upriviileged snort user (was Re: [Snort-users] (no subject))
This is a discussion on upriviileged snort user (was Re: [Snort-users] (no subject)) within the Snort forums, part of the System Security and Security Related category; On Saturday 05 June 2004 11:46 am, Mike Cohen wrote: > Hello , > > Im new to snort, and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-06-2004
|
|||
|
|||
upriviileged snort user (was Re: [Snort-users] (no subject))
On Saturday 05 June 2004 11:46 am, Mike Cohen wrote:
> Hello , > > Im new to snort, and Im trying to create a snort box that runs as a > non root user. > I have a user snort which is in the group snort_group. > I have given the snort_group ownership to the /var/log/snort > directory and the /etc/snort directory. > > whenever I try to start snort as any non root user I get the > following. If I use root, or sudo I can start the program fine. Im > guessing I need access to the eth0 interface or some particular file > or directory somehwere that is associated with starting sniffing on > eth0 > > Can someone help me with this? > > Suse 9 > Snort 2.12 > > > snort@Myserver:/etc/snort> snort -c /etc/snort/snort.conf -i eth0 -u > snort -g snort_group > Running in IDS mode > Log directory =3D /var/log/snort > > Initializing Network Interface eth0 > ERROR: OpenPcap() device eth0 open: > socket: Operation not permitted > Fatal Error, Quitting.. > > > > any help is appreciated. > > M.C. Looks like your user is not allowed to put the interface into=20 promiscuous mode. Try doing this manually as root, e.g. ifconfig eth0=20 promisc Then see if snort will launch as your unprivileged user. If=20 so, then you need to add snort user to whatever group Suse uses for=20 such privileges. Else you may also be able to do it via a login.conf=20 setting. Also, it really helps if you give your inquiries a meaningful subject=20 heading. --=20 Best regards, Ken Gunderson GPG Key-- 9F5179FD "Freedom begins between the ears." -- Edward Abbey ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
