Snort mailing list archives
Snort priv. drop and chroot before/after changing uid/gid
From: Bill Parker <wp02855 () gmail com>
Date: Thu, 10 Sep 2015 14:09:38 -0700
Hi All, I ran into an instance where having snort set it's UID/GID before dropping priv/chroot can lead to a problem creating a .PID in /var/run, due to user permissions. I know this behavior was changed in reading the Snort Changelog, but perhaps a CLI switch could be added to write PID before changing to user/group, rather than afterwards? Bill p.s. - when this happens, the snort script daemon can't find the correct PID to kill is why I'm mentioning it :)
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort priv. drop and chroot before/after changing uid/gid Bill Parker (Sep 10)
- Re: Snort priv. drop and chroot before/after changing uid/gid Ed Borgoyn (eborgoyn) (Sep 11)