[Bro] Likely bug in broctl
jlay at slave-tothe-box.net
Sat Apr 15 04:12:02 PDT 2017
On Fri, 2017-04-14 at 23:48 -0500, Daniel Thayer wrote:
> If you upgrade to the newest release of Bro, then
> the error message is more user-friendly.
> The error is due to the fact that broctl needs to
> write to the "spool" and "logs" directories.
> This is explained in the broctl documentation:
And as for /usr/local/bro/bin, add that to your secure_path= line in
> On 4/14/17 11:17 PM, LinuxBSDos.com wrote:
> > Hello:
> > On an Ubuntu 16.04 server, I have Bro executables in /usr/local/bro/bin,
> > which is in the PATH of all users on the system.
> > As root, I can invoke all the commands by just specifying the relative
> > paths. As a standard user, I can do the same for the commands except
> > broctl. If I type, for example, "broctl --h", it returns the following
> > error messages:
> > <error>
> > Traceback (most recent call last):
> > File "/usr/local/bro/bin/broctl", line 830, in <module>
> > sys.exit(main())
> > File "/usr/local/bro/bin/broctl", line 797, in main
> > loop = BroCtlCmdLoop(BroCtl, interactive, cmd)
> > File "/usr/local/bro/bin/broctl", line 25, in __init__
> > self.broctl = broctl_class(ui=self)
> > File "/usr/local/bro/lib/broctl/BroControl/broctl.py", line 69, in
> > __init__
> > level=logging.DEBUG)
> > File "/usr/lib/python2.7/logging/__init__.py", line 1547, in
> > basicConfig
> > hdlr = FileHandler(filename, mode)
> > File "/usr/lib/python2.7/logging/__init__.py", line 913, in __init__
> > StreamHandler.__init__(self, self._open())
> > File "/usr/lib/python2.7/logging/__init__.py", line 943, in _open
> > stream = open(self.baseFilename, self.mode)
> > IOError: [Errno 13] Permission denied: '/usr/local/bro/spool/debug.log'
> > </error>
> > "Permission denied" seems to make sense, but if I type "sudo broctl
> > --h", I get "sudo: broctl: command not found".
> > It only works if I specify the full path with sudo, so "sudo
> > /usr/local/bro/bin/broctl --h" works, but "/usr/local/bro/bin/broctl
> > --h" does not.
> > Again, this is just for broctl.
> Bro mailing list
bro at bro-ids.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro