[Snort-devel] v1.7 file ownerships

Paul Cardon paul at ...186...
Sun Jan 7 00:11:19 EST 2001


Fyodor wrote:
> 
> On Fri, Jan 05, 2001 at 02:47:58PM -0800, Erek Adams wrote:
> >
> > I was using a modified config from 1.5.1, so I decided that I needed to just
> > rework it all using 1.7.  In doing so, I noticed a ownership problem.
> >
> > Started with:
> > /usr/local/bin/snort -c /local/home/snort/snort.conf -t /local/home/snort -u
> > snort -g snort -h 10.10.10.64/27
> >
> > Snort seems to be creating portscan.log and alert.full before the UID change.
> 
> I just looked through the code, looks like we can not fix this problem by simply moving
> chroot  code from one place to another, because these files are created at the same
> time when snort.conf is being read. Here are a few ideas which I think we could use
> to fix the problem:
> 
> 1. Do `chown of the files after they are created. (might be a bit ugly).
> 2. Setup a requirement that snort.conf should be within chroot directory. (named works this way).
> 3. Read/hash snort.conf and then chroot. (might be pain if the rules file is huge).

1 is the least amount of work, but 2 seems to be the cleanest solution. 
Are there any good reasons not to do 2?

-paul




More information about the Snort-devel mailing list