Snort mailing list archives

Re: Users and Groups for Snort rules - files

From: Neil Dickey <neil () geol niu edu>
Date: Thu, 17 Apr 2003 16:58:06 -0500 (CDT)


Kit Massengill <KitM () FirstEquipment com> wrote:

Now....speaking of 2.0 rules....I copied the 2.0 rules into the area where I
had the 1.9 rules - over the old rules.  
Now, the rules all have as the "User" 1106 and the "Group" as 2001 - all the
other files in the directory (*.map, *.config, etc.) have as "User"  1006
and as "Group" 1006 - the same designations as all of them had when I first
installed Snort 1.9......
is all this cool, or do I need to "fix" this.


Those are the uids ( user-ids ) and gids ( group-ids ) of the folks who
made those files in the pigpen where Snort was born.  The fact that they
show up as numbers on your system means that those user and group ids
are not currently assigned to anyone on your system.  The situation is
therefore at best untidy, and could get worse.  As a for-instance, if
those uids and gids are later assigned to some user then that user will
own your Snort rules and could tweak them at will.

I'd chown everything to whatever user and group you are running Snort
under, and my own practice is to make sure the world cannot visit the
directory they are held in or read the rules files themselves.

Another suggestion I have is to confine your own rule writing as much as
possible to the "local.rules" file.  That practice makes migrating to
new rules file collections much easier.

You may get better answers than mine posted to the list, and, if so, I'll
learn something too.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Users and Groups for Snort rules - files Kit Massengill (Apr 17)
- <Possible follow-ups>
- Re: Users and Groups for Snort rules - files Neil Dickey (Apr 17)