snort???

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
mneese
Forum Regular
Forum Regular
Posts: 218
Joined: Thu Apr 23, 2009 12:08 pm

snort???

Unread post by mneese »

I did updates from your repository yesterday: psa-proftp, mysql, and today i get this message from my rkhunter scan


Warning: Users have been added to the passwd file:
snortd:x:62:62:Snort Daemon:/var/lib/snort:/sbin/nologin
Warning: Groups have been added to the group file:
snortd:x:62:


What is that? Is this something bad? I didn't put this there, so could it be some kind of snoop?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: snort???

Unread post by scott »

Snort (www.snort.org) is a network based intrusion detection system. You might wanna check your yum logs to see how you got that installed
mneese
Forum Regular
Forum Regular
Posts: 218
Joined: Thu Apr 23, 2009 12:08 pm

Re: snort???

Unread post by mneese »

got it from art. guess i did not check what was being installed.

May 11 09:41:11 Installed: mysql-libs-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Updated: mysql-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Installed: 14:libpcap-0.9.4-14.el5.x86_64
May 11 09:41:13 Installed: libprelude-0.9.21.2-1.el5.art.x86_64
May 11 09:41:14 Installed: snort-2.8.1-5.el5.art.x86_64
May 11 09:41:16 Updated: mysql-server-5.0.79-1.el5.art.x86_64


So, i assume if from you that all is well. Correct. Therefore i should go ahead and configure? Is this something you recommend?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: snort???

Unread post by scott »

That would indicate to me that something else you had on the system has installed it as a dependency. Prelude perhaps, etc. Anyway, I cant really say yes or no here, this is one of those "it depends" things.
Post Reply