RE: Re: Running Snort Daemon Problem

["Bill" <wkuhn () adelphia net>]

Chris,
Thanks for replying.... I read your reply and 2 things I don't understand...

You said "There is a missing \ at the end of your '-c' line" and "-v
shouldn't be used in daemon mode". Well I have the \ at the end of my -c tag
and I can't find a -v in the code... The only problem I saw with my code is
that I have an extra space between -c and \. I will try the RPM's you
mentioned of.

I found this version on a book I found in my vast library of brain-numbing
material.... Hack Proofing Linux it camew with a cd and I was just using
what was on the cd and following the instruction they had for the lab on
Snort...

I am aspiring Admin that hates Windows....

Bill :)

--------------------------------
Start of original:

To: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Running Snort Daemon Problem
From: Chris Green <cmg () uab edu>
Reply-To: snort-users () lists sourceforge net
Date: Tue, 29 Jan 2002 12:33:38 -0600

"Bill" <wkuhn () adelphia net> writes:

> Hello,
> I am trying to get Snort 1.7 installed on a Linux Server

Ancient snort alert.  Upgrade to stable CVS.

> ... I installed the snort rpm and the tarball... I had to do that
> because the RPM doesn't have the ability to log to postgresql
> database... I try to start the snortd daemon and it gives me an
> error:
>
> snortd: /etc/snort/snort.conf: Permission Denied
>
> Here is the Start Section of the snortd (located in /etc/rc.d/init.d):
> start)
> echo -n "Starting snort: "
> daemon /usr/local/bin/snort -u snort -dev -D \
> -i $INTERFACE -l /var/log/snort -u snort -g snort -c
> /etc/snort/snort.conf -b
> touch /var/lock/subsys/snort
> echo
> ;;

That looks like the old chroot daemon script.   Where is this RPM from?

> The Snort binary is owned by root and the group is snort (was root
> but same error).
>
> The /etc/snort directory is owned by root and group of root, the
permissions
> are 755 (rwxr_xr_x).
> The files in the /etc/snort directory are owned by root and the group is
> snort (this includes snort.conf)
> The snort.conf is in mode 640....

There is a missing \ at the end of your '-c' line

daemon /usr/local/bin/snort -u snort -dev -D \
       -i $INTERFACE -l /var/log/snort -u snort -g snort -c  \
       /etc/snort/snort.conf -b

-v shouldn't be used in daemon mode

If you're feeling brave, remove all the RPMs and bits of snort you
currently have installed and try some testing RPMS of the current
stable snapshot:

ftp://helium.tucc.uab.edu/pub/snort-rpm (compiled on rh7.2)
--
Chris Green <cmg () uab edu>
"I'm beginning to think that my router may be confused."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users