Snort mailing list archives

RE: chroot problems with Red Hat Advanced server

From: "Chapman, Justin T" <JtChapma () bhi-erc com>
Date: Wed, 23 Apr 2003 14:39:37 -0700

Sorry for replying back to my same post (is that another drink?  ;-), but I
forgot to mention one important thing...  

This system is currently running snort 1.9.1 with the same configuration I
described below.  The chrooting works just fine with that version of snort.

Yes, I've googled/read the FAQ/searched the archives/been running snort
successfully for 3 years....

--justin
End Lactose Intolerance!

-----Original Message-----
From: Chapman, Justin T [mailto:JtChapma () bhi-erc com] 
Sent: Wednesday, April 23, 2003 12:01 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] chroot problems with Red Hat Advanced server


Hi all,

I'm having some problems getting snort 2.0 to chroot when running on Red Hat
AS.  Here's the rundown of my setup:

- snort-2.0.0 compiled from source with the --with-mysql switch
- Linux kernel 2.4.9-e.16
- snort command line: /home/snort/bin/snort -debo -c etc/snort.conf -u snort
-g snort -t /home/snort -l log
- /home/snort has the following subdirs: bin, etc, log, tmp, scripts

When I try to start snort with the above command, I get the following error:
        ERROR: log directory 'log' does not exist
        Fatal Error, Quitting..

If I exclude the "-l log" switch, the error turns to:
        Running in IDS mode
        Log directory = /var/log/snort
        ERROR:
        [!] ERROR: Can not get write access to logging directory
"/var/log/snort".
        (directory doesn't exist or permissions are set incorrectly
        or it is not a directory at all)

        Fatal Error, Quitting..

I ran the snort command line with strace (file attached) and it didn't show
any calls to chroot(), so it doesn't even look like snort is *trying* to
chroot itself...  :(

I've run this setup successfully on a RH 7.3 box with the same command line
and that worked fine.

Any ideas?

Thanks!

--justin
"Every cloud has a silver lining (except for the mushroom shaped ones, which
have a lining of Iridium & Strontium 90)"



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 23)
- Re: chroot problems with Red Hat Advanced server Charles Philip Chan (Apr 23)
- <Possible follow-ups>
- RE: chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 23)
- RE: chroot problems with Red Hat Advanced server Chapman, Justin T (Apr 24)
  - Re: chroot problems with Red Hat Advanced server Charles Philip Chan (Apr 24)