[Snort-users] Snort and HUP.

Chris Keladis chris at ...6400...
Tue Jul 29 08:54:09 EDT 2003


Evening folks,

I've been reading the FAQ and some old posts on the subject of running 
snort with the -u / -g switches (not exactly in a chroot() environ), and 
sending it the SIGHUP signal.

I understand there are two fundamental problems with doing this, one 
being the relative paths being stuffed up from the execv() call (which 
is fair enough) and two, as Snort has given up it's root privileges cant 
re-open the network interface.

I'm wondering if it's worth seeing if i can get Linux to somehow allow 
the snort user to re-open the ethernet device as the snort user, or does 
the SIGHUP handler code essentially re-fork Snort such that it loses 
state and is the same as restarting it?

I'm guessing the latter to be true, but thought i'd check.




Thanks!

Chris.





More information about the Snort-users mailing list