[Snort-users] snort 184.108.40.206 won't daemonize, OpenBSD 4.7
jesler at ...1935...
Fri Apr 8 17:02:58 EDT 2011
I know there were some corrections made for OpenBSD in 220.127.116.11, try and
On Fri, Apr 8, 2011 at 4:51 PM, Olaf Schreck <chakl at ...931...> wrote:
> Replying to self with a workaround solution, for the archives
> > snort 18.104.22.168 on OpenBSD 4.7, running fine, but won't daemonize.
> Is anyone running snort 2.9 on OpenBSD 4.7 or 4.8 who does NOT have this
> I had a look at the daemonize code in util.c and rebuilt snort with
> "CPPFLAGS=-DDEBUG sh configure.sh ..." to see the debug messages. As
> expected, the daemon parent waits for a "child ready" signal that never
> arrives while the daemon child claims to have sent it. Signal is
> SIGCONT as defined in snort.h:
> #define SIGNAL_SNORT_CHILD_READY 29
> So for some obscure reason, the daemon parent does not see SIGCONT from
> the daemon child. In the OpenBSD manpage for kill(2) I noticed
> Setuid and setgid processes are dealt with slightly differently.
> For the non-root user, to prevent attacks against such processes,
> some signal deliveries are not permitted and return the error
> EPERM. The following signals are allowed through to this class
> of processes: SIGKILL, SIGINT, SIGTERM, SIGSTOP, SIGTTIN, SIGTTOU,
> SIGTSTP, SIGHUP, SIGUSR1, SIGUSR2.
> Since SIGCONT was not mentioned in the list above, I tried changing the
> "child-ready" signal to SIGUSR2:
> #define SIGNAL_SNORT_CHILD_READY 31
> Works fine as expected.
> And no, I did not specify setuid/setgid on the command line or in
> snort.conf, and ran it as root. I have no idea why SIGCONT is filtered
> here, but SIGUSR2 is not.
> > At the
> > end of the startup messages it says:
> > Spawning daemon child...
> > My daemon child 3777 lives...
> > 0x8151dc00*running 15 -c-------f 0000 main
> > but it doesn't come back to the shell prompt. I can ^C out and see the
> > snort child process. With ^Z, I see 2 snort processes. Obviously the
> > parent won't exit while daemonizing. Any clues why?
> > The daemonized child runs and alerts just fine.
> > This happens regardless whether I use -D on the cmdline, "config daemon"
> > in snort.conf, or both.
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users