Snort mailing list archives
Re: How to run snort with -g and -u flags
From: twig les <twigles () yahoo com>
Date: Tue, 23 Jul 2002 10:13:50 -0700 (PDT)
My understanding of Snort's ability to run as another user is that it *drops* the privileges to that user. This is significant in that you have to start out as root for packet sniffing (tcpdump makes you do this too). So even though I run Snort and the rules update crontab as user snort, I have to stop and start Snort as root, which is no problem due to the clunky way our infrastructure makes me update signatures.... So I guess the way I'll be automating this when I get around to it is to have a seperate crontab under root that bounces snort using the startup file about 5 minutes after the signature update runs. Hope this helps, sounds like you're 95% done. --- Tim Goodwin <jaguar_fresh () yahoo com> wrote:
Hi all I run the snort 1.8.7 on OpenBSD. I created user snort and I run snort with -g snort -u snort. I update rules with the oinkmaster which is run out of snort user crontab everyday. I have problem I hope you can help. snort users crontab oinkmaster gets new rules and work fine, at end of crontab I restart snort with kill -HUP `cat /var/run/snortpid` but it say I not root so I cant sniff. Which is true, I not root, I snort at that time. How I get around this? Also another thing...I start snort from the rc.local file but snort start as root and only root can read /var/run/snortpid file so I have to manual chmod it to have snort user read it. What do people do to work with these problems. thank you for your time Marcello __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to run snort with -g and -u flags Tim Goodwin (Jul 23)
- Re: How to run snort with -g and -u flags twig les (Jul 23)