[Bro] Just getting started
Martin Holste
mcholste at gmail.com
Wed Jan 9 14:30:50 PST 2013
A Puppet module would be really good. I too run as "bro" and it's
obnoxious because after the beautiful simplicity of "broctl install" to
update code for each node, I then have to do a bash loop to SSH in to each
node and manually setcap, and only then can I perform the "start."
On Wed, Jan 9, 2013 at 2:13 PM, Vlad Grigorescu <vladg at cmu.edu> wrote:
> On Jan 9, 2013, at 2:42 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
>
> > --On January 9, 2013 7:28:08 PM +0000 "Castle, Shane" <
> scastle at bouldercounty.org> wrote:
> >
> >> You must use sudo: "sudo broctl check". Followed by rinse, spin
> (install,
> >> restart). ;)
> >>
> >> Unless you're already root.
> >>
> >
> > I am.
>
>
> I actually avoid running bro as root. I create a bro user, and have it run
> as that instead. Apart from making sure that <PREFIX> has the right
> permissions, I just need to set the privileges as mentioned in the
> documentation[1]:
>
> > sudo setcap cap_net_raw,cap_net_admin=eip <PREFIX>/bin/bro
>
> If anyone's interested, I have a very much work-in-progress Puppet module
> for setting up the Bro directories with the proper permissions.
>
> --Vlad
>
> 1 - <
> http://www.bro-ids.org/bro-workshop-2011/exercises/getting-started/index.html
> >
>
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/25049cc7/attachment.html
More information about the Bro
mailing list