Snort mailing list archives
Signals
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Tue, 1 Feb 2011 13:02:07 -0700
I have a problem with the signal issue. You REALLY need to read your man page about signals. On most Linux systems, "man 7 signal" will tell you what you want, but essentially, you should NEVER use the number of a signal but always its name, e.g., "kill -USR1 <pid>" or "kill -s USR1 <pid>". The number corresponding to a signal changes with the Unix implementation and the platform on which it is running. -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: Michael Scheidell [mailto:michael.scheidell () secnap com] Sent: Tuesday, February 01, 2011 12:36 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Rules with SDF options cannot have other detection options in the same rule On 2/1/11 1:56 PM, Joel Esler wrote: That's not right. I'll bug this on our side for our developers to take a look. Joel Would you consider it a bug to fail on a signal 30, if system build with targetbased, and doesn't have a targets.xml file? You might ask, why send a signal 30 to reload the targets.xml file if you don't have system compiled with --enable-targetbased? (freebsd sends a signal 30 is you send it a SIGUSR1) I might ask, if --enable-targetbased is NOT specified, why include the code to look for the targets.xml file? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300
| SECNAP Network Security Corporation
* Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ________________________________ ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Signals Castle, Shane (Feb 01)
- Re: Signals Michael Scheidell (Feb 01)