Snort mailing list archives

Re: Run as user?

From: Erek Adams <erek () snort org>
Date: Thu, 3 Apr 2003 07:40:47 -0500 (EST)

On Thu, 3 Apr 2003, Joe Hill wrote:

well, I'm not *that* much of a noob ;)


:)  Hey, I had to say it!  :)

well, I'm a proud member of that group. I cannot find how to give that
group perms on the device though. It's not in /dev...or /proc...where
could it be?


I'm not sure about a Linux system, but there is an easy way to find out.
Use lsof and see what devices is being used by Snort.

For example:

[erek@ghosts]/dev>ps auxww | grep snort
root     25233  0.0  0.0 64496 12180 p5  SN    Fri09AM    0:58.65 snort
[erek@ghosts]/dev>sudo lsof -p 25233
COMMAND   PID USER   FD   TYPE DEVICE  SIZE/OFF   NODE NAME
snort   25233 root  cwd   VDIR    0,5       512   3651 /var (/dev/wd0f)
snort   25233 root  txt   VREG    0,4   3132923  41825 /usr/local (/dev/wd0e)
snort   25233 root  txt   VREG    0,3     61440  57392 /usr/libexec/ld.so
snort   25233 root  txt   VREG    0,5     11375   7175 /var/run/ld.so.hints
snort   25233 root  txt   VREG    0,3     97692 168506 /usr (/dev/wd0d)
snort   25233 root  txt   VREG    0,3     85720 168500 /usr (/dev/wd0d)
snort   25233 root  txt   VREG    0,3    602889 168483 /usr (/dev/wd0d)
snort   25233 root    0u  VCHR    5,5  0t111941  54791 /dev/ttyp5
snort   25233 root    1u  VCHR    5,5  0t111941  54791 /dev/ttyp5
snort   25233 root    2u  VCHR    5,5  0t111941  54791 /dev/ttyp5
snort   25233 root    3u  VCHR   23,2 0xe3fcc7d  54731 /dev/bpf2
snort   25233 root    4w  VREG    0,5     67142   3694 /var (/dev/wd0f)
snort   25233 root    5u  VREG    0,5     13394   3653 /var (/dev/wd0f)
snort   25233 root    6w  VREG    0,5     69738   3693 /var (/dev/wd0f)
[erek@ghosts]/dev>ls -al /dev/bpf?
crw-------  1 root  wheel   23,   0 Apr  3 01:34 /dev/bpf0
crw-------  1 root  wheel   23,   1 Mar 30 01:34 /dev/bpf1
crw-------  1 root  wheel   23,   2 Mar 14 22:06 /dev/bpf2
crw-------  1 root  wheel   23,   3 Feb  9 08:33 /dev/bpf3
crw-------  1 root  wheel   23,   4 Feb  9 08:33 /dev/bpf4
crw-------  1 root  wheel   23,   5 Feb  9 08:33 /dev/bpf5
crw-------  1 root  wheel   23,   6 Feb  9 08:33 /dev/bpf6
crw-------  1 root  wheel   23,   7 Feb  9 08:33 /dev/bpf7
crw-------  1 root  wheel   23,   8 Feb  9 08:33 /dev/bpf8
crw-------  1 root  wheel   23,   9 Feb  9 08:33 /dev/bpf9


Now all I have to do is:

        chgrp snort /dev/bpf2
        chmod 660 /dev/bpf2

And all should be well.  You just need to find out what device is being
used by snort to sniff on and then change the group and perms on that
device.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)
  - Re: Run as user? Joe Hill (Apr 02)
    - Re: Run as user? Alberto Gonzalez (Apr 02)
    - Re: Run as user? Joe Hill (Apr 02)
    - Re: Run as user? Erek Adams (Apr 02)
    - Re: Run as user? Joe Hill (Apr 02)
    - Re: Run as user? Erek Adams (Apr 03)
    - Re: Run as user? Matt Kettler (Apr 03)
    - Re: Run as user? Joe Hill (Apr 03)
  - Re: Run as user? Chris Green (Apr 03)