 'officially' supported on other versions, but due to security
> etc... I'd like to run it on the latest STABLE version (5.4).
> As you are probably aware, FreeBSD 5.x uses devfs and there is no
> longer a MAKEDEV command. I have BPF support enabled in my kernel
> config file, but no BPF devices exist. Bro_config detects this and
> offers to create them for me, but uses the MAKEDEV script.
> I've scoured Google, newsgroups, forums and the official FreeBSD
> documents, but can't seem to find how to manually create the BPF
> devices. I assume that this is pretty trivial, but I don't see what
> I'm missing. I also assume that Vern is intimately familiar with BPF
> from his association with LBL and his impressive portfolio of tools
> and projects. Any assistance would be appreciated!
> Mike Weaver
> US Department of Energy
> Germantown Building
> Voice: 301-903-0072
> Fax: 301-528-7774
> Email: weaver at mics.doe.gov
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20051020/e48f5272/attachment.bin
More information about the Bro