Page 1 of 1
snort???
Posted: Tue May 12, 2009 3:49 pm
by mneese
I did updates from your repository yesterday: psa-proftp, mysql, and today i get this message from my rkhunter scan
Warning: Users have been added to the passwd file:
snortd
62:62:Snort Daemon:/var/lib/snort:/sbin/nologin
Warning: Groups have been added to the group file:
snortd
62:
What is that? Is this something bad? I didn't put this there, so could it be some kind of snoop?
Re: snort???
Posted: Tue May 12, 2009 5:02 pm
by scott
Snort (
www.snort.org) is a network based intrusion detection system. You might wanna check your yum logs to see how you got that installed
Re: snort???
Posted: Tue May 12, 2009 6:54 pm
by mneese
got it from art. guess i did not check what was being installed.
May 11 09:41:11 Installed: mysql-libs-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Updated: mysql-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Installed: 14:libpcap-0.9.4-14.el5.x86_64
May 11 09:41:13 Installed: libprelude-0.9.21.2-1.el5.art.x86_64
May 11 09:41:14 Installed: snort-2.8.1-5.el5.art.x86_64
May 11 09:41:16 Updated: mysql-server-5.0.79-1.el5.art.x86_64
So, i assume if from you that all is well. Correct. Therefore i should go ahead and configure? Is this something you recommend?
Re: snort???
Posted: Wed May 13, 2009 8:40 am
by scott
That would indicate to me that something else you had on the system has installed it as a dependency. Prelude perhaps, etc. Anyway, I cant really say yes or no here, this is one of those "it depends" things.
62:62:Snort Daemon:/var/lib/snort:/sbin/nologin