Re: [Snort-users] non-root user cannot run snort
This is a discussion on Re: [Snort-users] non-root user cannot run snort within the Snort forums, part of the System Security and Security Related category; On Tue, 27 Jan 2004 13:38:38 -0500 Matt Kettler <mkettler@evi-inc.com> wrote: > At ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-28-2004
|
|||
|
|||
Re: [Snort-users] non-root user cannot run snort
On Tue, 27 Jan 2004 13:38:38 -0500
Matt Kettler <mkettler@evi-inc.com> wrote: > At 08:09 AM 1/27/2004, Robert Storey wrote: > >It's funny that the Snort users manual makes no mention of this > >issue. I think I will write the authors and suggest that it be > >included. > > Quite frankly, it should be *obvious* that snort can't be directly > executed by a non-root user.... Sorry, I should probably have been more specific. Yes, I know that it would be very unwise to allow any non-root user to initiate a packet-sniffing session. What I should have said is that the User Manual needs to point out how to switch control of the process from root to non-root user after the session is initiated. It's not difficult to do once you know the trick, but it's not intuitive and it's not mentioned at all in the User Manual. Remember, there are lots of newbies (like me) who never saw Snort until a few days ago, and we're leaning as we go along. I've just written to the maintainers of the manual and suggested a couple of sentences be added to demonstrate the procedure. Something else - I did a bit of googling and found a Snort how-to PDF for FreeBSD ("How to setup and secure Snort, MySQL and Acid on FreeBSD 4.7 Release" by Keith Tokash). He makes the excellent suggestion of creating a non-privileged user (Snortman) who doesn't have a shell, so no possibility of logging in and doing damage. You can find a copy here: www.snort.org/ docs/FreeBSD47RELEASE-Snort-MySQLVer1-3.pdf > Not to be rude, but... I never take offense by what people say on mailing lists. I appreciate all the help that I receive. Feel free to point out when I've said something stupid. best regards, Robert Part-time idiot system-administrator ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
