Re: [Snort-users] Problem with permissions when snort ran as user "snort"
This is a discussion on Re: [Snort-users] Problem with permissions when snort ran as user "snort" within the Snort forums, part of the System Security and Security Related category; Exactly a comment I stated a while back. Why doesn't Snort set ownership of log files to snort but ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-09-2005
|
|||
|
|||
Re: [Snort-users] Problem with permissions when snort ran as user "snort"
Exactly a comment I stated a while back. Why doesn't Snort set
ownership of log files to snort but root? I understand that in most systems `root' account has privilege to run pcap in premiscuous mode but what about the actual writing to the log files? Sp0ng3 B0b, What is bridge0? Is it the actual name of your interface? Shouldn't it be ep0, xl0, or dc0? Excuse my ignorance for I don't use OpenBSD... On 9/9/05, Sp0ng3 B0b <sp0ng3b0b@sbcglobal.net> wrote: > I'm running snort 2.4 on an OpenBSD 3.7 IDS. >=20 > Snort is started like so: >=20 > snort -c /etc/snort/snort.conf -i bridge0 -l > /var/log/snort -u snort -g snort -D >=20 > The user snort owns /var/log/snort. >=20 > Unfortunately, the logfiles permissions are wrong: >=20 > drwxr-xr-x 2 snort snort 512 Sep 9 07:01 . > drwxr-xr-x 3 snort snort 512 Aug 3 22:00 .. > -rw------- 1 root snort 2256 Sep 9 07:07 > snort.alert.1126274487 > -rw------- 1 root snort 39261 Sep 9 07:07 > snort.log.1126274487 >=20 > What am I missing here? >=20 >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practic= es > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & Q= A > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
