Hi, Experts, After ARC review, per ARC committee's comments, the snort source code needs to be modified.
In the summary, the change includes: 1. Remove all the 64-bit delivery, because from the message of snort community, 64-bit is only optional, its function is same with 32-bit and will be same. To deliver 64-bit binaries may bring risk to Solaris per ARC committee's idea. So I remove the building 64-bit source code. 2. Add SMF, since snort can be run as a daemon. It is necessary to add it into SMF service per ARC's idea. So I add snort.xml as SMF manifest and snortd as executable script. 3. Add RBAC changes, since snort relates to security, ARC suggest to give user of snort on Solaris limited privileges. The privileges include SMF privilege and the privilege of running snort. Here bring an issue, I am not sure how to change the RBAC files. Could anybody has experience to tell me(wireshark, tcpdump...)? In my understanding, I think for sfwnv-gate, I could do the RBAC work by modifying usr/src/common/rbac/*. In this way, I modified the "auth_attr" and "exec_attr" by adding the "snort" item. Could anyone tell me if it is the correct process? Thanks! Here is the webrev: http://cr.opensolaris.org/~jxzhao/snort/ Please review it and tell me your comments. Thanks Jason
