Snort mailing list archives
Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem
From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Thu, 10 Apr 2003 17:08:37 -0500
To ignore ALL ICMP traffic from host <foo> using a pass rule: pass icmp <foo> any -> $HOME_NET any And you _MUST_ start snort with the '-o' parameter for the pass rule to work correctly.where is the place to put this rule .. ? inside of snort.conf file .. or in other file .. apart .. ?
Thanx .. Matt Yackley wrote:
Donnie, You should be able to put it into the snort.conf file or as part of your snort startup command/script Startup option -m <umask> Matt -----Original Message-----From: Donnie Green Jr [mailto:d_greenjr () hotmail com] Sent: Thursday, April 10, 2003 3:27 PMTo: snort-users () lists sourceforge net Where do I place "config umask:xxx"? I placed the command "umask 0026" in .bash_profile for "sec", but it did not work. ----- Original Message ----- From: "Erek Adams" <erek () snort org> To: "Donnie Green" <d_greenjr () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, April 09, 2003 2:04 PM Subject: Re: [Snort-users] /var/log/snort/some.ip.addr.dir/ permissions problemOn Wed, 9 Apr 2003, Donnie Green wrote:I have created a user and group both named "sec". In the snort startup script I created the variable SNORT_UID=sec and have placed snort.... -u$SNORT_UID in the configuration so snort is running as the owner/group sec/sec. This works fine but the IPAddr directories created under/var/log/snort/* have the permissions 600 and my users part of the "sec"group do not have permissions to the log information. Did I forget tosetthe umask for snort somewhere? How can I make the /var/log/snort/some.ip.addr.directory permissions 660?config umask: XXX ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, Thedebuggerfor complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -------------------------------------------------------This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: /var/log/snort/some.ip.addr.dir/ permissions pr oblem Matt Yackley (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem David Alonso De La Vega Tapage (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem ipwitch (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem David Alonso De La Vega Tapage (Apr 10)