Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem

From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Thu, 10 Apr 2003 17:08:37 -0500
To ignore ALL ICMP traffic from host <foo> using a pass rule:

        pass icmp <foo> any -> $HOME_NET any

And you _MUST_ start snort with the '-o' parameter for the pass rule to work
correctly.
where is the place to put this rule .. ? inside of snort.conf file .. or in other file .. apart .. ? 

Thanx ..


Matt Yackley wrote:


Donnie,
You should be able to put it into the snort.conf file or as part of your
snort startup command/script

Startup option
-m <umask>

Matt

-----Original Message-----
From: Donnie Green Jr [mailto:d_greenjr () hotmail com] Sent: Thursday, April 10, 2003 3:27 PM 
To: snort-users () lists sourceforge net

Where do I place "config umask:xxx"?  I placed the command "umask 0026" in
.bash_profile for "sec", but it did not work.
----- Original Message -----
From: "Erek Adams" <erek () snort org>
To: "Donnie Green" <d_greenjr () hotmail com>
Cc: <snort-users () lists sourceforge net>
Sent: Wednesday, April 09, 2003 2:04 PM
Subject: Re: [Snort-users] /var/log/snort/some.ip.addr.dir/ permissions
problem



On Wed, 9 Apr 2003, Donnie Green wrote:
I have created a user and group both named "sec". In the snort startup script I created the variable SNORT_UID=sec and have placed snort 
.... -u
$SNORT_UID in the configuration so snort is running as the owner/group sec/sec. This works fine but the IPAddr directories created under 
/var/log/snort/* have the permissions 600 and my users part of the "sec"
group do not have permissions to the log information. Did I forget to 
set
the umask for snort somewhere? How can I make the /var/log/snort/some.ip.addr.directory permissions 660? 
config umask: XXX

-----
Erek Adams

  "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The

debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ 
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: