[Oisf-users] suricata -T with run-as

Russell Fulton r.fulton at auckland.ac.nz
Thu Mar 29 19:23:10 UTC 2018

> On 30/03/2018, at 2:53 AM, Jason Ish <ish at unx.ca> wrote:
> On 2018-03-28 09:36 PM, Russell Fulton wrote:
>> Hi
>> I am getting set up with suricata-update and I have come across a minor issue:    once update has processed the rules it runs suricata with the -T option to really sure that the resulting rule file is kosher before reloading it.   This is as it should be :).  I use run-as option to drop to an unprivileged account in suricata.yaml and I have always run pulledpork from an non root account.   Now if I run update from a non root account suricata -T dies when it tried to change uid.  (it dies with a pretty obscure exception).
> Its been too long since I used pulledpork, did it run the Suricata test process as well? How did it deal with permissions?

It does not.  

Good thinking on the command line that can work for me too.   

Thanks, RUssell

More information about the Oisf-users mailing list