Re: [Snort-users] Problem with permissions when snort ran as user "snort"
This is a discussion on Re: [Snort-users] Problem with permissions when snort ran as user "snort" within the Snort forums, part of the System Security and Security Related category; What's odd is that it did work fine, until a reboot. Bridge0 is a bridged interface (bonded interface in ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-10-2005
|
|||
|
|||
Re: [Snort-users] Problem with permissions when snort ran as user "snort"
What's odd is that it did work fine, until a reboot.
Bridge0 is a bridged interface (bonded interface in linux). I use netoptics taps and aggregate the monitor ports on the IDS. --- Evan J <maps.this.address@gmail.com> wrote: > Exactly a comment I stated a while back. Why doesn't > Snort set > ownership of log files to snort but root? I > understand that in most > systems `root' account has privilege to run pcap in > premiscuous mode > but what about the actual writing to the log files? > > Sp0ng3 B0b, What is bridge0? Is it the actual name > of your interface? > Shouldn't it be ep0, xl0, or dc0? Excuse my > ignorance for I don't use > OpenBSD... > > On 9/9/05, Sp0ng3 B0b <sp0ng3b0b@sbcglobal.net> > wrote: > > I'm running snort 2.4 on an OpenBSD 3.7 IDS. > > > > Snort is started like so: > > > > snort -c /etc/snort/snort.conf -i bridge0 -l > > /var/log/snort -u snort -g snort -D > > > > The user snort owns /var/log/snort. > > > > Unfortunately, the logfiles permissions are wrong: > > > > drwxr-xr-x 2 snort snort 512 Sep 9 07:01 . > > drwxr-xr-x 3 snort snort 512 Aug 3 22:00 .. > > -rw------- 1 root snort 2256 Sep 9 07:07 > > snort.alert.1126274487 > > -rw------- 1 root snort 39261 Sep 9 07:07 > > snort.log.1126274487 > > > > What am I missing here? > > > > > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is Sponsored by the Better Software > Conference & EXPO > > September 19-22, 2005 * San Francisco, CA * > Development Lifecycle Practices > > Agile & Plan-Driven Development * Managing > Projects & Teams * Testing & QA > > Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or > unsubscribe: > > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software > Conference & EXPO > September 19-22, 2005 * San Francisco, CA * > Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects > & Teams * Testing & QA > Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or > unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
