Re: snort in centos not HUPing

[Agus <agus.262 () gmail com>]

Nop.. It seems like in centos HUP aint working. I compiled it with
./configure --enable-dynamicplugin --enable-reload
--enable-linux-smp-stats --enable-zlib --enable-react
--enable-active-response --enable-perfprofiling -enable-flexresp3
--enable-build-dynamic-examples --enable-ipv6
--enable-decoder-preprocessor-rules --enable-debug

I changed the pid path and make snort user owner but snort exits when
it receives the HUP signal. the log shows
Reload via Signal HUP does not work if you aren't root or are chroot'ed.

I am root, but snort runs as snort user. that is the issue. i dont
understand how it works in other distros if not running as root :S

Cheers

2011/4/13 Agus <agus.262 () gmail com>:
> Exactly what i read but couldn't find a way to fix it without giving
> perms to snort to the dir.. i will try your suggestion. thanks for the
> tip..
>
>
>
> 2011/4/13 Jason Wallace <jason.r.wallace () gmail com>:
> > In Gentoo we place the PID file in /var/run/snort/<file.pid> and then
> > set /var/run/snort/ to be owned by the user used to run snort. If you
> > drop root privileges when you start snort then the snort user does not
> > have permissions to delete the pid file from /var/run (typically owned
> > by root).
> >
> > That would be my guess as to what your problem is.
> >
> > Thx,
> > Wally
> >
> > On Wed, Apr 13, 2011 at 10:25 AM, Agus <agus.262 () gmail com> wrote:
> > > Hey guys,
> > >
> > > snort-2903 --enable-reload, centos5, using the rpm/snortd
> > >
> > > Whenever i stop snort i get the error
> > > snort[28654]: Could not remove pid file /var/run//snort_eth0.pid:
> > > Permission denied
> > >
> > > No biggie as it then starts ok; buttt, when i HUP snort it dies with
> > > that same error; so i cant HUP it.
> > >
> > > I googled and found solutions but for other distros that dont work with Centos.
> > >
> > > I tried chown snort:snort to the pid and pid.lck files but same error persists.
> > >
> > > Any help would be appreciated.
> > >
> > > Cheers,
> > >
> > > ------------------------------------------------------------------------------
> > > Forrester Wave Report - Recovery time is now measured in hours and minutes
> > > not days. Key insights are discussed in the 2010 Forrester Wave Report as
> > > part of an in-depth evaluation of disaster recovery service providers.
> > > Forrester found the best-in-class provider in terms of services and vision.
> > > Read this report now!  http://p.sf.net/sfu/ibm-webcastpromo
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users