[Snort-users] Running Snort Daemon Problem
cmg at ...671...
Tue Jan 29 10:34:03 EST 2002
"Bill" <wkuhn at ...4723...> writes:
> I am trying to get Snort 1.7 installed on a Linux Server
Ancient snort alert. Upgrade to stable CVS.
> ... I installed the snort rpm and the tarball... I had to do that
> because the RPM doesn't have the ability to log to postgresql
> database... I try to start the snortd daemon and it gives me an
> snortd: /etc/snort/snort.conf: Permission Denied
> Here is the Start Section of the snortd (located in /etc/rc.d/init.d):
> echo -n "Starting snort: "
> daemon /usr/local/bin/snort -u snort -dev -D \
> -i $INTERFACE -l /var/log/snort -u snort -g snort -c
> /etc/snort/snort.conf -b
> touch /var/lock/subsys/snort
That looks like the old chroot daemon script. Where is this RPM from?
> The Snort binary is owned by root and the group is snort (was root
>but same error).
> The /etc/snort directory is owned by root and group of root, the permissions
> are 755 (rwxr_xr_x).
> The files in the /etc/snort directory are owned by root and the group is
> snort (this includes snort.conf)
> The snort.conf is in mode 640....
There is a missing \ at the end of your '-c' line
daemon /usr/local/bin/snort -u snort -dev -D \
-i $INTERFACE -l /var/log/snort -u snort -g snort -c \
-v shouldn't be used in daemon mode
If you're feeling brave, remove all the RPMs and bits of snort you
currently have installed and try some testing RPMS of the current
ftp://helium.tucc.uab.edu/pub/snort-rpm (compiled on rh7.2)
Chris Green <cmg at ...671...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users