[Bro] Nodes still crashing/Site specific files
Martin Holste
mcholste at gmail.com
Fri Jun 14 10:56:47 PDT 2013
You need to use the setcap utility to allow the Bro user the ability to
open an interface promiscuously.
On Friday, June 14, 2013, Richards, James L - DOA wrote:
> That is just what I was looking at... everything is running as user bro...
>
> Thanks much...
>
> James Richards
> Office of Security
> Wisconsin Department of Administration
> 608.224.3880
>
>
> -----Original Message-----
> From: Siwek, Jonathan Luke [mailto:jsiwek at illinois.edu <javascript:;>]
> Sent: Friday, June 14, 2013 10:25 AM
> To: Richards, James L - DOA
> Cc: bro at bro.org <javascript:;>
> Subject: Re: [Bro] Nodes still crashing/Site specific files
>
>
> On Jun 14, 2013, at 9:57 AM, "Richards, James L - DOA" <
> James.Richards at wisconsin.gov <javascript:;>> wrote:
>
> > I ran ./configure --prefix=/usr/local/bro
> > --with-pcap=/usr/local/pfring Then make, make install, chown -R etc.
> >
> > It is no longer giving me the libpcap in diag, but I am now getting:
> >
> > fatal error: /usr/local/bro/bin/bro: problem with interface eth4 -
> > pcap_open_live: eth4: You don't have permission to capture on that
> > device (socket: Operation not permitted)
>
>
> What user were you `chown`ing things to? You'll have to do something
> extra for non-root users to be able to capture packets, see [1].
>
> - Jon
>
> [1]
> http://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org <javascript:;>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130614/e9e29fda/attachment.html
More information about the Bro
mailing list