[Snort-users] Signals

Castle, Shane scastle at ...14946...
Tue Feb 1 15:02:07 EST 2011


I have a problem with the signal issue. You REALLY need to read your man
page about signals. On most Linux systems, "man 7 signal" will tell you
what you want, but essentially, you should NEVER use the number of a
signal but always its name, e.g., "kill -USR1 <pid>" or "kill -s USR1
<pid>". The number corresponding to a signal changes with the Unix
implementation and the platform on which it is running.

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Michael Scheidell [mailto:michael.scheidell at ...8144...] 
Sent: Tuesday, February 01, 2011 12:36
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Rules with SDF options cannot have other
detection options in the same rule

On 2/1/11 1:56 PM, Joel Esler wrote: 

	That's not right.  I'll bug this on our side for our developers
to take a look.   
	Joel
	


Would you consider it a bug to fail on a signal 30, if system build with
targetbased, and doesn't have a targets.xml file?

You might ask, why send a signal 30 to reload the targets.xml file if
you don't have system compiled with --enable-targetbased?

(freebsd sends a signal 30 is you send it a SIGUSR1)

I might ask, if --enable-targetbased is NOT specified, why include the
code to look for the targets.xml file?




-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> | SECNAP Network Security Corporation 

*	Certified SNORT Integrator
*	2008-9 Hot Company Award Winner, World Executive Alliance
*	Five-Star Partner Program 2009, VARBusiness
*	Best in Email Security,2010: Network Products Guide
*	King of Spam Filters, SC Magazine 2008


________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

________________________________






More information about the Snort-users mailing list