Snort mailing list archives
RE: chroot problems with Red Hat Advanced server
From: "Chapman, Justin T" <JtChapma () bhi-erc com>
Date: Wed, 23 Apr 2003 14:39:37 -0700
Sorry for replying back to my same post (is that another drink? ;-), but I forgot to mention one important thing... This system is currently running snort 1.9.1 with the same configuration I described below. The chrooting works just fine with that version of snort. Yes, I've googled/read the FAQ/searched the archives/been running snort successfully for 3 years.... --justin End Lactose Intolerance! -----Original Message----- From: Chapman, Justin T [mailto:JtChapma () bhi-erc com] Sent: Wednesday, April 23, 2003 12:01 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] chroot problems with Red Hat Advanced server Hi all, I'm having some problems getting snort 2.0 to chroot when running on Red Hat AS. Here's the rundown of my setup: - snort-2.0.0 compiled from source with the --with-mysql switch - Linux kernel 2.4.9-e.16 - snort command line: /home/snort/bin/snort -debo -c etc/snort.conf -u snort -g snort -t /home/snort -l log - /home/snort has the following subdirs: bin, etc, log, tmp, scripts When I try to start snort with the above command, I get the following error: ERROR: log directory 'log' does not exist Fatal Error, Quitting.. If I exclude the "-l log" switch, the error turns to: Running in IDS mode Log directory = /var/log/snort ERROR: [!] ERROR: Can not get write access to logging directory "/var/log/snort". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all) Fatal Error, Quitting.. I ran the snort command line with strace (file attached) and it didn't show any calls to chroot(), so it doesn't even look like snort is *trying* to chroot itself... :( I've run this setup successfully on a RH 7.3 box with the same command line and that worked fine. Any ideas? Thanks! --justin "Every cloud has a silver lining (except for the mushroom shaped ones, which have a lining of Iridium & Strontium 90)" ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 23)
- Re: chroot problems with Red Hat Advanced server Charles Philip Chan (Apr 23)
- <Possible follow-ups>
- RE: chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 23)
- RE: chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 24)
- Re: chroot problems with Red Hat Advanced server Charles Philip Chan (Apr 24)