[Snort-users] snort kill -HUP error openpcap
albert.gonzalez at ...7950...
Mon Jan 13 09:27:07 EST 2003
Try the following...............
----Start Script snorthup.sh----
kill -30 `cat /var/run/snort_$interface.pid` #
send a SIGUSR1
kill -9 `cat /var/run/snort_$interface.pid` #
kill current snort process
$snort -u $user -g $group -d -c $conf -i $interface -D # restart snort as
----End Script snorthup----
This is what I use on my OpenBSD machine at home, its ugly but it gets the
job done, my script
does some other stuff(reset logs, etc..) but thats all you really need.
Don't forget to edit for yourself.
EDS - Global Security Operations Center
Security and Privacy Professional Servics
From: Andrew R. Baker [mailto:andrewb at ...950...]
Sent: Monday, January 13, 2003 11:44 AM
To: Sébastien Desse
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort kill -HUP error openpcap
Sébastien Desse wrote:
> A saw a lot of dicutions about this topic but no one correspoding to my
> I launch snort 1.9 from /etc/init.d/snort script - NOT chrooted (On a
> woody box)
> When I run # kill -HUP `cat /var/run/snort_eth1.pid`
> snort stops, start reloading and I get the following error :
> snort: FATAL ERROR: ERROR: OpenPcap() device eth0 open: ^Isocket:
> not permitted
> The problem is (I think) that I use -u snort -g snort options because I
> whant snort to run as snort user.
> I don't understand why it can start sniffing with snort user identity but
> cannot reload with this ID !
> Any idea ?
This is a known problem (and is probably in the FAQ). Snort reloads by
re-execing itself with the original command line arguments. If the user
id has changed, it will not be able to open the interface for sniffing
on restart. Possible solutions are to restart Snort externally as root
or to modify permissions on the appropriate file (depends on OS) to
allow the user Snort is running as to read from the device.
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users