I've got the Wireshark capture working, but I am concerned about having to use the root user for this functionality. I have multiple users set up, and would prefer not to hand out the keys to kingdom.
I'd like to create a new user account enabling just enough access for Wireshark and disabling shell access. I'm not a Linux admin by any means, but I'm starting down the path of doing some reading and trying to come up with a solution on my own. I'm throwing this out there in the meantime and to see if someone already put something together that does the trick.
Wireshark Capture Best Practice
Moderator: mike
-
Torc
- Posts: 11
- Joined: Mon Apr 24, 2017 2:14 pm
Re: Wireshark Capture Best Practice
I suppose I should add, I know the user would need to capable of the SSH tunnel that allows the tcpdump output to be sent to the local Wireshark client. I need to do some reading on if you can disable the interactive shell access and still permit the ssh tunnel. I'm not sure that will work since I suspect that would also disable the ability to run tcpdump.
I'm just trying to figure out how to create a restricted user dedicated for the SSH tunnel with the bare minimum requirements to support the tcpdump/SS tunnel functionality.
I'm just trying to figure out how to create a restricted user dedicated for the SSH tunnel with the bare minimum requirements to support the tcpdump/SS tunnel functionality.
-
Jeff Behrns
- Posts: 3
- Joined: Tue May 23, 2017 10:08 pm
Re: Wireshark Capture Best Practice
I also would love to see non-root creds used for the wireshark_wrapper.bat
Some users are sure to use root creds to blow up the deployment
Some users are sure to use root creds to blow up the deployment
-
Uldis (UD)
- Posts: 5180
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark Capture Best Practice
wireshark integration with no root passwords will be in EVE pro.