From: Chris G. <cm...@ua...> - 2003-10-13 14:20:02
|
jh <jh...@do...> writes: > This brings up a point I had brought up with Jon - I don't think it's > a good idea to toss out the ipaudit user. Ipaudit daemon should drop > privs and run as the ipaudit user/group. > > Aside from that, the cgi should also run as the ipaudit user (as we > are recommending now with suexec). I don't like the web user running as the same as the sniffing user because it means that a web compromise == being able to take over the process that has an open pcap fd. -- Chris Green <cm...@so...> Let not the sands of time get in your lunch. |