Snort mailing list archives
upriviileged snort user (was Re: (no subject))
From: Ken Gunderson <kgunders () teamcool net>
Date: Sun, 6 Jun 2004 09:30:23 -0600
On Saturday 05 June 2004 11:46 am, Mike Cohen wrote:
Hello , Im new to snort, and Im trying to create a snort box that runs as a non root user. I have a user snort which is in the group snort_group. I have given the snort_group ownership to the /var/log/snort directory and the /etc/snort directory. whenever I try to start snort as any non root user I get the following. If I use root, or sudo I can start the program fine. Im guessing I need access to the eth0 interface or some particular file or directory somehwere that is associated with starting sniffing on eth0 Can someone help me with this? Suse 9 Snort 2.12 snort@Myserver:/etc/snort> snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort_group Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() device eth0 open: socket: Operation not permitted Fatal Error, Quitting.. any help is appreciated. M.C.
Looks like your user is not allowed to put the interface into promiscuous mode. Try doing this manually as root, e.g. ifconfig eth0 promisc Then see if snort will launch as your unprivileged user. If so, then you need to add snort user to whatever group Suse uses for such privileges. Else you may also be able to do it via a login.conf setting. Also, it really helps if you give your inquiries a meaningful subject heading. -- Best regards, Ken Gunderson GPG Key-- 9F5179FD "Freedom begins between the ears." -- Edward Abbey ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) eric-dated-1083277626 . 193075aa63e273 (Apr 01)
- Re: (no subject) Michael Sconzo (Apr 01)
- <Possible follow-ups>
- RE: (no subject) SRH-Lists (Apr 01)
- (no subject) Christian Morales (Apr 07)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) ac107029 (May 07)
- (no subject) Mike Cohen (Jun 05)
- upriviileged snort user (was Re: (no subject)) Ken Gunderson (Jun 06)
- Re: upriviileged snort user (was Re: (no subject)) Dirk Geschke (Jun 06)
- Re: (no subject) Matt Kettler (Jun 07)
- Re: (no subject) Mike Cohen (Jun 07)
- Re: (no subject) Matt Kettler (Jun 07)
- upriviileged snort user (was Re: (no subject)) Ken Gunderson (Jun 06)
- (no subject) Michael Shirk (Jun 07)
- (no subject) Zurt (Jun 16)