On Fri, 2002-09-27 at 16:05, Burton M. Strauss III wrote: > You start ntop running as root. It tests for nmap and also opens the > interface (libpcap) in promiscuous mode before it gives up privledges. > > If you can't start ntop as root, then use the -s | --no-promiscuous flag and > don't expect to be able to use nmap. >
Or you can do what I've done on all of my Linux ntop boxes. I've added grsecurity(http://www.grsecurity.net), including acl support. Then I set /usr/sbin/nmap to suid root. Then I put in my /etc/grsec/acl / { /usr/bin/nmap h } /usr/sbin/ntop { /usr/sbin/nmap rx } What this says is that /usr/bin/nmap is hidden.. all processes cannot even see that it exists(including root owned processes...). But, when /usr/sbin/ntop tries to run nmap, it is able to see and run it just fine. :-D I'm sure similar things exist on other unices. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
