[Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012

Bogdan Grabinski bogdan at ...16812...
Wed Apr 23 03:46:37 EDT 2014


Thank you. You got it right.

[root at ...16813... selinux]# getenforce
Enforcing
[root at ...16813... selinux]# cd
[root at ...16813... ~]#
[root at ...16813... ~]#
[root at ...16813... ~]#
[root at ...16813... ~]#
[root at ...16813... ~]#
[root at ...16813... ~]# chcon -R system_u:object_r:snort_etc_t:s0 /etc/snort
[root at ...16813... ~]# chcon -R system_u:object_r:lib_t:s0 
/etc/snort/so_rules/precompiled/RHEL-6-0/
[root at ...16813... ~]#

After this commands all works fine, no fatal error.
I will include checking for selinux enforsing in my installation script.

On 4/23/2014 3:01 AM, Teo En Ming wrote:
> Did you turn off selinux?
>
> echo 0 > /selinux/enforce
>
> Teo En Ming
>
>
> On Wed, Apr 23, 2014 at 1:42 PM, Bogdan Grabinski 
> <bogdan at ...16812... <mailto:bogdan at ...16812...>> wrote:
>
>
>     OS Centos 6.5
>     intel 64bit
>
>     When I use:
>     service snortd start
>     I get message that it fails, and /var/log/messages report FATAL ERROR
>
>     If I copy the same script from /etc/rc.d/init.d/snortd to /root
>
>     then starting the snort as:
>     /root/snortd start
>     works well ( no problems )
>
>
>     Please help
>
>
>     FROM: /var/log/messages
>     ----------------------------------------------------------------------------
>     Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode
>     Apr 23 01:20:57 cafe7 snort[11908]:
>     Apr 23 01:20:57 cafe7 snort[11908]:         --== Initializing
>     Snort ==--
>     Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins!
>     Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors!
>     Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins!
>     Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file
>     "/etc/snort/snort.conf"
>     Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR:
>     /etc/snort/snort.conf(0) Unable to open rules file
>     "/etc/snort/snort.conf": Permission denied.#012
>     ----------------------------------------------------------------------------
>
>
>     [root at ...16813... ~]# ll /etc/snort/
>     total 4228
>     drwxr-xr-x.   5 snort snort    4096 Apr 22 19:42 .
>     drwxr-xr-x. 129 root  root    12288 Apr 22 20:06 ..
>     -rw-r--r--.   1 snort snort    3854 Mar 17 15:00 classification.config
>     -rw-r--r--.   1 snort snort    1880 Apr 14 02:53 disablesid.conf
>     -rw-r--r--.   1 snort snort    2092 Apr 14 02:53 dropsid.conf
>     -rw-r--r--.   1 snort snort    2078 Apr 14 02:53 enablesid.conf
>     -rw-r--r--.   1 snort snort   31162 Oct 24 17:00 gen-msg.map
>     -rw-r--r--.   1 snort snort    1510 Apr 14 02:53 modifysid.conf
>     drwxr-xr-x.   2 snort snort    4096 Mar 17 14:59 preproc_rules
>     -rw-r--r--.   1 snort snort   10312 Apr 14 02:53 pulledpork.conf
>     -rw-r--r--.   1 snort snort     746 Mar 17 15:00 reference.config
>     drwxr-xr-x.   2 snort snort    4096 Apr 22 18:09 rules
>     -rw-r--r--.   1 snort snort 4140731 Mar 17 15:03 sid-msg.map
>     -rw-r--r--.   1 snort snort   27701 Apr 22 18:09 snort.conf
>     drwxr-xr-x.   4 snort snort    4096 Feb 26 12:31 so_rules
>     -rw-r--r--.   1 snort snort    2556 Mar 17 15:00 threshold.conf
>     -rw-r--r--.   1 snort snort   53841 Mar 17 15:00 unicode.map
>     [root at ...16813... ~]#
>     [r
>
>     ------------------------------------------------------------------------------
>     Start Your Social Network Today - Download eXo Platform
>     Build your Enterprise Intranet with eXo Platform Software
>     Java Based Open Source Intranet - Social, Extensible, Cloud Ready
>     Get Started Now And Turn Your Intranet Into A Collaboration Platform
>     http://p.sf.net/sfu/ExoPlatform
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort news!
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140423/f5ac3a3e/attachment.html>


More information about the Snort-users mailing list