From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Run as non-root user
Date: Sat, 02 Mar 2019 17:26:34 +0000
Message-ID: <20190302172634.17190-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4840688640685780761=="
List-Id: <development.lists.ipfire.org>

--===============4840688640685780761==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/suricata/suricata.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 8b4ab8c3b..3701fe9c6 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -268,6 +268,15 @@ asn1-max-frames: 256
 ##
 ############################################################################=
##
=20
+##
+## Run Options
+##
+
+# Run suricata as user and group.
+run-as:
+  user: nobody
+  group: nobody
+
 # Suricata core dump configuration. Limits the size of the core dump file to
 # approximately max-dump. The actual core dump size will be a multiple of the
 # page size. Core dumps that would be larger than max-dump are truncated. On
--=20
2.12.2


--===============4840688640685780761==--