[Snort-users] /var/log/snort/some.ip.addr.dir/ permissions pr oblem

David Alonso De La Vega Tapage delavegad at ...7768...
Thu Apr 10 15:02:10 EDT 2003


To ignore ALL ICMP traffic from host <foo> using a pass rule:

	pass icmp <foo> any -> $HOME_NET any

And you _MUST_ start snort with the '-o' parameter for the pass rule to work
correctly.


where is the place to put this rule .. ?   inside of snort.conf file .. 
 or in other file ..  apart .. ?

Thanx ..


Matt Yackley wrote:

>Donnie,
>You should be able to put it into the snort.conf file or as part of your
>snort startup command/script
>
>Startup option
>-m <umask>
>
>Matt
>
>-----Original Message-----
>From: Donnie Green Jr [mailto:d_greenjr at ...125...] 
>Sent: Thursday, April 10, 2003 3:27 PM
>To: snort-users at lists.sourceforge.net
>
>Where do I place "config umask:xxx"?  I placed the command "umask 0026" in
>.bash_profile for "sec", but it did not work.
>----- Original Message -----
>From: "Erek Adams" <erek at ...950...>
>To: "Donnie Green" <d_greenjr at ...125...>
>Cc: <snort-users at lists.sourceforge.net>
>Sent: Wednesday, April 09, 2003 2:04 PM
>Subject: Re: [Snort-users] /var/log/snort/some.ip.addr.dir/ permissions
>problem
>
>
>  
>
>>On Wed, 9 Apr 2003, Donnie Green wrote:
>>
>>    
>>
>>>I have created a user and group both named "sec".  In the snort 
>>>startup script I created the variable SNORT_UID=sec and have placed 
>>>snort
>>>      
>>>
>.... -u
>  
>
>>>$SNORT_UID in the configuration so snort is running as the 
>>>owner/group sec/sec.  This works fine but the IPAddr directories 
>>>created under
>>>/var/log/snort/* have the permissions 600 and my users part of the "sec"
>>>group do not have permissions to the log information.  Did I forget 
>>>to
>>>      
>>>
>set
>  
>
>>>the umask for snort somewhere?  How can I make the 
>>>/var/log/snort/some.ip.addr.directory permissions 660?
>>>      
>>>
>>config umask: XXX
>>
>>-----
>>Erek Adams
>>
>>   "When things get weird, the weird turn pro."   H.S. Thompson
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Etnus, makers of TotalView, The
>>    
>>
>debugger
>  
>
>>for complex code. Debugging C/C++ programs can leave you feeling lost 
>>and disoriented. TotalView can help you find your way. Available on 
>>major UNIX and Linux platforms. Try it free. www.etnus.com 
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>    
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
>for complex code. Debugging C/C++ programs can leave you feeling lost and
>disoriented. TotalView can help you find your way. Available on major UNIX
>and Linux platforms. Try it free. www.etnus.com
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
>for complex code. Debugging C/C++ programs can leave you feeling lost and 
>disoriented. TotalView can help you find your way. Available on major UNIX 
>and Linux platforms. Try it free. www.etnus.com
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030410/d371188c/attachment.html>


More information about the Snort-users mailing list