[Bro] BRO on FreeBSD 5.2.1
Randolph Reitz
rreitz at fnal.gov
Fri Sep 24 16:46:43 PDT 2004
When devfs creates the /dev/bpfxx files, it creates them as follows...
crw------- 1 root wheel 23, 1 Sep 24 14:14 /dev/bpfxx
After the /dev/bpfxx is created, bro complains that it can't read the
/dev/bpfxx and stops. I change the owner to bro and then restart bro.
The traffic I'm currently monitoring is not the Fermi border traffic,
it's internal traffic. So only two bpfxx have been automatically
created. When I hook up the border traffic, I expect that a lot of
/dev/bpfxx will be created, so I need to find a way to tell devfs to
create /dev/bpfxx with owner 'bro'. I don't know how to do this.
The /dev/MAKEDEV doesn't exist in 5.2.
Randy
On Sep 24, 2004, at 4:43 PM, Vern Paxson wrote:
>> OK, but the devfs devices are created as...
>>
>> gumshoe# ls -lt /dev/b*
>> crw------- 1 bro wheel 23, 1 Sep 24 14:14 /dev/bpf1
>> crw------- 1 bro wheel 23, 0 Sep 24 14:14 /dev/bpf0
>>
>> (I changed the owner from root to bro.) If bro is a member of group
>> wheel, bro still can't read the device.
>
> I'm confused. If the files are mode 600 and "bro" owns them, then
> it certainly should be able to read them ... !
>
>> I don't know how to control
>> the permissions, owner or group of devfs devices. The devfs(5) man
>> page is useless.
>
> So the problem is that devfs creates them on-the-fly, so you're not
> able
> to alter their ownership? What happens if you create them statically
> via
> /dev/MAKEDEV?
>
> Vern
> _______________________________________________
> Bro mailing list
> Bro at ICSI.Berkeley.EDU
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
Randy Reitz
Computer Security Team
More information about the Bro
mailing list