argus in chroot, privilege seperation/revocation
carter at qosient.com
carter at qosient.com
Mon Sep 18 08:06:05 EDT 2006
Darren,
Running with priviledges is not required, depending on what you're trying to do, but the biggest hurdle is providing argus with access to packets to monitor.
If you do not want to run as root, you will have to modify the permissions on the network interface so that argus can open it for reading.
Argus already does chroot itself, but if I took that code out, it's trivial to put it back!!!!
Where do you want to chroot to?
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "Darren Spruell" <phatbuckett at gmail.com>
Date: Sun, 17 Sep 2006 20:40:36
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] argus in chroot, privilege seperation/revocation
While I realize some IP-level access control can go a long way, I
wonder if there is yet support in (or on the way) for argus(8) to run
as a lower privileged user and/or in a chroot. If not native support
in argus for chroot, is it easy enough to chroot manually? And if not
supported yet, has it been a matter of "waiting for patches" or "too
difficult given the current codebase?"
--
Darren Spruell
phatbuckett at gmail.com
More information about the argus
mailing list