[Honeywall] Snort_inline log problem

Rob McMillen rvmcmil at gmail.com
Wed Jun 27 21:10:59 EDT 2007


That is right.  In order to get the packet from the firewall and
decide the packet's destiny, you must do it as root.

As far as the inline logging, I would have to look into it as well.
What version honeywall are you using?

Rob

On 6/27/07, Patrick McCarty <patrick at setsuid.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, Jun 27, 2007 at 03:44:24PM -0400, Earl wrote:
> > I don't believe it can drop privs becaus eit needs to be able to
> > drop packets and to restes and other rootly stuff.  Rob/Patrick?
>
> IIRC, it needs root privs because of the interface to the userspace libipq.
>
> Otherwise, any non-priv process could accept, modify, or reject any packet that was sent to userspace from the iptables -j QUEUE target.
>
> There may be other reasons as well, its been a bit since I've looked at that particular piece.
>
> - -- patrick
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFGgs3opPYocrgNjZgRAlazAJ4rUjODRmxd3jaKdIPyo2SKsa77WQCdHd+F
> E5QAW41ANhjc0fUBdy10qSQ=
> =B2l3
> -----END PGP SIGNATURE-----
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>


More information about the Honeywall mailing list