[Bro] BRO on FreeBSD 5.2.1

Eli Dart dart at nersc.gov
Fri Sep 24 17:09:18 PDT 2004


In reply to Randolph Reitz <rreitz at fnal.gov> :

> When devfs creates the /dev/bpfxx files, it creates them as follows...
> 
> crw-------  1 root  wheel   23,   1 Sep 24 14:14 /dev/bpfxx
> 
> After the /dev/bpfxx is created, bro complains that it can't read the 
> /dev/bpfxx and stops.  I change the owner to bro and then restart bro.  
> The traffic I'm currently monitoring is not the Fermi border traffic, 
> it's internal traffic.  So only two bpfxx have been automatically 
> created.  When I hook up the border traffic, I expect that a lot of 
> /dev/bpfxx will be created, so I need to find a way to tell devfs to 
> create /dev/bpfxx with owner 'bro'.  I don't know how to do this.

take a look at /etc/devfs.conf and /etc/rc.d/devfs

also man devfs

		--eli


> 
> The /dev/MAKEDEV doesn't exist in 5.2.
> 
> Randy
> 
> On Sep 24, 2004, at 4:43 PM, Vern Paxson wrote:
> 
> >> OK, but the devfs devices are created as...
> >>
> >> gumshoe# ls -lt /dev/b*
> >> crw-------  1 bro  wheel   23,   1 Sep 24 14:14 /dev/bpf1
> >> crw-------  1 bro  wheel   23,   0 Sep 24 14:14 /dev/bpf0
> >>
> >> (I changed the owner from root to bro.)  If bro is a member of group
> >> wheel, bro still can't read the device.
> >
> > I'm confused.  If the files are mode 600 and "bro" owns them, then
> > it certainly should be able to read them ... !
> >
> >> I don't know how to control
> >> the permissions, owner or group of devfs devices.  The devfs(5) man
> >> page is useless.
> >
> > So the problem is that devfs creates them on-the-fly, so you're not 
> > able
> > to alter their ownership?  What happens if you create them statically 
> > via
> > /dev/MAKEDEV?
> >
> > 		Vern
> > _______________________________________________
> > Bro mailing list
> > Bro at ICSI.Berkeley.EDU
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> 
> Randy Reitz
> Computer Security Team
> 
> _______________________________________________
> Bro mailing list
> Bro at ICSI.Berkeley.EDU
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20040924/8b9cbf96/attachment.bin 


More information about the Bro mailing list