[Snort-users] Running Snort from User Account

Tamara Fisher tammi888 at ...11827...
Mon Mar 4 07:20:57 EST 2013


I am trying to setup my implementation of snort for use by several team
members mostly for rule testing.

I get the following error I get when I attempt to run with user credentials:

ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting..

When I google the errors I get, most of the responses I see to people with
my issues say 'run as root'

Of course everything works fine as root but I woulld like to be able to
have my users use snort with their own accounts. Is this not possible?

Here is the command I am using to start snort:

snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth1

I also try using sudo:
[tfisher at ...16121... ~]$ sudo /usr/local/bin/snort -q -u snort -g snort -c
/etc/snort/snort.conf -i eth1
[sudo] password for tfisher:
ERROR: spo_unified2.c(321) Could not open
/var/log/snort/snort.log.1362398525: Permission denied
Fatal Error, Quitting..

That directory is owned by snort:

[root at ...16122... snort]# ls -l
total 1528
-rw-rw-r--. 1 snort snort      0 Mar  1 11:59 alert
-rw-r--r--. 1 snort snort   2056 Feb 21 13:33 barnyard2.waldo
-rw-------. 1 snort snort 140508 Feb 22 13:15 snort.log.1361549364
-rw-------. 1 snort snort  67825 Feb 22 13:59 snort.log.1361556993
-rw-------. 1 snort snort  63820 Feb 22 15:26 snort.log.1361560002
-rw-------. 1 snort snort      0 Feb 22 15:28 snort.log.1361564932
-rw-------. 1 snort snort    788 Feb 22 15:50 snort.log.1361565986
-rw-------. 1 snort snort  72104 Feb 25 15:54 snort.log.1361566348
-rw-------. 1 snort snort  73277 Feb 26 12:27 snort.log.1361879374
-rw-------. 1 snort snort  49816 Feb 27 07:21 snort.log.1361899920
-rw-------. 1 snort snort   4018 Feb 27 07:46 snort.log.1361967922
-rw-------. 1 snort snort 871931 Mar  1 07:56 snort.log.1361969500
-rw-------. 1 snort snort 167466 Mar  4 04:19 snort.log.1362142809
[root at ...16122... snort]#

Any help appreciated,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130304/9a92ddb0/attachment.html>

More information about the Snort-users mailing list