Red Hat Bugzilla – Bug 452763
snort should not run as root
Last modified: 2015-07-10 09:46:13 EDT
Description of problem:
Because snort parses malicious network packets, it should not run as root in
case there is a flaw. The uid 62 was allocated in the setup rpm for the snortd
user. The spec file should have a %pre section that adds the user and updates
made to the /etc/sysconfig/snort file.
getent passwd snortd >/dev/null || \
/usr/sbin/useradd -M -o -r -d / -s /sbin/nologin \
-c "Snort Daemon" -u 62 snortd > /dev/null 2>&1 || :
# What user account should we run under.
# What group account should we run under.
There may need to be some updating of directory permissions too with this patch
Version-Release number of selected component (if applicable):
Turns out after this change, the prelude plugin cannot access its config data.
The plugin should be started before dropping privs. I'll work out a patch that
This bug has been triaged
snort was removed from fedora years ago