Re: Chrooting snort

[Alain Tesio <alain () onesite org>]

On Thu, 28 Feb 2002 20:00:05 -0800 (PST)
Erek Adams <erek () theadamsfamily net> wrote:

> Send snort a SIGHUP twice whilst it's in the jail.  If it works, I'll be
> damned impressed....  See http://www.snort.org/docs/faq.html#6.19

On my machine, snort is killed by a SIGHUP when it's not running as
root, whether it's in the jail or not:

05:40:13 root ~ #SNORT="/usr/sbin/snort -D -c /etc/snort/snort.conf -l /var/log/snort -b -d"
05:40:14 root ~ #$SNORT
05:40:17 root ~ #pidof snort
17271
05:40:22 root ~ #killall -HUP snort
05:40:28 root ~ #pidof snort
17271
05:40:30 root ~ #killall -KILL snort
05:40:35 root ~ #$SNORT -u snort -g snort
05:41:02 root ~ #pidof snort
17284
05:41:05 root ~ #killall -HUP snort
05:41:13 root ~ #pidof snort

05:41:17 root ~ #chroot /var/chroot/snort $SNORT
05:41:31 root ~ #pidof snort
17289
05:41:39 root ~ #killall -HUP snort
05:41:44 root ~ #pidof snort
17289
05:41:48 root ~ #killall -KILL snort
05:41:54 root ~ #chroot /var/chroot/snort $SNORT -u snort -g snort
05:42:05 root ~ #pidof snort
17297
05:42:11 root ~ #killall -HUP snort
05:42:15 root ~ #pidof snort
05:42:16 root ~ # 

> [FWIW: http://www.theadamsfamily.net/~erek/snort/cell/index.html has a lot of
> the basic info on creating a chroot'ed jail for anything.]

Well, with the program I mentioned, if the 8 lines in the
configuration are fine for your system, you just type
"makejail examples/snort.py" and you have your jail ready.

Alain

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users