Snort mailing list archives
Re: Problem with permissions when snort ran as user "snort"
From: Evan J <maps.this.address () gmail com>
Date: Fri, 9 Sep 2005 17:25:50 -0400
Exactly a comment I stated a while back. Why doesn't Snort set ownership of log files to snort but root? I understand that in most systems `root' account has privilege to run pcap in premiscuous mode but what about the actual writing to the log files? Sp0ng3 B0b, What is bridge0? Is it the actual name of your interface? Shouldn't it be ep0, xl0, or dc0? Excuse my ignorance for I don't use OpenBSD... On 9/9/05, Sp0ng3 B0b <sp0ng3b0b () sbcglobal net> wrote:
I'm running snort 2.4 on an OpenBSD 3.7 IDS. Snort is started like so: snort -c /etc/snort/snort.conf -i bridge0 -l /var/log/snort -u snort -g snort -D The user snort owns /var/log/snort. Unfortunately, the logfiles permissions are wrong: drwxr-xr-x 2 snort snort 512 Sep 9 07:01 . drwxr-xr-x 3 snort snort 512 Aug 3 22:00 .. -rw------- 1 root snort 2256 Sep 9 07:07 snort.alert.1126274487 -rw------- 1 root snort 39261 Sep 9 07:07 snort.log.1126274487 What am I missing here? ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with permissions when snort ran as user "snort" Sp0ng3 B0b (Sep 09)
- Re: Problem with permissions when snort ran as user "snort" Evan J (Sep 09)
- Re: Problem with permissions when snort ran as user "snort" Sp0ng3 B0b (Sep 09)
- Re: Problem with permissions when snort ran as user "snort" Evan J (Sep 09)