[Bro] [Not] Running Bro as root?
Dave Crawford
bro at pingtrip.com
Fri Jun 15 10:29:12 PDT 2018
I also wrote a plugin awhile back that performs the setcap for you after each install or deploy. Its easy enough to adjust the command line to meet your needs (_raw, _admin, etc):
https://github.com/PingTrip/broctl-setcap <https://github.com/PingTrip/broctl-setcap>
-Dave
> On Jun 15, 2018, at 1:27 PM, Dave Crawford <dave at pingtrip.com> wrote:
>
> I also wrote a plugin awhile back that performs the setcap for you after each install or deploy. Its easy enough to adjust the command line to meet your needs (_raw, _admin, etc):
>
> https://github.com/PingTrip/broctl-setcap <https://github.com/PingTrip/broctl-setcap>
>
> -Dave
>
>> On Jun 13, 2018, at 6:39 PM, Drew Dixon <dwdixon at umich.edu <mailto:dwdixon at umich.edu>> wrote:
>>
>> Thanks everyone for the input on this, it's been very helpful, and I think seems to be resulting in some positive things. I received some great info from folks both on and off list.
>>
>> Side note: Apologies for unintentionally hijacking the subject line marker, I probably should have used parenthesis instead of brackets.... : )
>>
>> -Drew
>>
>> On Wed, Jun 13, 2018 at 2:56 PM Azoff, Justin S <jazoff at illinois.edu <mailto:jazoff at illinois.edu>> wrote:
>>
>> > On Jun 13, 2018, at 5:41 PM, Michał Purzyński <michalpurzynski1 at gmail.com <mailto:michalpurzynski1 at gmail.com>> wrote:
>> >
>> > And to your second point - yes, bro documentation needs some improvements when it comes to the afpacket.
>>
>> Agreed. I put together some of what we have now for starting up a bro cluster using pf_ring since that used to be the only generic option.
>>
>> Now that af_packet is working almost everywhere I want to add a section to the docs for that. The bro side of things is actually really simple,
>> most of the effort goes into validating that af_packet is hashing things properly.
>>
>>
>> —
>> Justin Azoff
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>_______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180615/60220184/attachment-0001.html
More information about the Bro
mailing list