Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and HUP.

From: Chris Keladis <chris () cmc optus net au>
Date: Tue, 29 Jul 2003 23:44:42 +1000
Evening folks,
I've been reading the FAQ and some old posts on the subject of running snort with the -u / -g switches (not exactly in a chroot() environ), and sending it the SIGHUP signal.
I understand there are two fundamental problems with doing this, one being the relative paths being stuffed up from the execv() call (which is fair enough) and two, as Snort has given up it's root privileges cant re-open the network interface.
I'm wondering if it's worth seeing if i can get Linux to somehow allow the snort user to re-open the ethernet device as the snort user, or does the SIGHUP handler code essentially re-fork Snort such that it loses state and is the same as restarting it? 

I'm guessing the latter to be true, but thought i'd check.




Thanks!

Chris.



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: