Snort mailing list archives
Re: non-root user cannot run snort
From: Robert Storey <y2kbug () ms25 hinet net>
Date: Wed, 28 Jan 2004 14:43:07 +0800
On Tue, 27 Jan 2004 13:38:38 -0500 Matt Kettler <mkettler () evi-inc com> wrote:
At 08:09 AM 1/27/2004, Robert Storey wrote:It's funny that the Snort users manual makes no mention of this issue. I think I will write the authors and suggest that it be included.Quite frankly, it should be *obvious* that snort can't be directly executed by a non-root user....
Sorry, I should probably have been more specific. Yes, I know that it would be very unwise to allow any non-root user to initiate a packet-sniffing session. What I should have said is that the User Manual needs to point out how to switch control of the process from root to non-root user after the session is initiated. It's not difficult to do once you know the trick, but it's not intuitive and it's not mentioned at all in the User Manual. Remember, there are lots of newbies (like me) who never saw Snort until a few days ago, and we're leaning as we go along. I've just written to the maintainers of the manual and suggested a couple of sentences be added to demonstrate the procedure. Something else - I did a bit of googling and found a Snort how-to PDF for FreeBSD ("How to setup and secure Snort, MySQL and Acid on FreeBSD 4.7 Release" by Keith Tokash). He makes the excellent suggestion of creating a non-privileged user (Snortman) who doesn't have a shell, so no possibility of logging in and doing damage. You can find a copy here: www.snort.org/ docs/FreeBSD47RELEASE-Snort-MySQLVer1-3.pdf
Not to be rude, but...
I never take offense by what people say on mailing lists. I appreciate all the help that I receive. Feel free to point out when I've said something stupid. best regards, Robert Part-time idiot system-administrator ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- non-root user cannot run snort Robert Storey (Jan 26)
- Re: non-root user cannot run snort Edin Dizdarevic (Jan 26)
- Re: non-root user cannot run snort Erwin Van de Velde (Jan 26)
- Re: non-root user cannot run snort d_greenjr (Jan 26)
- Re: non-root user cannot run snort Robert Storey (Jan 27)
- Re: non-root user cannot run snort Robert Storey (Jan 27)
- Re: non-root user cannot run snort Matt Kettler (Jan 27)
- Re: non-root user cannot run snort Robert Storey (Jan 27)
- Re: non-root user cannot run snort Edin Dizdarevic (Jan 29)
- Re: non-root user cannot run snort Edin Dizdarevic (Jan 27)
- Re: non-root user cannot run snort Matt Kettler (Jan 27)
- Re: non-root user cannot run snort Brian (Jan 31)
- <Possible follow-ups>
- RE: non-root user cannot run snort Grime, Richard S (Jan 26)
- location to download barnyard samwun (Jan 26)