Snort mailing list archives

Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012

From: Bogdan Grabinski <bogdan () grabinski com>
Date: Wed, 23 Apr 2014 03:46:37 -0400

Thank you. You got it right.

[root@cafe7 selinux]# getenforce
Enforcing
[root@cafe7 selinux]# cd
[root@cafe7 ~]#
[root@cafe7 ~]#
[root@cafe7 ~]#
[root@cafe7 ~]#
[root@cafe7 ~]#
[root@cafe7 ~]# chcon -R system_u:object_r:snort_etc_t:s0 /etc/snort

[root@cafe7 ~]# chcon -R system_u:object_r:lib_t:s0/etc/snort/so_rules/precompiled/RHEL-6-0/

[root@cafe7 ~]#

After this commands all works fine, no fatal error.
I will include checking for selinux enforsing in my installation script.

On 4/23/2014 3:01 AM, Teo En Ming wrote:

Did you turn off selinux?

echo 0 > /selinux/enforce

Teo En Ming

On Wed, Apr 23, 2014 at 1:42 PM, Bogdan Grabinski<bogdan () grabinski com <mailto:bogdan () grabinski com>> wrote:



    OS Centos 6.5
    intel 64bit

    When I use:
    service snortd start
    I get message that it fails, and /var/log/messages report FATAL ERROR

    If I copy the same script from /etc/rc.d/init.d/snortd to /root

    then starting the snort as:
    /root/snortd start
    works well ( no problems )


    Please help


    FROM: /var/log/messages
    ----------------------------------------------------------------------------
    Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode
    Apr 23 01:20:57 cafe7 snort[11908]:
    Apr 23 01:20:57 cafe7 snort[11908]:         --== Initializing
    Snort ==--
    Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins!
    Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors!
    Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins!
    Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file
    "/etc/snort/snort.conf"
    Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR:
    /etc/snort/snort.conf(0) Unable to open rules file
    "/etc/snort/snort.conf": Permission denied.#012
    ----------------------------------------------------------------------------


    [root@cafe7 ~]# ll /etc/snort/
    total 4228
    drwxr-xr-x.   5 snort snort    4096 Apr 22 19:42 .
    drwxr-xr-x. 129 root  root    12288 Apr 22 20:06 ..
    -rw-r--r--.   1 snort snort    3854 Mar 17 15:00 classification.config
    -rw-r--r--.   1 snort snort    1880 Apr 14 02:53 disablesid.conf
    -rw-r--r--.   1 snort snort    2092 Apr 14 02:53 dropsid.conf
    -rw-r--r--.   1 snort snort    2078 Apr 14 02:53 enablesid.conf
    -rw-r--r--.   1 snort snort   31162 Oct 24 17:00 gen-msg.map
    -rw-r--r--.   1 snort snort    1510 Apr 14 02:53 modifysid.conf
    drwxr-xr-x.   2 snort snort    4096 Mar 17 14:59 preproc_rules
    -rw-r--r--.   1 snort snort   10312 Apr 14 02:53 pulledpork.conf
    -rw-r--r--.   1 snort snort     746 Mar 17 15:00 reference.config
    drwxr-xr-x.   2 snort snort    4096 Apr 22 18:09 rules
    -rw-r--r--.   1 snort snort 4140731 Mar 17 15:03 sid-msg.map
    -rw-r--r--.   1 snort snort   27701 Apr 22 18:09 snort.conf
    drwxr-xr-x.   4 snort snort    4096 Feb 26 12:31 so_rules
    -rw-r--r--.   1 snort snort    2556 Mar 17 15:00 threshold.conf
    -rw-r--r--.   1 snort snort   53841 Mar 17 15:00 unicode.map
    [root@cafe7 ~]#
    [r

    ------------------------------------------------------------------------------
    Start Your Social Network Today - Download eXo Platform
    Build your Enterprise Intranet with eXo Platform Software
    Java Based Open Source Intranet - Social, Extensible, Cloud Ready
    Get Started Now And Turn Your Intranet Into A Collaboration Platform
    http://p.sf.net/sfu/ExoPlatform
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    <mailto:Snort-users () lists sourceforge net>
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

    Please visit http://blog.snort.org to stay current on all the
    latest Snort news!

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 22)
- Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Jeremy Hoel (Apr 22)
  - Message not available
    - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Jeremy Hoel (Apr 22)
    - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 23)
- Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Teo En Ming (Apr 23)
  - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 23)