[Bro] Likely bug in broctl

James Lay jlay at slave-tothe-box.net
Sat Apr 15 04:12:02 PDT 2017


On Fri, 2017-04-14 at 23:48 -0500, Daniel Thayer wrote:
> If you upgrade to the newest release of Bro, then
> the error message is more user-friendly.
> 
> The error is due to the fact that broctl needs to
> write to the "spool" and "logs" directories.
> This is explained in the broctl documentation:
> https://www.bro.org/sphinx/components/broctl/README.html#using-brocon
> trol-as-an-unprivileged-user
> 
> 
And as for /usr/local/bro/bin, add that to your secure_path= line in
/etc/sudoers file.
James 
> On 4/14/17 11:17 PM, LinuxBSDos.com wrote:
> 
> > 
> > Hello:
> > 
> > On an Ubuntu 16.04 server, I have Bro executables in /usr/local/bro/bin,
> > which is in the PATH of all users on the system.
> > 
> > As root, I can invoke all the commands by just specifying the relative
> > paths. As a standard user, I can do the same for the commands except
> > broctl. If I type, for example, "broctl --h", it returns the following
> > error messages:
> > 
> > <error>
> > Traceback (most recent call last):
> >    File "/usr/local/bro/bin/broctl", line 830, in <module>
> >      sys.exit(main())
> >    File "/usr/local/bro/bin/broctl", line 797, in main
> >      loop = BroCtlCmdLoop(BroCtl, interactive, cmd)
> >    File "/usr/local/bro/bin/broctl", line 25, in __init__
> >      self.broctl = broctl_class(ui=self)
> >    File "/usr/local/bro/lib/broctl/BroControl/broctl.py", line 69, in
> > __init__
> >      level=logging.DEBUG)
> >    File "/usr/lib/python2.7/logging/__init__.py", line 1547, in
> > basicConfig
> >      hdlr = FileHandler(filename, mode)
> >    File "/usr/lib/python2.7/logging/__init__.py", line 913, in __init__
> >      StreamHandler.__init__(self, self._open())
> >    File "/usr/lib/python2.7/logging/__init__.py", line 943, in _open
> >      stream = open(self.baseFilename, self.mode)
> > IOError: [Errno 13] Permission denied: '/usr/local/bro/spool/debug.log'
> > </error>
> > 
> > 
> > "Permission denied" seems to make sense, but if I type "sudo broctl
> > --h", I get "sudo: broctl: command not found".
> > 
> > It only works if I specify the full path with sudo, so "sudo
> > /usr/local/bro/bin/broctl --h" works, but "/usr/local/bro/bin/broctl
> > --h" does not.
> > 
> > Again, this is just for broctl.
> > 
> > 

> 
> _______________________________________________
> Bro mailing list
> 
bro at bro-ids.org> 
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170415/ee373f24/attachment.html 


More information about the Bro mailing list