On 7 September 2016 at 18:41, Robert Haist <[email protected]> wrote: > > Using this setting the default and creating a suricata user on > installation would be a very good start I think. > > Based on the suricata wiki this might only work for libpcap-mode. But > maybe this information is outdated and can be clarified by some OISF Dev. >
We should consider ownership of logfiles. They are created when suricata is still root and a later HUP signal (reload) could lead to failed reopen because of permissions. Perhaps suricata could fix ownership of logfiles before dropping privileges but I ignore if this is implemented upstream. I don't see a short-term solution right now. -- Arturo Borrero González
