scastle at ...14946...
Tue Feb 1 15:02:07 EST 2011
I have a problem with the signal issue. You REALLY need to read your man
page about signals. On most Linux systems, "man 7 signal" will tell you
what you want, but essentially, you should NEVER use the number of a
signal but always its name, e.g., "kill -USR1 <pid>" or "kill -s USR1
<pid>". The number corresponding to a signal changes with the Unix
implementation and the platform on which it is running.
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
From: Michael Scheidell [mailto:michael.scheidell at ...8144...]
Sent: Tuesday, February 01, 2011 12:36
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Rules with SDF options cannot have other
detection options in the same rule
On 2/1/11 1:56 PM, Joel Esler wrote:
That's not right. I'll bug this on our side for our developers
to take a look.
Would you consider it a bug to fail on a signal 30, if system build with
targetbased, and doesn't have a targets.xml file?
You might ask, why send a signal 30 to reload the targets.xml file if
you don't have system compiled with --enable-targetbased?
(freebsd sends a signal 30 is you send it a SIGUSR1)
I might ask, if --enable-targetbased is NOT specified, why include the
code to look for the targets.xml file?
Michael Scheidell, CTO
> | SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
More information about the Snort-users