Snort mailing list archives
Re: Multiple Snort Instances With Identical Interfaces In Daemon
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 6 May 2011 17:49:25 -0400
Eoin, Yes, we are having an internal discussion about different "fix" options we have. I'll report back when we iron it out. J On May 6, 2011, at 4:59 PM, Eoin Miller wrote:
On 5/5/2011 10:17 PM, Eoin Miller wrote:Something else I am noticing, if you use the --pid-path option at the command line and then you have snort exit gracefully, it just decides to leaves the .pid file behind without deleting it? This behavior does not occur unless you use --pid-path when you are daemonizing. -- EoinThink I figured out what is going on with this. 1) Snort fires up using --pid-path=/somedir and is being daemonized as user daemon 2) Snort creates a pid file 3) Snort daemonizes to a less priv user 4) When snort tries to shut down now under the context of the less priv user, it doesn't have rights to delete the pid file that was created by root. Looks like Snort needs to change the uid/gid ownership of the pid file right before it daemonizes like other processes. Otherwise peoples init scripts need to go around cleaning up after it and/or manage the permissions of the directory that the pid file goes into. This was discovered with 2.9.0.5. -- Eoin ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Martin Holste (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Martin Holste (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 07)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon waldo kitty (May 06)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 07)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon waldo kitty (May 07)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 05)
- Re: Multiple Snort Instances With Identical Interfaces In Daemon Martin Holste (May 05)