mirror of
https://github.com/domcyrus/rustnet.git
synced 2025-12-30 10:29:50 -06:00
4ae965a8a4
Remove CAP_NET_ADMIN requirement and eliminate need for CAP_SYS_ADMIN on modern kernels by using non-promiscuous mode for packet capture. This significantly reduces security surface by following principle of least privilege.
67 lines
2.2 KiB
Bash
Executable File
67 lines
2.2 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
#DEBHELPER#
|
|
|
|
case "$1" in
|
|
configure)
|
|
# Set capabilities for packet capture and eBPF support without requiring root/sudo
|
|
# This allows rustnet to run as a normal user with enhanced eBPF process detection
|
|
if command -v setcap >/dev/null 2>&1; then
|
|
# Try modern capabilities first (Linux 5.8+)
|
|
# CAP_NET_RAW: read-only packet capture (non-promiscuous mode)
|
|
# CAP_BPF, CAP_PERFMON: eBPF support for enhanced process tracking
|
|
setcap 'cap_net_raw,cap_bpf,cap_perfmon+eip' /usr/bin/rustnet 2>/dev/null || \
|
|
# Fallback for older kernels without CAP_BPF/CAP_PERFMON
|
|
setcap 'cap_net_raw,cap_sys_admin+eip' /usr/bin/rustnet || true
|
|
fi
|
|
|
|
cat <<EOF
|
|
|
|
================================================================================
|
|
RustNet has been installed with eBPF support!
|
|
|
|
NETWORK PACKET CAPTURE PERMISSIONS:
|
|
RustNet requires specific Linux capabilities for packet capture and eBPF
|
|
process detection. These have been automatically set if setcap is available.
|
|
|
|
To verify permissions are set correctly:
|
|
getcap /usr/bin/rustnet
|
|
|
|
Expected output (modern Linux 5.8+):
|
|
/usr/bin/rustnet cap_net_raw,cap_bpf,cap_perfmon=eip
|
|
|
|
Or for legacy kernels (pre-5.8):
|
|
/usr/bin/rustnet cap_net_raw,cap_sys_admin=eip
|
|
|
|
If capabilities are not set, you can manually set them:
|
|
# For modern Linux 5.8+ with eBPF support
|
|
sudo setcap 'cap_net_raw,cap_bpf,cap_perfmon+eip' /usr/bin/rustnet
|
|
|
|
# Or for legacy kernels without CAP_BPF support
|
|
sudo setcap 'cap_net_raw,cap_sys_admin+eip' /usr/bin/rustnet
|
|
|
|
Note: RustNet uses read-only packet capture (no promiscuous mode).
|
|
CAP_NET_ADMIN is NOT required.
|
|
|
|
Alternatively, run rustnet with sudo:
|
|
sudo rustnet
|
|
|
|
eBPF FALLBACK:
|
|
If eBPF fails to load, rustnet will automatically fall back to procfs-based
|
|
process detection. Check the TUI Statistics panel to see which detection
|
|
method is active.
|
|
|
|
USAGE:
|
|
rustnet # Start network monitoring
|
|
rustnet --help # Show all options
|
|
|
|
For more information, visit: https://github.com/domcyrus/rustnet
|
|
================================================================================
|
|
|
|
EOF
|
|
;;
|
|
esac
|
|
|
|
exit 0
|