[Bro] Just getting started
mcholste at gmail.com
Wed Jan 9 14:30:50 PST 2013
A Puppet module would be really good. I too run as "bro" and it's
obnoxious because after the beautiful simplicity of "broctl install" to
update code for each node, I then have to do a bash loop to SSH in to each
node and manually setcap, and only then can I perform the "start."
On Wed, Jan 9, 2013 at 2:13 PM, Vlad Grigorescu <vladg at cmu.edu> wrote:
> On Jan 9, 2013, at 2:42 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
> > --On January 9, 2013 7:28:08 PM +0000 "Castle, Shane" <
> scastle at bouldercounty.org> wrote:
> >> You must use sudo: "sudo broctl check". Followed by rinse, spin
> >> restart). ;)
> >> Unless you're already root.
> > I am.
> I actually avoid running bro as root. I create a bro user, and have it run
> as that instead. Apart from making sure that <PREFIX> has the right
> permissions, I just need to set the privileges as mentioned in the
> > sudo setcap cap_net_raw,cap_net_admin=eip <PREFIX>/bin/bro
> If anyone's interested, I have a very much work-in-progress Puppet module
> for setting up the Bro directories with the proper permissions.
> 1 - <
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro