[Bro] Bro Cluster User

Daniel Thayer dnthayer at illinois.edu
Thu Jul 23 10:30:56 PDT 2015

OK, then when you run "broctl deploy", broctl will try
to create the directory "/usr/local/bro" on each machine
in your cluster.  If the user that you're running
broctl does not have write access to the "/usr/local"
directory, then you will see a permission denied error.

Have you tried to manually create that directory on each machine,
and then change the ownership to the user that runs
broctl, and then run "broctl deploy"?

On 07/23/2015 12:16 PM, M P wrote:
> On Thu, Jul 23, 2015 at 8:13 PM, Daniel Thayer <dnthayer at illinois.edu
> <mailto:dnthayer at illinois.edu>> wrote:
>     What is your install prefix directory (or are you just using the
>     default)?
> Thanks for your reply Daniel.
> I am using the default directory, i.e.:  /usr/local/bro
>     On 07/23/2015 12:04 PM, M P wrote:
>         Any thoughts or pointers on this? Some googling did turn some
>         similar
>         issue(s) but nothing definitive. The rest of the results I have seen
>         involved using root to setup and run Bro.
>         Thanks for any pointers
>         MP
>         On Thursday, July 16, 2015, M P <mpselab at gmail.com
>         <mailto:mpselab at gmail.com>
>         <mailto:mpselab at gmail.com <mailto:mpselab at gmail.com>>> wrote:
>              I have finished preparing a multi-node cluster of Bro and
>         the setup
>              was enjoyable to say the least. Now I am stuck at getting the
>              manager to provision the nodes with an error stating that
>         it cannot
>              create some of the directories on the nodes: permission denied.
>              The error message is pretty clear, however I am not able to
>         find the
>              "best practice" solution for it.
>              What I did was:
>              1. Create the bro user on both manager and nodes.
>              2. Gegenrate the ssh key as the user bro on the manager and
>         copy the
>              public key to the nodes.
>              3. SSH as the user bro works without password.
>              4. May be not necessary but I added the bro user to the sudors
>              visduo and granted it everything a root can do.
>              I attempted to create a test folder where Bro is attempting to
>              create its directories on a node, and that failed with
>         permissions
>              denied as expected from the Bro error message.
>              My options (I think) are:
>              1. Setup Bro as root, which I am trying to avoid in the
>         first place.
>              2. Setup Bro with root initially and then change ownership of
>              directories to the bro users. This does not seem to the
>         right way to
>              do though.
>              3. Elevate the permissions of the user Bro to have more
>         privileges.
>              Again, not sure if this is the right way.
>              You may get this question a lot, but any help or pointers are
>              appreciated.
>              Thank you for reading so far.
>              MP
>         _______________________________________________
>         Bro mailing list
>         bro at bro-ids.org <mailto:bro at bro-ids.org>
>         http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>         <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.ICSI.Berkeley.EDU_mailman_listinfo_bro&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Bi5qPBnY0NmYPqnRTPj_AfXQKpfQTZUpCzpfFBcawv0&m=Uhw49BSBpl-_oLSUEwxmvScGFEDqpMtubL69AiCkk2w&s=xdu1a7kEtEFXHbZRZrvLJ0j3P6i-7ztVyxOBt9_Rp7c&e=>

More information about the Bro mailing list