[Snort-users] Verify configuration as non root

Gilad Benjamini gbenjamini at ...3964...
Thu Jun 16 13:05:24 EDT 2011


After an upgrade from 2.8 to 2.9 I tried to verify my Snort configuration with "snort -T".
The verification failed with the message: "ERROR: Active response: can't open ip!"

After some digging into the code it seems like the code was trying to open a raw socket, but failing since I was not running as root.

Using "--daq dump" as a workaround seems to work.

Are root permissions really needed to verify the configuration, or is that a bug ?
Is the workaround a reasonable one, or is there a better option ?






More information about the Snort-users mailing list