Snort mailing list archives
chroot semantics fubar again in 1.8
From: Erik Fichtner <emf () servervault com>
Date: Wed, 11 Jul 2001 19:08:11 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why is it that chroot semantics in snort change every release? I invoke snort like so: /usr/local/bin/snort -i fxp0 -c /etc/snort/snort.conf -D -o \ -g 9999 -u 9999 -t /data/log -l / in 1.7, this worked perfectly. It put all my logs in /data/log, and the snort process couldn't see anything else. Which is almost how I wanted it. Now, if I specify -t in 1.8, i get the following error: Initializing rule chains... ERROR: Unable to open rules file: /etc/snort/snort.conf or /etc/snort//etc/snort/snort.conf Fatal Error, Quitting.. You're not seriously trying to tell me that I have to put my rules and my configuration file with my database passwords into the chroot environment are you? At that point, why am I chrooting? Am I the only person who wants the program to insulate itself against the possibility of an attacker compromising it and tampering with the sensor software? - -- Erik Fichtner Security Administrator, ServerVault, Inc. 703-333-5900 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TNxbQ7EzrewLMS0RAnTdAKCylWC7/m1COQGa25sVRZnpVhngugCfapbY jUMHpL3urDAKF6u5QdGUdZ8= =+3MJ -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- chroot semantics fubar again in 1.8 Erik Fichtner (Jul 11)
- Re: chroot semantics fubar again in 1.8 Erek Adams (Jul 11)
- Re: chroot semantics fubar again in 1.8 Jason Haar (Jul 17)
- Re: chroot semantics fubar again in 1.8 Dragos Ruiu (Jul 11)
- Re: chroot semantics fubar again in 1.8 Erek Adams (Jul 11)