[Oisf-users] Error when running suricata with --user & --group

Sylvain Chillaud sylvain.chillaud at gmail.com
Thu Sep 30 07:50:49 UTC 2010

Hi Rmkml,

libcap-ng I have configured and compiled. I had downloaded it not that long
ago, at the same time I downloaded suricata 1.0.2, so they should be working
libcap-dev I have installed via aptitude, so it must be the the last
I reconfigured & recompiled suricata with
--with-libpcap-includes=/usr/local/lib/* cause I had not before, but the
problem remains.
And the user suricata exists in /etc/passwd, it has been created with a
copy/paste of the command found on the link of my first msg.



2010/9/29 rmkml <rmkml at free.fr>

> Another idea maybe it's check if you use last libcap-ng version, if not,
> maybe check with last version please.
> Regards
> Rmkml
> On Wed, 29 Sep 2010, rmkml wrote:
>  Hi Sylvain,
>> I don't known, but can you check if you have libcap please?
>> Do you have compiled suricata, if yes, do you have enabled libcap on
>> configure please?
>> another question: suricata user and group are enabled on your system
>> please?
>> Regards
>> Rmkml
>> On Wed, 29 Sep 2010, Sylvain Chillaud wrote:
>>  Hi there,
>>> I'm trying to get suricata 1.0.2 to run on a debian 5 server.
>>> I've configured and installed without problem (the basic conf for now)
>>> following the guide on the oisf website as well as instructions here
>>> http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html, but when running the command  :
>>> suricata -c /etc/suricata/suricata.yaml -i eth1 --user suricata --group
>>> suricata    I get the following error :
>>> (util-privs.c:86) <Error> (SCDropMainThreadCaps) -- [ERRCODE:
>>> SC_ERR_CHANGING_CAPS_FAILED(155)] - capng_change_id for main thread failed
>>> I'm guessing it is linked to the user and/or group because when I run
>>> suricata -c /etc/suricata/suricata.yaml -i eth1   only, it starts as it
>>> should.
>>> It is a minor problem, nothing urgent. Right now I am just on the
>>> learning and testing suricata phase and can run it without user and group,
>>> but if anyone know
>>> why it's not working when adding them in the command line, I'd like to
>>> hear the reason, and the solution if there is one.
>>> (I have of course tried to google it and have looked in these archives as
>>> well without results)
>>> Thank you for your help,
>>> Sylvain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100930/37e81311/attachment-0002.html>

More information about the Oisf-users mailing list