[Oisf-devel] Feature request 240
James McQuaid
jim.mcquaid at gmail.com
Thu Jun 30 01:42:05 UTC 2011
Hello,
I am interested in a quick take from Victor and/or Will as to whether any of
these might prove useful as a starting point for implementing feature
request 240:
"Feature 240
Explore options for dropping privs to a non-root user on FreeBSD and OSX
We currently use libcap-ng to drop privs to a non-root user but this is only
supported on Linux. We had a feature request to the team mailing-list for
supporting similar functionality on OSX and FreeBSD."
Possibility 1: Configure security/sudo to allow Suricata to execute as
needed as root.
sudo 1.8.1_5 security
http://www.freshports.org/security/sudo
"Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done."
Possibility 2: The FreeBSD jail subsystem was significantly updated for
FreeBSD 7.2, and includes the ability to establish multiple IPv4 and IPv6
addresses per jail.
Possibility 3: "The tool is called httpd-guardian and can be used to defend
against Denial of Service attacks. It uses the blacklist tool (from the same
project) to interact with an iptables-based (Linux) or pf-based (*BSD)
firewall, dynamically blacklisting the offending IP addresses. It can also
interact with SnortSam (http://www.snortsam.net)."
http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/07-logging.html
Thank you,
James McQuaid
http://www.jamesmcquaid.com/JamesMcQuaid.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110629/9c28bca4/attachment-0002.html>
More information about the Oisf-devel
mailing list