Snort mailing list archives
Re: Users and Groups for Snort rules - files
From: Neil Dickey <neil () geol niu edu>
Date: Thu, 17 Apr 2003 16:58:06 -0500 (CDT)
Kit Massengill <KitM () FirstEquipment com> wrote:
Now....speaking of 2.0 rules....I copied the 2.0 rules into the area where I had the 1.9 rules - over the old rules. Now, the rules all have as the "User" 1106 and the "Group" as 2001 - all the other files in the directory (*.map, *.config, etc.) have as "User" 1006 and as "Group" 1006 - the same designations as all of them had when I first installed Snort 1.9...... is all this cool, or do I need to "fix" this.
Those are the uids ( user-ids ) and gids ( group-ids ) of the folks who made those files in the pigpen where Snort was born. The fact that they show up as numbers on your system means that those user and group ids are not currently assigned to anyone on your system. The situation is therefore at best untidy, and could get worse. As a for-instance, if those uids and gids are later assigned to some user then that user will own your Snort rules and could tweak them at will. I'd chown everything to whatever user and group you are running Snort under, and my own practice is to make sure the world cannot visit the directory they are held in or read the rules files themselves. Another suggestion I have is to confine your own rule writing as much as possible to the "local.rules" file. That practice makes migrating to new rules file collections much easier. You may get better answers than mine posted to the list, and, if so, I'll learn something too. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Users and Groups for Snort rules - files Kit Massengill (Apr 17)
- <Possible follow-ups>
- Re: Users and Groups for Snort rules - files Neil Dickey (Apr 17)