[Oisf-devel] Suricata Spec File for openSUSE 11.x
Will Metcalf
william.metcalf at gmail.com
Thu Mar 11 15:20:35 UTC 2010
Heya Steve,
Have not forgotten about your drop privs patch, and we have a bug
checked in for the inline functions. We have just been crazy busy. I
think the issue with the drop privs patch is that it can't be applied
to the NFQUEUE run mode and I will have to test PF_RING and IPFW on
FreeBSD, for normal pcap it shouldn't be a problem. I will check in a
bug for the pid file. If you guy's want, feel free to check-in
bugs/issues/feature requests using our redmine site. All you have to
do is register an account, and sign-in. Either way I appreciate the
feedback so if you just want to keep sending stuff to me/the list that
is ok as well.
https://redmine.openinfosecfoundation.org/
Regards,
Will
On Thu, Mar 11, 2010 at 8:57 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday 11 March 2010 09:43:47 am Tedi Heriyanto wrote:
>> Last month I've created a Suricata 0.8 RPM spec file for openSUSE 11.x.
>
> I am not trying to jump your thread, but to get suricata to build with modern
> tools you have to do a couple of changes. The current makefiles produce rpath
> issues. Also, you have to disable inline functions under recent gcc. I
> created a package that is now in rawhide that has the fixes in the spec file. It
> also includes logrotate scripts and an initscript so it can run from system
> boot. You can look at my sources here:
>
> http://cvs.fedoraproject.org/viewvc/rpms/suricata/devel/
>
> Their are still two issues that I think need solving before people start using
> this. One was pointed out by Pierre Chifflier...suricata is not writing out a
> pid file. This is necessary for the daemon to be controlled properly by the
> initscripts. This should be about a 20 line patch. I may send a patch today
> addressing this if no one else does.
>
> The other is that its dissecting malicious packets while running as root. It
> really needs to run under another account and perhaps retain some
> capabilities. I sent a patch for this already, but the discussion trailed
> off...
>
> -Steve
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
More information about the Oisf-devel
mailing list