[Snort-users] [OBSD 3.4 and Snort 2.0.0b72] snort does not handle kill -hup well when user/group param specified

Calyth calyth at ...9344...
Mon May 3 02:56:07 EDT 2004


I'm not sure whether this is a known issue or not, but a search on the 
mailing list doesn't turn up anything.
I suppose this can be logical, but if one starts snort and specify the 
username and group, snort won't respond well to a kill -HUP. 
Specifically, if you tried to use newsyslog to rotate the text log.
I know that many uses barnyard, but I don't think a) that my firewall 
have too much traffic to make barnyard a requirement, and b) I don't 
particularly want to bog down this (or another machine) with a database 
system for the traffic that I have. But I still would like to have the 
added safety for snort to change to another user after getting the 
sniffing privledge.
I would like to know whether can be addressed with developement. I 
somehow think that this might be impossible due to the way priviledges 
are handled...

Benton Lam





More information about the Snort-users mailing list