[Bro] File Extraction
Marcus LaFerrera
marcus at randomhack.org
Thu Dec 4 06:05:47 PST 2014
As for running bro as non-root, I've always created a bro user/group,
chown'd the bro directory and files to that user and group, and use setcap
as below.
setcap cap_net_raw,cap_net_admin=eip /path/to/bro/bin
Though not privilege dropping, it will still give you the added security
and peace of mind that you aren't running as root. I've been doing this for
several years now and never had any issues with it. Albeit, this has always
been on a linux based server.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141204/6db31d9c/attachment.html
More information about the Bro
mailing list