[Snort-devel] Test Mode of snort-1.9

Dirk Geschke Dirk_Geschke at ...802...
Wed Oct 23 03:26:03 EDT 2002


Hi all, 

actually the test of the snort configuration via the -T option
requires root privileges. The reason is that snort tries to open
the network interface.

Therefore it would be nice to wrap these lines in snort.c:

225 if (!pv.test_mode_flag) 
226   {
227     if(!pv.readmode_flag)
228     {
229         DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Opening interface: %s\n", 
PRINT_INTERFACE(pv.interfaces[0])););
230         /* open up our libpcap packet capture interface */
231         InitializeInterfaces();
232     }
233     else
234     {
235         DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Opening file: %s\n", 
pv.readfile););
236 
237         /* open the packet file for readback */
238         OpenPcap(pv.readfile, 0);
239     }
240   }

This way you can test the rules without root privileges. Additionally 
you should also mention another log directory witch the -l option to 
avoid the necessity of a user (or world?) writable log directory...

Best regards

Dirk
-- 
+------------------------------------------------------------+
| Dr. Dirk Geschke            | E-mail: geschke at ...802...     |
| Gesellschaft fuer Netzwerk  | Tel.  : +49-(0)-89-991950-31 |
| und Unix Administration mbH | Fax   : +49-(0)-89-991950-99 |
| 85551 Kirchheim / Germany   | Raeter Stra/3e 26            |
+------------------------------------------------------------+






More information about the Snort-devel mailing list