Snort mailing list archives

Running Snort from User Account

From: Tamara Fisher <tammi888 () gmail com>
Date: Mon, 4 Mar 2013 07:20:57 -0500

Hi,

I am trying to setup my implementation of snort for use by several team
members mostly for rule testing.

I get the following error I get when I attempt to run with user credentials:

ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting..

When I google the errors I get, most of the responses I see to people with
my issues say 'run as root'

Of course everything works fine as root but I woulld like to be able to
have my users use snort with their own accounts. Is this not possible?

Here is the command I am using to start snort:

snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1

I also try using sudo:
cd
[tfisher@testlab ~]$ sudo /usr/local/bin/snort -q -u snort -g snort -c
/etc/snort/snort.conf -i eth1
[sudo] password for tfisher:
ERROR: spo_unified2.c(321) Could not open
/var/log/snort/snort.log.1362398525: Permission denied
Fatal Error, Quitting..

That directory is owned by snort:

[root@dda_testlab snort]# ls -l
total 1528
-rw-rw-r--. 1 snort snort      0 Mar  1 11:59 alert
-rw-r--r--. 1 snort snort   2056 Feb 21 13:33 barnyard2.waldo
-rw-------. 1 snort snort 140508 Feb 22 13:15 snort.log.1361549364
-rw-------. 1 snort snort  67825 Feb 22 13:59 snort.log.1361556993
-rw-------. 1 snort snort  63820 Feb 22 15:26 snort.log.1361560002
-rw-------. 1 snort snort      0 Feb 22 15:28 snort.log.1361564932
-rw-------. 1 snort snort    788 Feb 22 15:50 snort.log.1361565986
-rw-------. 1 snort snort  72104 Feb 25 15:54 snort.log.1361566348
-rw-------. 1 snort snort  73277 Feb 26 12:27 snort.log.1361879374
-rw-------. 1 snort snort  49816 Feb 27 07:21 snort.log.1361899920
-rw-------. 1 snort snort   4018 Feb 27 07:46 snort.log.1361967922
-rw-------. 1 snort snort 871931 Mar  1 07:56 snort.log.1361969500
-rw-------. 1 snort snort 167466 Mar  4 04:19 snort.log.1362142809
[root@dda_testlab snort]#

Any help appreciated,

Thanks

Tamara

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Running Snort from User Account Tamara Fisher (Mar 04)
- Re: Running Snort from User Account Joel Esler (Mar 04)
- Re: Running Snort from User Account Michael J Wise (Mar 04)