Snort mailing list archives
When run as -u snort, snort does not have correct permissions to open interface.
From: Andy Ozment <andy.ozment () cc gatech edu>
Date: Mon, 15 Jul 2002 15:43:26 -0400
I am trying to run snort as user & group snort instead of root. I am starting snort with the command: $ /usr/bin/snort -c /usr/etc/snort/snort.conf -i eth1 -u snort -g snort Log directory = /var/log/snort Initializing Network Interface eth1 WARNING: OpenPcap() device eth1 network lookup: eth1: no IPv4 address assigned --== Initializing Snort ==-- Decoding Ethernet on interface eth1 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /usr/etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Initializing Network Interface eth1 ERROR: OpenPcap() device eth1 open: socket: Operation not permitted Fatal Error, Quitting.. It appears that snort is not opening the interface before it drops root priviledges. I've checked the users group archives, googled, and google groups and have not found any useful information. I know that I have no IP address assigned - that interface is simply receiving all of the traffic sent through a switch (spanned). I use another interface to administer the box. I don't see how the lack of IP address could cause problems. Here are my stats: Linux <name> 2.4.9-34smp #1 SMP Sat Jun 1 06:15:25 EDT 2002 i686 unknown snort 1.8.6 (Build 105) tcpdump-3.6.2-11.7.1.0 libpcap-0.6.2-11.7.1.0 I'm sure that this is something stupid that I'm doing wrong, because otherwise there would be other posts. I would greatly appreciate any pointers you can give me - even just new directions in which to look. Thanks, Andy -- Andy Ozment Research Scientist Georgia Tech College of Computing ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- When run as -u snort, snort does not have correct permissions to open interface. Andy Ozment (Jul 15)
- RE: When run as -u snort, snort does not have correct permissions to open interface. Gene Gomez (Jul 15)
- Re: When run as -u snort, snort does not have correct permissions to open interface. Andy Ozment (Jul 15)
- Re: When run as -u snort, snort does not have correct permissions to open interface. twig les (Jul 15)
- RE: When run as -u snort, snort does not have correct permissions to open interface. Gene Gomez (Jul 15)