[Snort-users] Snort and HUP.
chris at ...6400...
Tue Jul 29 08:54:09 EDT 2003
I've been reading the FAQ and some old posts on the subject of running
snort with the -u / -g switches (not exactly in a chroot() environ), and
sending it the SIGHUP signal.
I understand there are two fundamental problems with doing this, one
being the relative paths being stuffed up from the execv() call (which
is fair enough) and two, as Snort has given up it's root privileges cant
re-open the network interface.
I'm wondering if it's worth seeing if i can get Linux to somehow allow
the snort user to re-open the ethernet device as the snort user, or does
the SIGHUP handler code essentially re-fork Snort such that it loses
state and is the same as restarting it?
I'm guessing the latter to be true, but thought i'd check.
More information about the Snort-users