[Snort-users] snort in centos not HUPing

Agus agus.262 at ...11827...
Wed Apr 13 15:57:39 EDT 2011


Nop.. It seems like in centos HUP aint working. I compiled it with
./configure --enable-dynamicplugin --enable-reload
--enable-linux-smp-stats --enable-zlib --enable-react
--enable-active-response --enable-perfprofiling -enable-flexresp3
--enable-build-dynamic-examples --enable-ipv6
--enable-decoder-preprocessor-rules --enable-debug

I changed the pid path and make snort user owner but snort exits when
it receives the HUP signal. the log shows
Reload via Signal HUP does not work if you aren't root or are chroot'ed.

I am root, but snort runs as snort user. that is the issue. i dont
understand how it works in other distros if not running as root :S

Cheers

2011/4/13 Agus <agus.262 at ...11827...>:
> Exactly what i read but couldn't find a way to fix it without giving
> perms to snort to the dir.. i will try your suggestion. thanks for the
> tip..
>
>
>
> 2011/4/13 Jason Wallace <jason.r.wallace at ...11827...>:
>> In Gentoo we place the PID file in /var/run/snort/<file.pid> and then
>> set /var/run/snort/ to be owned by the user used to run snort. If you
>> drop root privileges when you start snort then the snort user does not
>> have permissions to delete the pid file from /var/run (typically owned
>> by root).
>>
>> That would be my guess as to what your problem is.
>>
>> Thx,
>> Wally
>>
>> On Wed, Apr 13, 2011 at 10:25 AM, Agus <agus.262 at ...11827...> wrote:
>>> Hey guys,
>>>
>>> snort-2903 --enable-reload, centos5, using the rpm/snortd
>>>
>>> Whenever i stop snort i get the error
>>> snort[28654]: Could not remove pid file /var/run//snort_eth0.pid:
>>> Permission denied
>>>
>>> No biggie as it then starts ok; buttt, when i HUP snort it dies with
>>> that same error; so i cant HUP it.
>>>
>>> I googled and found solutions but for other distros that dont work with Centos.
>>>
>>> I tried chown snort:snort to the pid and pid.lck files but same error persists.
>>>
>>> Any help would be appreciated.
>>>
>>> Cheers,
>>>
>>> ------------------------------------------------------------------------------
>>> Forrester Wave Report - Recovery time is now measured in hours and minutes
>>> not days. Key insights are discussed in the 2010 Forrester Wave Report as
>>> part of an in-depth evaluation of disaster recovery service providers.
>>> Forrester found the best-in-class provider in terms of services and vision.
>>> Read this report now!  http://p.sf.net/sfu/ibm-webcastpromo
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>




More information about the Snort-users mailing list