Snort mailing list archives
Re: resp and root
From: Chris Green <cmg () sourcefire com>
Date: Tue, 04 Feb 2003 12:09:33 -0500
Paul Schmehl <pauls () utdallas edu> writes:
Has anyone found a different way to open a raw socket through libnet other than running snort as root? I want to try tcp resets, but I'm not to keen on running snort as root. Any wrapper scripts that could be used for this purpose? Is there any consideration for getting snort to start as root and the drop privileges after it has the socket open?
The snort privilege dropping code doesn't have a hook for plugins to use before and after privs are dropped. It'd be nice but if you really want to do that, you can always hack in some cap bits for raw sockets depending on your platform. -- Chris Green <cmg () sourcefire com> Fame may be fleeting but obscurity is forever. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- resp and root Paul Schmehl (Feb 04)
- Re: resp and root Chris Green (Feb 04)