[ale] snort / snortsam run as non-root user?

Christopher Fowler cfowler at outpostsentinel.com
Wed Apr 4 12:23:33 EDT 2007


I think the point is that if the guy fubars the OS then who is
responsible for clean up?  a VM will not protect against that either.
Jeff will be fixing the VM.  Also I think the VM idea is bad for snort
since snort will be processing packets on the interface at a  high rate
of speed.  The more bandwidth on the network being used the more snort
is working.  VMs are good for apps that set idle most of the time.

What I would do is install Linux, Snort and _EVERYTHING_ he needs.
Image the system and give him the keys.  If he messes it then just write
the image back to the drives and give him the keys again.  Repeat as
needed.  

Backup the snort configs and data to another computer and restore those
if needed.


On Wed, 2007-04-04 at 10:58 -0500, Preston Boyington wrote:
> Jeff Lightner wrote:
> > We?re preparing to install a server with Linux and then load snort and
> > possibly snortsam.   Can these be run by non-root users? 
> > 
> > My security admin wants to own the OS (e.g. have full root access)
> > because he believes he?ll need it to use these products. 
> > 
> 
> better qualified persons than i will respond, but i am curious...could a
> virtual machine be used in this situation to safeguard yourself while
> appeasing the other person?  although it might not fit your particular
> situation..
> 
> (and in case anyone is wondering "appease" was my random word of the
> day)  ;)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale




More information about the Ale mailing list