[Bro] File Extraction
jonathon.s.wright at gmail.com
Thu Dec 4 12:45:42 PST 2014
Very interesting Marcus, I'll take a look at the setcap option, thanks!
On Thu, Dec 4, 2014 at 4:05 AM, Marcus LaFerrera <marcus at randomhack.org>
> As for running bro as non-root, I've always created a bro user/group,
> chown'd the bro directory and files to that user and group, and use setcap
> as below.
> setcap cap_net_raw,cap_net_admin=eip /path/to/bro/bin
> Though not privilege dropping, it will still give you the added security
> and peace of mind that you aren't running as root. I've been doing this for
> several years now and never had any issues with it. Albeit, this has always
> been on a linux based server.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro