Snort mailing list archives

Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012

From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 23 Apr 2014 00:47:06 -0600

Please remember to reply to the list.  And does snort have rx access to
/etc/snort?  Not just the files, but the folder.

also, what command are you using to start snort?  Is it a file that came
from the yum repo or did you compile from source and use one included?

The error message makes it sound like it's looking for a rule file called
/etc/snort/snort.conf, but i don't have a snort box in front of me and you
aren't trying to include snort.conf in your snort.conf (self inclusion) so
it's not that.  it could be the way you're calling snort which is why I'm
asking to see the command/script.


On Wed, Apr 23, 2014 at 12:30 AM, Bogdan Grabinski <bogdan () grabinski com>wrote:

 I attached snort.conf


On 4/23/2014 2:14 AM, Jeremy Hoel wrote:

Can you paste the output of your snort.conf file..   Or at least the
includes section near the bottom for the rules?


On Tue, Apr 22, 2014 at 11:42 PM, Bogdan Grabinski <bogdan () grabinski com>wrote:


OS Centos 6.5
intel 64bit

When I use:
service snortd start
I get message that it fails, and /var/log/messages report FATAL ERROR

If I copy the same script from /etc/rc.d/init.d/snortd to /root

then starting the snort as:
/root/snortd start
works well ( no problems )


Please help


FROM: /var/log/messages

----------------------------------------------------------------------------
Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode
Apr 23 01:20:57 cafe7 snort[11908]:
Apr 23 01:20:57 cafe7 snort[11908]:         --== Initializing Snort ==--
Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins!
Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors!
Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins!
Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file
"/etc/snort/snort.conf"
Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR:
/etc/snort/snort.conf(0) Unable to open rules file
"/etc/snort/snort.conf": Permission denied.#012

----------------------------------------------------------------------------


[root@cafe7 ~]# ll /etc/snort/
total 4228
drwxr-xr-x.   5 snort snort    4096 Apr 22 19:42 .
drwxr-xr-x. 129 root  root    12288 Apr 22 20:06 ..
-rw-r--r--.   1 snort snort    3854 Mar 17 15:00 classification.config
-rw-r--r--.   1 snort snort    1880 Apr 14 02:53 disablesid.conf
-rw-r--r--.   1 snort snort    2092 Apr 14 02:53 dropsid.conf
-rw-r--r--.   1 snort snort    2078 Apr 14 02:53 enablesid.conf
-rw-r--r--.   1 snort snort   31162 Oct 24 17:00 gen-msg.map
-rw-r--r--.   1 snort snort    1510 Apr 14 02:53 modifysid.conf
drwxr-xr-x.   2 snort snort    4096 Mar 17 14:59 preproc_rules
-rw-r--r--.   1 snort snort   10312 Apr 14 02:53 pulledpork.conf
-rw-r--r--.   1 snort snort     746 Mar 17 15:00 reference.config
drwxr-xr-x.   2 snort snort    4096 Apr 22 18:09 rules
-rw-r--r--.   1 snort snort 4140731 Mar 17 15:03 sid-msg.map
-rw-r--r--.   1 snort snort   27701 Apr 22 18:09 snort.conf
drwxr-xr-x.   4 snort snort    4096 Feb 26 12:31 so_rules
-rw-r--r--.   1 snort snort    2556 Mar 17 15:00 threshold.conf
-rw-r--r--.   1 snort snort   53841 Mar 17 15:00 unicode.map
[root@cafe7 ~]#
[r


------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 22)
- Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Jeremy Hoel (Apr 22)
  - Message not available
    - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Jeremy Hoel (Apr 22)
    - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 23)
- Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Teo En Ming (Apr 23)
  - Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 Bogdan Grabinski (Apr 23)