Guest
|
Posted: Tue Jul 02, 2002 1:15 am Post subject: Snort ebuild problem |
|
|
The Snort ebuild seems to somewhat broken, config-wise. First of all, the /etc/conf.d/snort file points to a non-existent snort.conf, which causes the -Daemon to die silently. Once that's fixed, the daemon will die silently because the ebuild has it run as "nobody", with whose privileges it can not open or create any of the log files it wants to make.
My question is, what is the best way to set Snort up, short of simply dropping the "-u nobody" from the /etc/conf.d/snort file, which would cause Snort to run as root at all times. I tried chowning the /var/log/snort/ dir to snort.snort (real users and groups, created by the install, which makes me wonder why the ebuild has it running as "nobody" in the first place). For some reason, it still dies, though; it seems like it wants to create SOME the logfiles and dirs as root, but then goes to fopen them as whatever its running as.
So, anybody, have a good way to set this up? I also tried enabling logging through syslog in the snort.conf file, dropping the -l /var/log/snort option, and setting up an appropriate entry in my metalog.conf (yes, I HUPped metalog), but it still wants to log exclusively to /var/log/snort, and dies if it is unable to do so. I searched the forums, and saw only a couple mentions of Snort at all, and no good answers. |
|