[Snort-devel] Snort 1.7 and SuSE Linux 7.1

James Cameron jcameron at ...446...
Sat May 26 23:25:34 EDT 2001

I installed Snort 1.7, which I downloaded by downloading the binary RPM from http://www.snort.org/Files/snort-1.7-1.i386.rpm,  on a system running SuSE Linux 7.1 with a 2.4.0 kernel.  At the end of the installation I got a chown error message:

chown: snort.snort: invalid user

Be sure to fetch the latest snort rules file from the ArachNIDS
database by Max Vision, or the one available from the snort.org web

So I uninstalled the program and used "rpm -i vv" instead of "rpm -i" to install it.  I then saw the following during the installation:

+ useradd -M -r -d /var/log/snort -s /bin/false -c Snort snort
+ true
+ groupadd -r snort
+ true

When I used "man useradd" to check the parameters for useradd and groupadd under SuSE Linux 7.1, I did not see a "-r" parameter listed.  I tried "man useradd" and "man groupadd" on a system I have running RedHat Linux and found the following:

      -r     This flag is used to create a system account.  That
              is, an user with an UID lower than value of UID_MIN
              defined in /etc/login.defs. Note that useradd  will
              not  create  a  home  directory  for  such an user,
              regardless    of    the    default    setting    in
              /etc/login.defs.   You have to specify -m option if
              you want a home directory for a system  account  to
              be created.  This is an option added by Red Hat.

       -r     This  flag  instructs  groupadd  to  add  a  system
              account. First available gid lower than 499 will be
              automatically selected unless -g  option  is  given
              also on the command line.
              This is an option added by Red Hat Software.

Once I saw that I understood why I was getting the error message and used the next highest number less than 99 I saw in my /etc/passwd and /etc/group files:

groupadd -g 69 snort
useradd -M -u 69 -g 69 -d /var/log/snort -s /bin/false -c Snort snort"

That might be a problem for others using SuSE Linux and maybe other versions of Linux also, if it is a parameter specific to those commands for RedHat's distribution of Linux.  However, the main reason I am sending this message is that I still can't run snort.  It is not starting automatically so I tried "./snortd start", which produces the error message 

./snortd: /etc/rc.d/init.d/functions: No such file or directory

I see ". /etc/rc.d/init.d/functions" listed in snortd.conf, but I don't have a file or directory by that name on my system.  Is this a file or directory that should have been created when I installed snort (I don't have it on my RedHat system either, but I'm not trying to run Snort on that system)?  I don't see it listed among the files in the package.

Jim Cameron

More information about the Snort-devel mailing list