Support and News Forum

I've got the Wireshark capture working, but I am concerned about having to use the root user for this functionality. I have multiple users set up, and would prefer not to hand out the keys to kingdom.

I'd like to create a new user account enabling just enough access for Wireshark and disabling shell access. I'm not a Linux admin by any means, but I'm starting down the path of doing some reading and trying to come up with a solution on my own. I'm throwing this out there in the meantime and to see if someone already put something together that does the trick.

I suppose I should add, I know the user would need to capable of the SSH tunnel that allows the tcpdump output to be sent to the local Wireshark client. I need to do some reading on if you can disable the interactive shell access and still permit the ssh tunnel. I'm not sure that will work since I suspect that would also disable the ability to run tcpdump.

I'm just trying to figure out how to create a restricted user dedicated for the SSH tunnel with the bare minimum requirements to support the tcpdump/SS tunnel functionality.

I also would love to see non-root creds used for the wireshark_wrapper.bat
Some users are sure to use root creds to blow up the deployment

wireshark integration with no root passwords will be in EVE pro.