Snort mailing list archives
Question about Ring PCAP\Snort\Environment Variables
From: "Mark Ewert" <mewert () ihcis com>
Date: Fri, 7 Nov 2003 11:08:08 -0500
Greetings, Sorry if this is documented somewhere - I've searched google and the ring pcap site for the answer and can't find it. I've installed the ring pcap version of libpcap and verified TCPDUMP is using it properly. My question is basically how do I set the PCAP environment variables so that Snort correctly uses them. The trick is that I'm running snort under an account that does not have the rights to login (shell /sbin/nologin etc...) which as I understand it prevents /etc/profile from executing. If I login as a user that has shell login rights the environment variables are set correctly. I am running Snort in daemon mode as well - which I've read differing accounts about it kicking Snort off as root initially then switching to the snort account (not certain about this) - in which case the environment variables set for root who can login might take care of it. Sorry if this is obvious and I've just missed it somewhere - if anyone out there could provide some guidance on how to properly set the PCAP variables for Snort running under an account that has no shell I would be most appreciative. I'm running Snort 2.0.2 but will be upgrading to Snort 2.0.3 soon. THANKS! M --------------------------------------------- Mark F. Ewert, Principal Systems Architect Integrated Healthcare Information Services www.ihcis.com <http://www.ihcis.com/> --------------------------------------------------------------------------- This e-mail and the information transmitted within it is intended only for the recipient(s) to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of; or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please send the e-mail back to notify the sender and delete the message and its contents from any computers and network systems involved in its receipt. Thank you.
Current thread:
- Question about Ring PCAP\Snort\Environment Variables Mark Ewert (Nov 07)
- Re: Question about Ring PCAP\Snort\Environment Variables Phil Wood (Nov 07)
- <Possible follow-ups>
- Question about Ring PCAP\Snort\Environment Variables Mark Ewert (Nov 07)