[Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012

Jeremy Hoel jthoel at ...11827...
Wed Apr 23 02:14:11 EDT 2014


Can you paste the output of your snort.conf file..   Or at least the
includes section near the bottom for the rules?


On Tue, Apr 22, 2014 at 11:42 PM, Bogdan Grabinski <bogdan at ...16812...>wrote:

>
> OS Centos 6.5
> intel 64bit
>
> When I use:
> service snortd start
> I get message that it fails, and /var/log/messages report FATAL ERROR
>
> If I copy the same script from /etc/rc.d/init.d/snortd to /root
>
> then starting the snort as:
> /root/snortd start
> works well ( no problems )
>
>
> Please help
>
>
> FROM: /var/log/messages
>
> ----------------------------------------------------------------------------
> Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode
> Apr 23 01:20:57 cafe7 snort[11908]:
> Apr 23 01:20:57 cafe7 snort[11908]:         --== Initializing Snort ==--
> Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins!
> Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors!
> Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins!
> Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file
> "/etc/snort/snort.conf"
> Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR:
> /etc/snort/snort.conf(0) Unable to open rules file
> "/etc/snort/snort.conf": Permission denied.#012
>
> ----------------------------------------------------------------------------
>
>
> [root at ...16813... ~]# ll /etc/snort/
> total 4228
> drwxr-xr-x.   5 snort snort    4096 Apr 22 19:42 .
> drwxr-xr-x. 129 root  root    12288 Apr 22 20:06 ..
> -rw-r--r--.   1 snort snort    3854 Mar 17 15:00 classification.config
> -rw-r--r--.   1 snort snort    1880 Apr 14 02:53 disablesid.conf
> -rw-r--r--.   1 snort snort    2092 Apr 14 02:53 dropsid.conf
> -rw-r--r--.   1 snort snort    2078 Apr 14 02:53 enablesid.conf
> -rw-r--r--.   1 snort snort   31162 Oct 24 17:00 gen-msg.map
> -rw-r--r--.   1 snort snort    1510 Apr 14 02:53 modifysid.conf
> drwxr-xr-x.   2 snort snort    4096 Mar 17 14:59 preproc_rules
> -rw-r--r--.   1 snort snort   10312 Apr 14 02:53 pulledpork.conf
> -rw-r--r--.   1 snort snort     746 Mar 17 15:00 reference.config
> drwxr-xr-x.   2 snort snort    4096 Apr 22 18:09 rules
> -rw-r--r--.   1 snort snort 4140731 Mar 17 15:03 sid-msg.map
> -rw-r--r--.   1 snort snort   27701 Apr 22 18:09 snort.conf
> drwxr-xr-x.   4 snort snort    4096 Feb 26 12:31 so_rules
> -rw-r--r--.   1 snort snort    2556 Mar 17 15:00 threshold.conf
> -rw-r--r--.   1 snort snort   53841 Mar 17 15:00 unicode.map
> [root at ...16813... ~]#
> [r
>
>
> ------------------------------------------------------------------------------
> Start Your Social Network Today - Download eXo Platform
> Build your Enterprise Intranet with eXo Platform Software
> Java Based Open Source Intranet - Social, Extensible, Cloud Ready
> Get Started Now And Turn Your Intranet Into A Collaboration Platform
> http://p.sf.net/sfu/ExoPlatform
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140423/319692b5/attachment.html>


More information about the Snort-users mailing list