[ale] snort / snortsam run as non-root user?
Bob Toxen
transam at verysecurelinux.com
Thu Apr 5 19:28:00 EDT 2007
Snort MUST run as root because it opens the Ethernet device (NIC)
in promiscuous mode. Of course you could hack it to change to a
different user once it does this to avoid it snorting up poisoned
packets.
On Wed, Apr 04, 2007 at 10:44:21AM -0400, Jeff Lightner wrote:
> We're preparing to install a server with Linux and then load snort and
> possibly snortsam. Can these be run by non-root users?
>
> My security admin wants to own the OS (e.g. have full root access)
> because he believes he'll need it to use these products.
>
> Before anyone says it: I know it sounds funny to say you don't want the
> security admin having root - he is more a network person than OS so I
> want to retain root control to prevent him from damaging the OS
> accidentally.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
More information about the Ale
mailing list