[Bro] Just getting started
Vlad Grigorescu
vladg at cmu.edu
Wed Jan 9 12:13:02 PST 2013
On Jan 9, 2013, at 2:42 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
> --On January 9, 2013 7:28:08 PM +0000 "Castle, Shane" <scastle at bouldercounty.org> wrote:
>
>> You must use sudo: "sudo broctl check". Followed by rinse, spin (install,
>> restart). ;)
>>
>> Unless you're already root.
>>
>
> I am.
I actually avoid running bro as root. I create a bro user, and have it run as that instead. Apart from making sure that <PREFIX> has the right permissions, I just need to set the privileges as mentioned in the documentation[1]:
> sudo setcap cap_net_raw,cap_net_admin=eip <PREFIX>/bin/bro
If anyone's interested, I have a very much work-in-progress Puppet module for setting up the Bro directories with the proper permissions.
--Vlad
1 - <http://www.bro-ids.org/bro-workshop-2011/exercises/getting-started/index.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/fa639f0b/attachment.bin
More information about the Bro
mailing list