[Bro] [Not] Running Bro as root?

Dave Crawford bro at pingtrip.com
Fri Jun 15 10:29:12 PDT 2018 

I also wrote a plugin awhile back that performs the setcap for you after each install or deploy. Its easy enough to adjust the command line to meet your needs (_raw, _admin, etc):

https://github.com/PingTrip/broctl-setcap <https://github.com/PingTrip/broctl-setcap>

-Dave

> On Jun 15, 2018, at 1:27 PM, Dave Crawford <dave at pingtrip.com> wrote:
> 
> I also wrote a plugin awhile back that performs the setcap for you after each install or deploy. Its easy enough to adjust the command line to meet your needs (_raw, _admin, etc):
> 
> https://github.com/PingTrip/broctl-setcap <https://github.com/PingTrip/broctl-setcap>
> 
> -Dave
> 
>> On Jun 13, 2018, at 6:39 PM, Drew Dixon <dwdixon at umich.edu <mailto:dwdixon at umich.edu>> wrote:
>> 
>> Thanks everyone for the input on this, it's been very helpful, and I think seems to be resulting in some positive things.  I received some great info from folks both on and off list. 
>> 
>> Side note:  Apologies for unintentionally hijacking the subject line marker, I probably should have used parenthesis instead of brackets....  : ) 
>> 
>> -Drew
>> 
>> On Wed, Jun 13, 2018 at 2:56 PM Azoff, Justin S <jazoff at illinois.edu <mailto:jazoff at illinois.edu>> wrote:
>> 
>> > On Jun 13, 2018, at 5:41 PM, Michał Purzyński <michalpurzynski1 at gmail.com <mailto:michalpurzynski1 at gmail.com>> wrote:
>> > 
>> > And to your second point - yes, bro documentation needs some improvements when it comes to the afpacket.
>> 
>> Agreed.  I put together some of what we have now for starting up a bro cluster using pf_ring since that used to be the only generic option.
>> 
>> Now that af_packet is working almost everywhere I want to add a section to the docs for that.  The bro side of things is actually really simple,
>> most of the effort goes into validating that af_packet is hashing things properly.
>> 
>> 
>>>> Justin Azoff
>> 
>> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>_______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180615/60220184/attachment-0001.html

More information about the Bro mailing list