Snort mailing list archives
Bug Roundup--Chroot Broken?
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 6 Jul 2001 16:45:21 -0700 (PDT)
chrooting seems a bit muddled. /local/home/snort is where I'm chroot'ing it at. Since that's going to become the root, I've added dev, etc, var, usr, usr/local, local/home/snort and so on into it. Snort starts, runs, logs, does it all.... Until I send it a SIGHUP. At that point, it would bail with the following: Received SIGHUP. Restarting --== Initializing Snort ==-- [!] ERROR: Can not get write access to logging directory /local/home/snort//var/log/snort. (directory doesn't exist or permissions are set incorrectly or it is not a directory at all) But it does exist as /var/log/snort and /local/home/var/log/snort. So on a bit of a whim, I created /local/home/snort/local/home/snort/var/log/snort. Now it dies with: Rule application order changed to Pass->Alert->Log Initializing Network Interface le0 ERROR: OpenPcap() device le0 open: /dev/le0: No such file or directory Fatal Error, Quitting.. Now, I'm guessing here--But is snort recursively chroot'ing itself? Or am I not getting how chroot'ing should work? Is anyone using snort as a chroot'ed user? Or am I the only one who's this nutty? Some facts: Solaris 2.7 fully patched. gcc version 2.95.2 19991024 (release) user: snort group: snort Started with: /usr/local/bin/snort -o -c /local/home/snort/snort.conf -t /local/home/snort -u snort -g snort -h 206.xxx.xx.x/24 -y truss output: [...snip...] open("/usr/share/lib/zoneinfo/US/Pacific", O_RDONLY) = 3 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0".., 8192) = 1000 close(3) = 0 ioctl(1, TCGETA, 0xEFFFEC7C) = 0 write(1, "\n - - =".., 38) = 38 stat("/local/home/snort//var/log/snort", 0xEFFFFAA0) Err#2 ENOENT write(2, "\n [ ! ] E R R O R : ".., 58) = 58 write(2, " / l o c a l / h o m e /".., 32) = 32 write(2, " .\n ( d i r e c t o r y".., 96) = 96 write(2, " F a t a l E r r o r ,".., 24) = 24 llseek(0, 0, SEEK_CUR) = 25185 _exit(1) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bug Roundup--Chroot Broken? Erek Adams (Jul 06)
- Re: Bug Roundup--Chroot Broken? Chris Green (Jul 06)
- Re: Bug Roundup--Chroot Broken? Erek Adams (Jul 07)
- Re: Bug Roundup--Chroot Broken? Chris Green (Jul 06)