From: Lance S. <la...@ho...> - 2004-03-12 13:47:54
|
On Mar 12, 2004, at 1:56 AM, Pawel Czarnota wrote: > Hey all, > does anyone have a problem running snort_inline with -u option? We can > start > snort_inline with -u USERNAME option, but when the traffic goes > through the > bridge, snort_inline gives us messages for each packet and doesn't go > anything through. Removing -u option works fine. Does anyone see > connection > between this problem and the time stamp mySQL database log problem > (separate > message)? Thanks Based on my experience, you have to run snort_inline in privalleged mode (i.e. root). For some reason, when ran unprivalleged, the process will start, but not let any packets through. I'm assuming this has something to do with the fact it has to interact with individual packets. To help compensate for this security issue, you can help mitigate risk by running snort_inline in a chroot'd environment combined with a kernel security patch, such as SELinux, grsecurity, or systrace. lance |