BRO on FreeBSD 5.2.1

Zeek
1

In reply to Randolph Reitz <rreitz@fnal.gov> :

When devfs creates the /dev/bpfxx files, it creates them as follows...

crw------- 1 root wheel 23, 1 Sep 24 14:14 /dev/bpfxx

After the /dev/bpfxx is created, bro complains that it can't read the
/dev/bpfxx and stops. I change the owner to bro and then restart bro.
The traffic I'm currently monitoring is not the Fermi border traffic,
it's internal traffic. So only two bpfxx have been automatically
created. When I hook up the border traffic, I expect that a lot of
/dev/bpfxx will be created, so I need to find a way to tell devfs to
create /dev/bpfxx with owner 'bro'. I don't know how to do this.

take a look at /etc/devfs.conf and /etc/rc.d/devfs

also man devfs

    --eli

2

I was stuck on devfs(5). devfs(8) is much more helpful.

Thanks for the clue,
Randy

In reply to Randolph Reitz <rreitz@fnal.gov> :

When devfs creates the /dev/bpfxx files, it creates them as follows...

crw------- 1 root wheel 23, 1 Sep 24 14:14 /dev/bpfxx

After the /dev/bpfxx is created, bro complains that it can't read the
/dev/bpfxx and stops. I change the owner to bro and then restart bro.
The traffic I'm currently monitoring is not the Fermi border traffic,
it's internal traffic. So only two bpfxx have been automatically
created. When I hook up the border traffic, I expect that a lot of
/dev/bpfxx will be created, so I need to find a way to tell devfs to
create /dev/bpfxx with owner 'bro'. I don't know how to do this.

take a look at /etc/devfs.conf and /etc/rc.d/devfs

also man devfs

    --eli

The /dev/MAKEDEV doesn't exist in 5.2.

Randy

OK, but the devfs devices are created as...

gumshoe# ls -lt /dev/b*
crw------- 1 bro wheel 23, 1 Sep 24 14:14 /dev/bpf1
crw------- 1 bro wheel 23, 0 Sep 24 14:14 /dev/bpf0

(I changed the owner from root to bro.) If bro is a member of group
wheel, bro still can't read the device.

I'm confused. If the files are mode 600 and "bro" owns them, then
it certainly should be able to read them ... !

I don't know how to control
the permissions, owner or group of devfs devices. The devfs(5) man
page is useless.

So the problem is that devfs creates them on-the-fly, so you're not
able
to alter their ownership? What happens if you create them statically
via
/dev/MAKEDEV?

    Vern
_______________________________________________
Bro mailing list
Bro@ICSI.Berkeley.EDU
mailman.icsi.berkeley.edu Mailing Lists

Randy Reitz
Computer Security Team