Snort mailing list archives
Re: Run as user?
From: Joe Hill <joehill () sympatico ca>
Date: Thu, 3 Apr 2003 00:10:52 -0500
On Wed, 2 Apr 2003 23:40:52 -0500 (EST) Alberto Gonzalez <albertg () wwjh net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1According to the FAQ, the snort tool is supposed to be run as root. Is there any way to run it as a regular user, ie. giving myself permission to read the stream through eth0?(root@cerebro)(~) snort -? [..snip..] -g <gname> Run snort gid as <gname> group (or gid) after initialization -u <uname> Run snort uid as <uname> user (or uid) after initialization [..snip..]
sorry, what I meant was to actually run snort without first su'ing to root. is there any way to do this and have access to eth0?
make sure the logging directory has the proper permissions.
when I run snort, it says it will write to /var/log/snort, but I find no such directory or file.
And take in mind you won't be able to send a HUP signal.
ie. to kill the process?
Check the snort-users archive i believe this came up awhile ago.
I must admit, I only went back about 20 pages...;)
Cheers, Alberto Gonzalez - -- "Success comes to the person who does today, what you are thinking of doing tomorrow." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+i7tXa3vAB/3yp/IRApk8AJ4wXXvZwU+MIIZ0O6ExdPNo/5DYCACeIAgJ c3PCbpldS2KZgBGWUb7D6Sc= =urJl -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Erek Adams (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Erek Adams (Apr 03)
- Re: Run as user? Matt Kettler (Apr 03)
- Re: Run as user? Joe Hill (Apr 03)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)