Snort mailing list archives
RE: When run as -u snort, snort does not have correct permissions to open interface.
From: "Gene Gomez" <gegomez () tycoint com>
Date: Mon, 15 Jul 2002 14:32:33 -0700
Andy, Might it be that you're starting it as a user (the $ prompt instead of #)? Since the binary is being executed in that manner, you wouldn't have the rights you'd need to open the interface promisc, right...? Gene -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Andy Ozment Sent: Monday, July 15, 2002 12:43 PM To: snort-users () lists sourceforge net Subject: [Snort-users] When run as -u snort, snort does not have correct permissions to open interface. I am trying to run snort as user & group snort instead of root. I am starting snort with the command: $ /usr/bin/snort -c /usr/etc/snort/snort.conf -i eth1 -u snort -g snort Log directory = /var/log/snort Initializing Network Interface eth1 WARNING: OpenPcap() device eth1 network lookup: eth1: no IPv4 address assigned --== Initializing Snort ==-- Decoding Ethernet on interface eth1 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /usr/etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Initializing Network Interface eth1 ERROR: OpenPcap() device eth1 open: socket: Operation not permitted Fatal Error, Quitting.. It appears that snort is not opening the interface before it drops root priviledges. I've checked the users group archives, googled, and google groups and have not found any useful information. I know that I have no IP address assigned - that interface is simply receiving all of the traffic sent through a switch (spanned). I use another interface to administer the box. I don't see how the lack of IP address could cause problems. Here are my stats: Linux <name> 2.4.9-34smp #1 SMP Sat Jun 1 06:15:25 EDT 2002 i686 unknown snort 1.8.6 (Build 105) tcpdump-3.6.2-11.7.1.0 libpcap-0.6.2-11.7.1.0 I'm sure that this is something stupid that I'm doing wrong, because otherwise there would be other posts. I would greatly appreciate any pointers you can give me - even just new directions in which to look. Thanks, Andy -- Andy Ozment Research Scientist Georgia Tech College of Computing ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- When run as -u snort, snort does not have correct permissions to open interface. Andy Ozment (Jul 15)
- RE: When run as -u snort, snort does not have correct permissions to open interface. Gene Gomez (Jul 15)
- Re: When run as -u snort, snort does not have correct permissions to open interface. Andy Ozment (Jul 15)
- Re: When run as -u snort, snort does not have correct permissions to open interface. twig les (Jul 15)
- RE: When run as -u snort, snort does not have correct permissions to open interface. Gene Gomez (Jul 15)