NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2003-04

Re: [Snort-users] /var/log/snort/some.ip.addr.dir/ permissions pr oblem

From: David Alonso De La Vega Tapage (delavegadbancoaliado.com)
Date: Thu Apr 10 2003 - 17:08:37 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To ignore ALL ICMP traffic from host <foo> using a pass rule:

pass icmp <foo> any -> $HOME_NET any

And you _MUST_ start snort with the '-o' parameter for the pass rule to work
correctly.

where is the place to put this rule .. ? inside of snort.conf file ..
or in other file .. apart .. ?

Thanx ..

Matt Yackley wrote:

>Donnie,
>You should be able to put it into the snort.conf file or as part of your
>snort startup command/script
>
>Startup option
>-m <umask>
>
>Matt
>
>-----Original Message-----
>From: Donnie Green Jr [mailto:d_greenjrhotmail.com]
>Sent: Thursday, April 10, 2003 3:27 PM
>To: snort-userslists.sourceforge.net
>
>Where do I place "config umask:xxx"? I placed the command "umask 0026" in
>.bash_profile for "sec", but it did not work.
>----- Original Message -----
>From: "Erek Adams" <ereksnort.org>
>To: "Donnie Green" <d_greenjrhotmail.com>
>Cc: <snort-userslists.sourceforge.net>
>Sent: Wednesday, April 09, 2003 2:04 PM
>Subject: Re: [Snort-users] /var/log/snort/some.ip.addr.dir/ permissions
>problem
>
>
>
>
>>On Wed, 9 Apr 2003, Donnie Green wrote:
>>
>>
>>
>>>I have created a user and group both named "sec". In the snort
>>>startup script I created the variable SNORT_UID=sec and have placed
>>>snort
>>>
>>>
>.... -u
>
>
>>>$SNORT_UID in the configuration so snort is running as the
>>>owner/group sec/sec. This works fine but the IPAddr directories
>>>created under
>>>/var/log/snort/* have the permissions 600 and my users part of the "sec"
>>>group do not have permissions to the log information. Did I forget
>>>to
>>>
>>>
>set
>
>
>>>the umask for snort somewhere? How can I make the
>>>/var/log/snort/some.ip.addr.directory permissions 660?
>>>
>>>
>>config umask: XXX
>>
>>-----
>>Erek Adams
>>
>> "When things get weird, the weird turn pro." H.S. Thompson
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Etnus, makers of TotalView, The
>>
>>
>debugger
>
>
>>for complex code. Debugging C/C++ programs can leave you feeling lost
>>and disoriented. TotalView can help you find your way. Available on
>>major UNIX and Linux platforms. Try it free. www.etnus.com
>>_______________________________________________
>>Snort-users mailing list
>>Snort-userslists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
>for complex code. Debugging C/C++ programs can leave you feeling lost and
>disoriented. TotalView can help you find your way. Available on major UNIX
>and Linux platforms. Try it free. www.etnus.com
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
>for complex code. Debugging C/C++ programs can leave you feeling lost and
>disoriented. TotalView can help you find your way. Available on major UNIX
>and Linux platforms. Try it free. www.etnus.com
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]