setcap plugin failing

Mark_Gardner · May 7, 2019, 1:24pm

I can’t figure out how to debug this issue of the setcap plugin failing:

zeek@zeekmgr:~$ broctl install
…
setcap plugin: executing setcap on each node:
10.0.1.12 - Executing setcap: FAIL:
…

Details::

OS: Debian9
Zeek: v2.6.1 installed from source into /usr/local/bro
Plugins: af_packet installed from source and PingTrip/broctl-setcap setcap.py file installed by hand into /usr/local/bro/lib/broctl/plugins.

The following is appended to the bottom /usr/local/bro/etc/broctl.cfg:

Configure broctl-setcap plugin

setcap.enabled=1
setcap.command=sudo /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/bro && sudo /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/capstats

And this to /etc/sudoers.d/zeek on each of the sensors:

Cmnd_Alias BRO_SETCAP = /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/bro

Cmnd_Alias CAPSTATS_SETCAP = /sbin/setcap cap_net_raw+eip /usr/local/bro/bin/capstats
bro ALL=NOPASSWD: BRO_SETCAP, CAPSTATS_SETCAP
Defaults!/sbin/setcap !requiretty

Any ideas what to check to see what is going wrong?

JustinAzoff · May 7, 2019, 1:52pm

Is the account you are using zeek or bro? your prompt says zeek but
the sudoers file says bro.

Mark_Gardner · May 7, 2019, 2:07pm

Thanks Justin. I stared at those configs for a long time and never noticed the problem. That should fix it.

Topic		Replies	Views
Debbuging zeekctl errors Zeek	1	100	May 6, 2022
Bro doctor fails Zeek	3	102	May 6, 2022
Debian Bro install Zeek	11	84	May 6, 2022
Bro beta install Zeek	3	127	May 6, 2022
binpac error Zeek	2	83	May 6, 2022

setcap plugin failing

Configure broctl-setcap plugin

Related topics