[Zeek] af_packet

Michał Purzyński michalpurzynski1 at gmail.com
Fri Nov 22 11:59:34 PST 2019


Thanks!

> On Nov 22, 2019, at 9:30 AM, "ericooi at gmail.com" <ericooi at gmail.com> wrote:
> 
> Ok, I updated the articles based on Michal’s feedback.  I’m still learning and appreciate the comments.  
> 
> I understand the reasoning around packaging everything.  That’s a bit beyond me so I’ll have to dig more into that.
> 
> The 3 links, well, hey, it’s my blog. Don’t click if you don’t want. :P
> 
> 
>> On Nov 21, 2019, at 5:13 PM, Eric Ooi <ericooi at gmail.com> wrote:
>> 
>> Ouch.  Can’t please everyone I guess.
>> 
>>  
>> From: Michał Purzyński <michalpurzynski1 at gmail.com>
>> Sent: Thursday, November 21, 2019 5:10 PM
>> To: ericooi at gmail.com
>> Cc: venkatesh bandari; zeek
>> Subject: Re: [Zeek] af_packet
>>  
>> TBH I see quite a few reasons why plugins and Zeek should not be installed like that article describes.
>> 
>> - everything should be packaged. This includes Zeek and all plugins, each as a separate package. Running zkg to install plugin on production will result in building code on the server (and we don't even have compilers there).
>> - the sudo + pip install means you now have python packages installed for the entire OS but outside of the OS control and packaging, making vulnerability management difficult (most likely never detected, forgotten and left there)
>> - looks like zeek user can sudo to root. There's no need for that dangerous capability.
>> - cap_net_admin is not needed and dangerous
>> - assigning any capabilities to zeekctl is not needed and also dangerous
>> - and those 3 affiliation links at the bottom...
>> 
>>> On Thu, Nov 21, 2019 at 7:46 AM ericooi at gmail.com <ericooi at gmail.com> wrote:
>>> Any particular reason you don’t want to use the package manager?  It’s designed to simplify the process.
>>> 
>>> I wrote a how-to guide for installation on CentOS 8 that covers using the package manager: https://www.ericooi.com/zeekurity-zen-part-ii-zeek-package-manager/
>>> 
>>>> On Nov 21, 2019, at 9:25 AM, venkatesh bandari <austin522 at gmail.com> wrote:
>>>> 
>>>> Hello Team,
>>>> 
>>>> Iam trying to install af_packet and i see we can only install using package manager.
>>>> 
>>>> could you please help to answer if there is a alternative way  to install af_packet
>>>> 
>>>> Thanks
>>>> Venkatesh
>>>> _______________________________________________
>>>> Zeek mailing list
>>>> zeek at zeek.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>> 
>>> _______________________________________________
>>> Zeek mailing list
>>> zeek at zeek.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191122/79c5d4e1/attachment.html 


More information about the Zeek mailing list