[ale] snort / snortsam run as non-root user?

Bob Toxen transam at verysecurelinux.com
Thu Apr 5 19:28:00 EDT 2007


Snort MUST run as root because it opens the Ethernet device (NIC)
in promiscuous mode.  Of course you could hack it to change to a
different user once it does this to avoid it snorting up poisoned
packets.

On Wed, Apr 04, 2007 at 10:44:21AM -0400, Jeff Lightner wrote:
> We're preparing to install a server with Linux and then load snort and
> possibly snortsam.   Can these be run by non-root users?  
> 
> My security admin wants to own the OS (e.g. have full root access)
> because he believes he'll need it to use these products.  
> 
> Before anyone says it:  I know it sounds funny to say you don't want the
> security admin having root - he is more a network person than OS so I
> want to retain root control to prevent him from damaging the OS
> accidentally.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list