On 04/28/09 15:27, James Carlson wrote: > Joep Vesseur writes: >> > If it's not suid (as ping is), I presume that snort needs something >> > like net_observibility or net_raw_access to run properly. How does >> > it get that or any other privileges it may need? >> > What Rights Profile (and exec_attr(4) properties are required)? >> >> sort monitors logfiles; if it can read those, there's no need for additional >> privileges. > > Snort does far more than just read files. It links to libpcap and can > snoop on network interfaces in real time. To do *that*, it will > require elevated privileges.
Ah, ok, I guess my snort knowledge is out of date then. Sorry for the noise. Joep
