Running as a dedicated user is better from both a security and an
isolation perspective than running as root.
Signed-off-by: John Audia <[email protected]>
PKG_NAME:=snort3
PKG_VERSION:=3.9.6.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)?
+kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \
+PACKAGE_gperftools:gperftools \
+PACKAGE_vectorscan:vectorscan
+ USERID:=snort=975:snort=975
TITLE:=Lightweight Network Intrusion Detection System
URL:=http://www.snort.org/
MENU:=1
procd_set_param env SNORT_LUA_PATH="$config_dir"
procd_set_param file $CONFIGFILE
fi
+ [ -x /sbin/ujail -a -e /etc/capabilities/snort.json ] && {
+ chown -R snort:snort "$config_dir"
+ procd_add_jail snort
+ procd_set_param capabilities /etc/capabilities/snort.json
+ procd_set_param user snort
+ procd_set_param group snort
+ procd_set_param no_new_privs 1
+ }
procd_set_param respawn
procd_set_param stdout 0
procd_set_param stderr 1
--- /dev/null
+{
+ "bounding": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_RAW",
+ "CAP_IPC_LOCK"
+ ],
+ "effective": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_RAW",
+ "CAP_IPC_LOCK"
+ ],
+ "ambient": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_RAW",
+ "CAP_IPC_LOCK"
+ ],
+ "permitted": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_RAW",
+ "CAP_IPC_LOCK"
+ ],
+ "inheritable": [
+ "CAP_NET_ADMIN",
+ "CAP_NET_RAW",
+ "CAP_IPC_LOCK"
+ ]
+}
projects / feed / packages.git / commitdiff