NSM: broctl and zeekctl need to check if parameters were passed

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 521 forks source link

NSM: broctl and zeekctl need to check if parameters were passed #1713

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

/usr/sbin/broctl and /usr/sbin/zeekctl are user convenience shims that call the real /opt/bro/bin/zeekctl. We recently added some greps to these shims to clean up some of the unnecessary warnings. However, grep is preventing the user from running the zeekctl shell interactively. The easiest fix is to check for parameters and only pipe into grep if parameters were passed.

dougburks commented 4 years ago

After installing securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion225, please test as follows:

verify that sudo broctl and sudo zeekctl both start the zeekctl shell and you're able to interact with it
verify that you can pass parameters like sudo zeekctl status and get just the status information without any unnecessary warnings

defensivedepth commented 4 years ago

Looks good to me!

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/02/zeek-301-elastic-686-and-cyberchef-9120.html