[Snort-users] kill -HUP doesn't work

Florin Andrei florin at ...3506...
Mon Sep 22 19:15:03 EDT 2003


On Mon, 2003-09-22 at 16:58, Demetri Mouratis wrote:
> On 22 Sep 2003, Florin Andrei wrote:
> > It looks like kill -HUP $snort_pid does not work. If i run it, snort
> > dies.
> > Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open:
> > ^Isocket: Operation not permitted
> > Sep 22 04:02:02 tart snort: snort shutdown failed
> 
> Here's your problem.  It looks like the user running snort no longer has
> privilidges on the eth0 interface.  This most likely means you used either
> the -u <uname> command line option when you started snort, or you're
> running in some kind of chroot'ed environment.

Yeap, that's the problem. I was running it as -u snort -g snort
If i don't use -u -g, then -HUP works fine.

Hmmm... That's like a catch 22. If i run it as root, then it has too
many privileges. If i run it as non-root then i have to actually kill
the process which means i'll certainly loose more IP packets (kill/start
is slower than -HUP).

-- 
Florin Andrei

http://florin.myip.org/





More information about the Snort-users mailing list