[Snort-users] error meant
mkettler at ...4108...
Wed Jun 11 15:34:07 EDT 2003
At 05:12 PM 6/11/2003 -0500, msmythe at ...9424... wrote:
>Hi everyone. I found the snort.conf file and uncomenten some things, but i
>have other problem. What that means the following error when i run:
>snort -dev -l log -h xxx.xxx.xxx.xxx/24 -c /etc/sonrt.conf command?
>ERROR. OpenPcap( )device eth0 open:
> socket: Operation not permitted
That means you're trying to run snort while logged in as a user who is not
root, and does not have extended permissions to grant him raw IO privleges.
Only root users (system administrators) can open pcap sockets on most systems.
If you want to run snort as non-root for security reasons, start it up as
root and use the setuid and chroot features to drop it's privleges.
More information about the Snort-users