Snort mailing list archives
Snort and HUP.
From: Chris Keladis <chris () cmc optus net au>
Date: Tue, 29 Jul 2003 23:44:42 +1000
Evening folks,I've been reading the FAQ and some old posts on the subject of running snort with the -u / -g switches (not exactly in a chroot() environ), and sending it the SIGHUP signal.
I understand there are two fundamental problems with doing this, one being the relative paths being stuffed up from the execv() call (which is fair enough) and two, as Snort has given up it's root privileges cant re-open the network interface.
I'm wondering if it's worth seeing if i can get Linux to somehow allow the snort user to re-open the ethernet device as the snort user, or does the SIGHUP handler code essentially re-fork Snort such that it loses state and is the same as restarting it?
I'm guessing the latter to be true, but thought i'd check. Thanks! Chris. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and HUP. Chris Keladis (Jul 29)