We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I am trying to migrate Snort from 2.9.17 to 3.1.0.0
I run snort in inline mode with NFQ DAQ.
Till snort 2.9.17 snort used to work fine. But now that I am trying to run snort 3.1.0 it gives this error:
ERROR: Cannot drop privileges - at least one of the configured DAQ modules does not support unprivileged operation.
Looking at the NFQ module code I see that README file mentions this:
Last I checked, the process cannot operate in unprivileged mode. This needs to be revalidated, but the module is marked as such in the meantime.
I think this comment indeed needs a re-validation based on how it worked in snort 2.9.17 (atleast for me)?
There can be two things why it worked in snort 2.9.17
I do not know about DAQ, NFQ and internals. But I do request a review on setting DAQ NFQ module as DAQ_TYPE_NO_UNPRIV
I use Arch Linux and I run snort 3 using this: snort -Q -u snort -g snort -c /etc/snort/snort.lua -l /var/log/snort --tweaks local
snort -Q -u snort -g snort -c /etc/snort/snort.lua -l /var/log/snort --tweaks local
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I am trying to migrate Snort from 2.9.17 to 3.1.0.0
I run snort in inline mode with NFQ DAQ.
Till snort 2.9.17 snort used to work fine. But now that I am trying to run snort 3.1.0 it gives this error:
Looking at the NFQ module code I see that README file mentions this:
I think this comment indeed needs a re-validation based on how it worked in snort 2.9.17 (atleast for me)?
There can be two things why it worked in snort 2.9.17
I do not know about DAQ, NFQ and internals. But I do request a review on setting DAQ NFQ module as DAQ_TYPE_NO_UNPRIV
I use Arch Linux and I run snort 3 using this:
snort -Q -u snort -g snort -c /etc/snort/snort.lua -l /var/log/snort --tweaks local
The text was updated successfully, but these errors were encountered: