[Snort-devel] Problems with umask on Snort 3

Noah Dietrich noah_dietrich at 86penny.org
Thu Jan 3 13:08:58 EST 2019


I am trying to get the umask option (-m) working with snort 3, and i'm not
sure what is going wrong.  I'm trying to have Snort generate logs that
users and other can read (644), but when I use the -m option with snort, I
don't get the results i expect.  I can only seem to affect the read and
write owner portion of the permissions. For example:

-m 0x000   leads to -rw-------
-m 0x01FF leads to ----------
-m 0x00FF leads to -r--------

without using the -m flag, the default permissions are -rw-------

The command i'm running is
sudo snort -c /usr/local/etc/snort/snort.lua -r
~/pcaps/maccdc2012_00000.pcap -l /var/log/test -s 65535 -k none -q -m 0x00FF

Version of snort:
noah at snort3:~$ snort -V
   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.0.0 (Build 250) from 2.9.11
   ''''    By Martin Roesch & The Snort Team
           Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 2.2.2
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 1.1.0g  2 Nov 2017
           Using libpcap version 1.8.1
           Using PCRE version 8.39 2016-06-14
           Using ZLIB version 1.2.11
           Using FlatBuffers 1.10.0
           Using Hyperscan version 5.0.0 2018-12-08
           Using LZMA version 5.2.2

I'm not sure if i'm doing something wrong, or if this is a bug.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20190103/b6501cbf/attachment.html>

More information about the Snort-devel mailing list