Snort mailing list archives
Re: Run as user?
From: Erek Adams <erek () snort org>
Date: Thu, 3 Apr 2003 07:40:47 -0500 (EST)
On Thu, 3 Apr 2003, Joe Hill wrote:
well, I'm not *that* much of a noob ;)
:) Hey, I had to say it! :)
well, I'm a proud member of that group. I cannot find how to give that group perms on the device though. It's not in /dev...or /proc...where could it be?
I'm not sure about a Linux system, but there is an easy way to find out. Use lsof and see what devices is being used by Snort. For example: [erek@ghosts]/dev>ps auxww | grep snort root 25233 0.0 0.0 64496 12180 p5 SN Fri09AM 0:58.65 snort [erek@ghosts]/dev>sudo lsof -p 25233 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME snort 25233 root cwd VDIR 0,5 512 3651 /var (/dev/wd0f) snort 25233 root txt VREG 0,4 3132923 41825 /usr/local (/dev/wd0e) snort 25233 root txt VREG 0,3 61440 57392 /usr/libexec/ld.so snort 25233 root txt VREG 0,5 11375 7175 /var/run/ld.so.hints snort 25233 root txt VREG 0,3 97692 168506 /usr (/dev/wd0d) snort 25233 root txt VREG 0,3 85720 168500 /usr (/dev/wd0d) snort 25233 root txt VREG 0,3 602889 168483 /usr (/dev/wd0d) snort 25233 root 0u VCHR 5,5 0t111941 54791 /dev/ttyp5 snort 25233 root 1u VCHR 5,5 0t111941 54791 /dev/ttyp5 snort 25233 root 2u VCHR 5,5 0t111941 54791 /dev/ttyp5 snort 25233 root 3u VCHR 23,2 0xe3fcc7d 54731 /dev/bpf2 snort 25233 root 4w VREG 0,5 67142 3694 /var (/dev/wd0f) snort 25233 root 5u VREG 0,5 13394 3653 /var (/dev/wd0f) snort 25233 root 6w VREG 0,5 69738 3693 /var (/dev/wd0f) [erek@ghosts]/dev>ls -al /dev/bpf? crw------- 1 root wheel 23, 0 Apr 3 01:34 /dev/bpf0 crw------- 1 root wheel 23, 1 Mar 30 01:34 /dev/bpf1 crw------- 1 root wheel 23, 2 Mar 14 22:06 /dev/bpf2 crw------- 1 root wheel 23, 3 Feb 9 08:33 /dev/bpf3 crw------- 1 root wheel 23, 4 Feb 9 08:33 /dev/bpf4 crw------- 1 root wheel 23, 5 Feb 9 08:33 /dev/bpf5 crw------- 1 root wheel 23, 6 Feb 9 08:33 /dev/bpf6 crw------- 1 root wheel 23, 7 Feb 9 08:33 /dev/bpf7 crw------- 1 root wheel 23, 8 Feb 9 08:33 /dev/bpf8 crw------- 1 root wheel 23, 9 Feb 9 08:33 /dev/bpf9 Now all I have to do is: chgrp snort /dev/bpf2 chmod 660 /dev/bpf2 And all should be well. You just need to find out what device is being used by snort to sniff on and then change the group and perms on that device. Hope that helps! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Erek Adams (Apr 02)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Erek Adams (Apr 03)
- Re: Run as user? Matt Kettler (Apr 03)
- Re: Run as user? Joe Hill (Apr 03)
- Re: Run as user? Joe Hill (Apr 02)
- Re: Run as user? Alberto Gonzalez (Apr 02)