[Zeek] setcap plugin failing
Mark Gardner
mkg at vt.edu
Tue May 7 06:24:36 PDT 2019
I can't figure out how to debug this issue of the setcap plugin failing:
zeek at zeekmgr:~$ broctl install
...
setcap plugin: executing setcap on each node:
10.0.1.12 - Executing setcap: FAIL:
...
Details::
OS: Debian9
Zeek: v2.6.1 installed from source into /usr/local/bro
Plugins: af_packet installed from source and
PingTrip/broctl-setcap setcap.py file installed by hand into
/usr/local/bro/lib/broctl/plugins.
The following is appended to the bottom /usr/local/bro/etc/broctl.cfg:
# Configure broctl-setcap plugin
setcap.enabled=1
setcap.command=sudo /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/bro &&
sudo /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/capstats
And this to /etc/sudoers.d/zeek on each of the sensors:
Cmnd_Alias BRO_SETCAP = /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/bro
Cmnd_Alias CAPSTATS_SETCAP = /sbin/setcap cap_net_raw+eip
/usr/local/bro/bin/capstats
bro ALL=NOPASSWD: BRO_SETCAP, CAPSTATS_SETCAP
Defaults!/sbin/setcap !requiretty
Any ideas what to check to see what is going wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190507/73b55c3a/attachment.html
More information about the Zeek
mailing list