Hello,<br><br>I am interested in a quick take from Victor and/or Will as to whether any of these might prove useful as a starting point for implementing feature request 240:<br><br>"Feature 240<br>Explore options for dropping privs to a non-root user on FreeBSD and OSX<br>
We currently use libcap-ng to drop privs to a non-root user but this is only supported on Linux. We had a feature request to the team mailing-list for supporting similar functionality on OSX and FreeBSD."<br><br><br>
Possibility 1: Configure security/sudo to allow Suricata to execute as needed as root. <br>sudo 1.8.1_5 security<br><a href="http://www.freshports.org/security/sudo">http://www.freshports.org/security/sudo</a><br> "Sudo is a program designed to allow a sysadmin to give limited root<br>
privileges to users and log root activity. The basic philosophy is to<br> give as few privileges as possible but still allow people to get their<br> work done."<br><br><br>Possibility 2: The FreeBSD jail subsystem was significantly updated for FreeBSD 7.2, and includes the ability to establish multiple IPv4 and IPv6 addresses per jail.<br>
<br><br>Possibility 3: "The tool is called httpd-guardian and can be used to defend against Denial of Service attacks. It uses the blacklist tool (from the same project) to interact with an iptables-based (Linux) or pf-based (*BSD) firewall, dynamically blacklisting the offending IP addresses. It can also interact with SnortSam (<a href="http://www.snortsam.net">http://www.snortsam.net</a>)."<br>
<a href="http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/07-logging.html">http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/07-logging.html</a> <br><br><br>
Thank you,<br>
<br><br clear="all">James McQuaid<br><a href="http://www.jamesmcquaid.com/JamesMcQuaid.asc" target="_blank">http://www.jamesmcquaid.com/JamesMcQuaid.asc</a><br><br><br>