[Bro] Several questions
Paul Schmehl
pauls at utdallas.edu
Thu Jul 12 13:37:15 PDT 2007
I'm working on an upgrade to the bro port in FreeBSD (from 0.9a4a to
1.1d-stable.) I've never used bro, but I maintain a number of ports. I've
found that bro is quite a complex port. I've had to address a number of
issues where bro does things in a "non-standard" (for FreeBSD) way, but
I've finally got the port installing correctly and in the "right" (for
FreeBSD) locations.
Now I'm testing running bro, and I've run into some problems that I don't
know the answer to.
1) When I try to run bro.rc start, I get a permission denied error.
bro.rc: Starting ..........bro.rc: Failed to start Bro
/var/tmp/bro/bin/bro.rc: /var/tmp/bro/bin: Permission denied
... FAILED
I tried changing the user from bro to root, but I still get the error. All
the directories and files have the "standard" permissions (xwrx-rx-r for
dirs and executables -rw-r--r- for other files such as policy files and
scripts. The messages file doesn't include any additional information.
If I set DEBUG=1 in bro.rc, I get this:
root at utd59514# /var/tmp/bro/bin/bro.rc start
bro.rc: Starting /var/tmp/bro/bin/bro.rc: /var/tmp/bro/bin: Permission
denied
Huh?
root at utd59514# ls -lsa /var/tmp/bro/bin/bro
1760 -r-xr-xr-x 1 root wheel 1784264 Jul 12 09:27 /var/tmp/bro/bin/bro
And I can run bro from the commandline (although that brings up another
issue)
root at utd59514# /var/tmp/bro/bin/bro -i bge0
^C
Any suggestions as to where to look for this problem would be appreciated.
2) I can't seem to figure out the correct format for the local.site.bro file
root at utd59514# /var/tmp/bro/bin/bro -i bge0 utd59514.utdallas.edu.bro
/var/tmp/bro/bro/site/utd59514.utdallas.edu.bro, line 1: error: syntax
error, at or near ","
Here's the file:
root at utd59514# less /var/tmp/bro/bro/site/utd59514.utdallas.edu.bro
129.110.0.0/16, 10.0.0.0/8
I have tried enclosing this in brackets [129.110.0.0/16, 10.0.0.0/8]. I
have tried replacing the comma with a space. I have tried 129.110.0.0/16
with and without the brackets. No matter what format I use, I get the
syntax error.
Is this a bug? Or have I missed something doh simple?
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 3701 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070712/d438742a/attachment.bin
More information about the Bro
mailing list