[Bro] BRO on FreeBSD 5.2.1

Randolph Reitz rreitz at fnal.gov
Fri Sep 24 19:56:02 PDT 2004 

I was stuck on devfs(5).  devfs(8) is much more helpful.

Thanks for the clue,
Randy

On Sep 24, 2004, at 7:09 PM, Eli Dart wrote:

>
> In reply to Randolph Reitz <rreitz at fnal.gov> :
>
>> When devfs creates the /dev/bpfxx files, it creates them as follows...
>>
>> crw-------  1 root  wheel   23,   1 Sep 24 14:14 /dev/bpfxx
>>
>> After the /dev/bpfxx is created, bro complains that it can't read the
>> /dev/bpfxx and stops.  I change the owner to bro and then restart bro.
>> The traffic I'm currently monitoring is not the Fermi border traffic,
>> it's internal traffic.  So only two bpfxx have been automatically
>> created.  When I hook up the border traffic, I expect that a lot of
>> /dev/bpfxx will be created, so I need to find a way to tell devfs to
>> create /dev/bpfxx with owner 'bro'.  I don't know how to do this.
>
> take a look at /etc/devfs.conf and /etc/rc.d/devfs
>
> also man devfs
>
> 		--eli
>
>
>>
>> The /dev/MAKEDEV doesn't exist in 5.2.
>>
>> Randy
>>
>> On Sep 24, 2004, at 4:43 PM, Vern Paxson wrote:
>>
>>>> OK, but the devfs devices are created as...
>>>>
>>>> gumshoe# ls -lt /dev/b*
>>>> crw-------  1 bro  wheel   23,   1 Sep 24 14:14 /dev/bpf1
>>>> crw-------  1 bro  wheel   23,   0 Sep 24 14:14 /dev/bpf0
>>>>
>>>> (I changed the owner from root to bro.)  If bro is a member of group
>>>> wheel, bro still can't read the device.
>>>
>>> I'm confused.  If the files are mode 600 and "bro" owns them, then
>>> it certainly should be able to read them ... !
>>>
>>>> I don't know how to control
>>>> the permissions, owner or group of devfs devices.  The devfs(5) man
>>>> page is useless.
>>>
>>> So the problem is that devfs creates them on-the-fly, so you're not
>>> able
>>> to alter their ownership?  What happens if you create them statically
>>> via
>>> /dev/MAKEDEV?
>>>
>>> 		Vern
>>> _______________________________________________
>>> Bro mailing list
>>> Bro at ICSI.Berkeley.EDU
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>>
Randy Reitz
Computer Security Team
>>
>> _______________________________________________
>> Bro mailing list
>> Bro at ICSI.Berkeley.EDU
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>

More information about the Bro mailing list