[Snort-users] Problem with permissions when snort ran as user "snort"

Evan J maps.this.address at ...11827...
Fri Sep 9 14:26:17 EDT 2005


Exactly a comment I stated a while back. Why doesn't Snort set
ownership of log files to snort but root? I understand that in most
systems `root' account has privilege to run pcap in premiscuous mode
but what about the actual writing to the log files?

Sp0ng3 B0b, What is bridge0? Is it the actual name of your interface?
Shouldn't it be ep0, xl0, or dc0? Excuse my ignorance for I don't use
OpenBSD...

On 9/9/05, Sp0ng3 B0b <sp0ng3b0b at ...9090...> wrote:
> I'm running snort 2.4 on an OpenBSD 3.7 IDS.
> 
> Snort is started like so:
> 
> snort -c /etc/snort/snort.conf -i bridge0 -l
> /var/log/snort -u snort -g snort -D
> 
> The user snort owns /var/log/snort.
> 
> Unfortunately, the logfiles permissions are wrong:
> 
> drwxr-xr-x  2 snort  snort    512 Sep  9 07:01 .
> drwxr-xr-x  3 snort  snort    512 Aug  3 22:00 ..
> -rw-------  1 root   snort   2256 Sep  9 07:07
> snort.alert.1126274487
> -rw-------  1 root   snort  39261 Sep  9 07:07
> snort.log.1126274487
> 
> What am I missing here?
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list