Raspberry Pi Hedgehog sensor user should belong to netdev group

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://idaholab.github.io/Malcolm/

Other

353 stars 58 forks source link

Raspberry Pi Hedgehog sensor user should belong to netdev group #417

Closed mmguero closed 7 months ago

mmguero commented 7 months ago

After the v24.02.0 release I noticed that the firewall is not being opened, which should be done with ufw_allow_viewer.sh using the ARKIME_PACKET_ACL variable.

I can see the variable is being set correctly, but ufw status does not show the entry being made. This means that requesting packet payloads in arkime sessions from hedgehog on a Pi does not work. It does work if the port is opened manually:

sudo ufw allow from 172.16.0.20/32 proto tcp to any port 8005

mmguero commented 7 months ago

The issue is fixed by ensuring the sensor user gets added to the netdev group in the script that builds the pi image.