Snort mailing list archives

upriviileged snort user (was Re: (no subject))

From: Ken Gunderson <kgunders () teamcool net>
Date: Sun, 6 Jun 2004 09:30:23 -0600

On Saturday 05 June 2004 11:46 am, Mike Cohen wrote:

Hello ,

Im new to snort, and Im trying to create a snort box that runs as a
non root user.
I have a user    snort   which is in the group snort_group.
I have given the snort_group ownership to the /var/log/snort
directory and the /etc/snort directory.

whenever I try to start snort as any non root user I get the
following.  If I use root, or sudo I can start the program fine.  Im
guessing I need access to the eth0 interface or some particular file
or directory somehwere that is associated with starting sniffing on
eth0

Can someone help me with this?

Suse 9
Snort 2.12


snort@Myserver:/etc/snort> snort -c /etc/snort/snort.conf -i eth0 -u
snort -g snort_group
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0
ERROR: OpenPcap() device eth0 open:
        socket: Operation not permitted
Fatal Error, Quitting..



any help is appreciated.

M.C.


Looks like your user is not allowed to put the interface into 
promiscuous mode.  Try doing this manually as root, e.g. ifconfig eth0 
promisc  Then see if snort will launch as your unprivileged user.  If 
so, then you need to add snort user to whatever group Suse uses for 
such privileges.  Else you may also be able to do it via a login.conf 
setting.

Also, it really helps if you give your inquiries a meaningful subject 
heading.

-- 
Best regards,

Ken Gunderson
GPG Key-- 9F5179FD

"Freedom begins between the ears."      -- Edward Abbey


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.

From Windows to Linux, servers to mobile, InstallShield X is the one

installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

(no subject) eric-dated-1083277626 . 193075aa63e273 (Apr 01)
- Re: (no subject) Michael Sconzo (Apr 01)
- <Possible follow-ups>
- RE: (no subject) SRH-Lists (Apr 01)
- (no subject) Christian Morales (Apr 07)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) ac107029 (May 07)
- (no subject) Mike Cohen (Jun 05)
  - upriviileged snort user (was Re: (no subject)) Ken Gunderson (Jun 06)
    - Re: upriviileged snort user (was Re: (no subject)) Dirk Geschke (Jun 06)
  - Re: (no subject) Matt Kettler (Jun 07)
    - Re: (no subject) Mike Cohen (Jun 07)
    - Re: (no subject) Matt Kettler (Jun 07)
- (no subject) Michael Shirk (Jun 07)
- (no subject) Zurt (Jun 16)