[Snort-users] Problems installing/configuring Snort on Fedora

Joel Esler (jesler) jesler at ...589...
Thu May 7 18:54:24 EDT 2015


Snort has to be started as root.  You can assign it a user for it to run under after it starts.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group

On May 7, 2015, at 6:34 PM, Michael Brown <redcrosse at ...3147...<mailto:redcrosse at ...3147...>> wrote:

Okay, I think I found the solution to at least part of my problems.  In order to get Snort to run in test mode, and then production modes, I had to take the following steps.
1. Removed the username and group fields from the command and add the daq manually.  The resulting command looked like this:
./snort -T -i eno1 -c /etc/snort/snort.conf —daq pcap
That resulted in a successful test.
2. Added pcap to the daq portion of the config file.  The resulting portion of the config file now looks like this:
#Configure DAQ relad options for inline operation.  For more information , see README.daq
config daq: pcap
The resulting test command looked like this:
./snort -T -i eno1 -c /etc/snort/snort.conf
That, also, resulted in a successful test.
3. On a whim, I ran the snort -A command with sudo and that seemed to work.  Adding the -L option ensured logging.  The resulting command looked like:
sudo ./snort -A fast -b -d -i eno1 -c /etc/snort/snort.conf -L /var/log/snort
Snort is now running and logging output.

I would like to be able to run Snort without typing sudo.  I added the Snort user to the sudoers file, but that did not help.  There is a permissions problem somewhere.  Any ideas?

Thanks

Redcrosse

On May 7, 2015, at 12:25 PM, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:

You’ve specified the interface as "eno1”.  Is that the correct interface on Fedora?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150507/9dc64ca7/attachment.html>


More information about the Snort-users mailing list