Re: Unable to connect to UNIX socket at SNORT.sock: Connection refused with Fedora RPM

[Robert Kudyba <rkudyba () fordham edu>]

> On Mar 22, 2017, at 11:11 AM, Stanford Prescott <stan.prescott () gmail com> wrote:
>
> I don't have access to my snort.conf atm, but I believe you just put the directory for SNORT.sock. I may have mislead 
> by saying path but I believe it is just the directory for the config. statement.

Ah yes I changed it to:
config cs_dir: /etc/snort/rules/iplists/

So snort starts when using the snort command but not via systemd. Still errors about the SNORT.sock file. When the file 
exists (I simply did a ‘touch’ command and made sure permissions were 777 and owned by snort) this happens:

Mar 22 14:16:12 twiki.cis.fordham.edu systemd[1]: Started Snort NIDS Daemon.
Mar 22 14:16:13 twiki.cis.fordham.edu snort[19194]: ERROR: Control Socket: Unable to bind to 
/etc/snort/rules/SNORT.sock: Address already in use
Mar 22 14:16:13 twiki.cis.fordham.edu snort[19194]: Fatal Error, Quitting..
Mar 22 14:16:13 twiki.cis.fordham.edu systemd[1]: snort.service: Main process exited, code=exited, status=1/FAILURE
Mar 22 14:16:13 twiki.cis.fordham.edu systemd[1]: snort.service: Unit entered failed state.
Mar 22 14:16:13 twiki.cis.fordham.edu systemd[1]: snort.service: Failed with result 'exit-code’.

When I delete the file and try systemctl start snort, sudo systemctl status snort:

● snort.service - Snort NIDS Daemon
   Loaded: loaded (/usr/lib/systemd/system/snort.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-03-22 14:15:09 EDT; 3s ago
  Process: 19161 ExecStart=/usr/sbin/snort -q -u snort -g snort -c /etc/snort/snort.conf --cs-dir /etc/snort/rules -i 
ens33 (code=exited, status=1/FAILURE)
 Main PID: 19161 (code=exited, status=1/FAILURE)

Mar 22 14:15:08 twiki.cis.fordham.edu systemd[1]: Started Snort NIDS Daemon.
Mar 22 14:15:09 twiki.cis.fordham.edu snort[19161]: ERROR: Control Socket: Unable to bind to 
/etc/snort/rules/SNORT.sock: Permission denied
Mar 22 14:15:09 twiki.cis.fordham.edu snort[19161]: Fatal Error, Quitting..
Mar 22 14:15:09 twiki.cis.fordham.edu systemd[1]: snort.service: Main process exited, code=exited, status=1/FAILURE
Mar 22 14:15:09 twiki.cis.fordham.edu systemd[1]: snort.service: Unit entered failed state.
Mar 22 14:15:09 twiki.cis.fordham.edu systemd[1]: snort.service: Failed with result 'exit-code'.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!