[Snort-users] Newbie Cant run rules and needs config help Please

attechni attechni at ...10561...
Fri Nov 14 16:50:12 EST 2003


Newbie Cant run rules and needs config help Please


 I am glad I found this list. Hello every one. I hate to start
  with a problem.
 But I was looking for help online. And found this list.I Hope
you can help.so here it goes. I am on a Mandrake 9.1.System and new to 
Linux,and snort. But I have a A+Cert and have been
 heavily into computers for about 7 years so I thought I would try it. I used 
the Configuration,Packaging,Install method of installing
 snort-1.9.1mdk,snort-plain+flexresp-1.9.1-mdk,SnortSnarf-020516.1-mdk.
 I cant run SQL because I think it is a violation of my ISP'S TOS. So I am not 
running that.But the install did'nt ask for any SQL packages.
 So I guess I am OK there. But snort will not run except from the root 
account. I am OK with that.
'The real problem is that I can not run the rules files. When I try to run 
(snort -T) from a terminal as root I get this error.
 rootblaBlabla# snort -T
 Log directory  /var/log/snort
 Initializing Network Interface eth0
 using config file /root/.snortrc
 Initializing Preprocessors!
 Initializing Plug-ins!
 Parsing Rules file /root/.snortrc

 +++++++++++++++++++++++++++++++++++++++++++++++++++
 Initializing rule chains...
 ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc
 Fatal Error, Quitting..
rootblaBlabla#
 I did a search on my system for .snortrc through,Applications,FileTools,Find 
files. And could not find
snortrc. The only rules files I could find were in /etc/snort/rules.
 Also var has the permissions of Ownership root group root User
 Show,Write,Enter, Group,Show,Enter,Others, Show enter.
Inside of var there is a log dir with the permissions the
 same asstated above. Inside of that is
 a snort dir set to User Show,Write,Enter Group Show,Enter Others no
 writes. From opening a terminal as root from inside the snort dir. Is
 the only place I
 can get it to run properly.
 What is the best way to set up the permission writes for snort. That is also 
secure.
 I  only want root to be able to run it.
 Oh also when I run netstat-a. It looks alot different running it in 
Linux.Than it does in Windows.
 What is the best way to map out my network? This system has two NIC cards one 
that goes to hub that has nothing else connected to it.
(Trying to use that as a firewall connection). A externall Belkin Router that 
the other NIC plugs into. There is another Win98SE system
pluged into the router.

 Thanks
 appreciate any help .  T




More information about the Snort-users mailing list