Outstanding issues
Russell Fulton
r.fulton at auckland.ac.nz
Mon Sep 25 02:57:53 EDT 2006
Darren Spruell wrote:
> On 9/24/06, carter at qosient.com <carter at qosient.com> wrote:
>
> If it's worth anything, reference code in OpenBSD is open and easily
> found (http://www.openbsd.org/cgi-bin/cvsweb.cgi) and several programs
> make use of these features.
>
The openbsd deamons are mostly forking ones, i.e. ones that listen on a
port for incoming connections and then fork a process to handle the client.
>
> 3rd party apps that handle it as well come to mind:
>
> snort(8)
snort is very close to what argus needs. It allows you to specify which
user and group to run as after it has connected to the pcap/bpf -- it
also has a chroot option (that I use).
would it simplify things if these options were only available via the
config file? The argus option space is already very crowded and has
been for a very long time -- that's why I selected 'z' for the original
"print flags option" back in the days of 1.8...
Cheers, Russell
More information about the argus
mailing list