[Bro] File Extraction

Jonathon Wright jonathon.s.wright at gmail.com
Thu Dec 4 12:45:42 PST 2014


Very interesting Marcus, I'll take a look at the setcap option, thanks!

On Thu, Dec 4, 2014 at 4:05 AM, Marcus LaFerrera <marcus at randomhack.org>
wrote:

> As for running bro as non-root, I've always created a bro user/group,
> chown'd the bro directory and files to that user and group, and use setcap
> as below.
>
> setcap cap_net_raw,cap_net_admin=eip /path/to/bro/bin
>
> Though not privilege dropping, it will still give you the added security
> and peace of mind that you aren't running as root. I've been doing this for
> several years now and never had any issues with it. Albeit, this has always
> been on a linux based server.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141204/8d30017f/attachment.html 


More information about the Bro mailing list