Snort mailing list archives
Re: upriviileged snort user (was Re: (no subject))
From: Dirk Geschke <Dirk () geschke-online de>
Date: Sun, 06 Jun 2004 21:25:06 +0200
Hi,
Looks like your user is not allowed to put the interface into promiscuous mode. Try doing this manually as root, e.g. ifconfig eth0 promisc Then see if snort will launch as your unprivileged user. If so, then you need to add snort user to whatever group Suse uses for such privileges. Else you may also be able to do it via a login.conf setting.
no, this won't help. It is not a question of promiscous mode or not. Yes, you need the promiscuous mode to sniff all traffic on the interface but on unix no "normal" user is allowed to get the real traffic an interface sees. So there is no other way than starting snort as user "root". But you can use the '-u' option of snort to change the user id after initialization has been done as user root. But note: A SIGHUP won't be able to restart snort after this point. Since the root privileges are dropped after initialization snort won't be able to reopen the interface to read the traffic. Best regards Dirk ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) eric-dated-1083277626 . 193075aa63e273 (Apr 01)
- Re: (no subject) Michael Sconzo (Apr 01)
- <Possible follow-ups>
- RE: (no subject) SRH-Lists (Apr 01)
- (no subject) Christian Morales (Apr 07)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) Nitin KAPOOR (May 02)
- (no subject) ac107029 (May 07)
- (no subject) Mike Cohen (Jun 05)
- upriviileged snort user (was Re: (no subject)) Ken Gunderson (Jun 06)
- Re: upriviileged snort user (was Re: (no subject)) Dirk Geschke (Jun 06)
- Re: (no subject) Matt Kettler (Jun 07)
- Re: (no subject) Mike Cohen (Jun 07)
- Re: (no subject) Matt Kettler (Jun 07)
- upriviileged snort user (was Re: (no subject)) Ken Gunderson (Jun 06)
- (no subject) Michael Shirk (Jun 07)
- (no subject) Zurt (Jun 16)