[Bro] Just getting started

Vlad Grigorescu vladg at cmu.edu
Wed Jan 9 12:13:02 PST 2013

On Jan 9, 2013, at 2:42 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:

> --On January 9, 2013 7:28:08 PM +0000 "Castle, Shane" <scastle at bouldercounty.org> wrote:
>> You must use sudo: "sudo broctl check". Followed by rinse, spin (install,
>> restart). ;)
>> Unless you're already root.
> I am.

I actually avoid running bro as root. I create a bro user, and have it run as that instead. Apart from making sure that <PREFIX> has the right permissions, I just need to set the privileges as mentioned in the documentation[1]:

> sudo setcap cap_net_raw,cap_net_admin=eip <PREFIX>/bin/bro

If anyone's interested, I have a very much work-in-progress Puppet module for setting up the Bro directories with the proper permissions.


1 - <http://www.bro-ids.org/bro-workshop-2011/exercises/getting-started/index.html>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/fa639f0b/attachment.bin 

More information about the Bro mailing list