[Oisf-users] Error when running suricata with --user & --group
Sylvain Chillaud
sylvain.chillaud at gmail.com
Thu Sep 30 07:50:58 UTC 2010
Josh,
here is what I get with the cat : *suricata:x:1001:1001:Suricata IDP
account:/home/suricata:/bin/false*
I had already checked, btw (see my answer to Rmkml).
I also tried to run it with the user I use to log on the server, but same
results. Therefore it must be something else.
Thanks,
Sylvain
2010/9/29 Josh <josh at securemind.org>
> I had a simular problem, mine turned out to be that the user account
> "suricata" wasn't created correctly.
>
> Try, "cat /etc/passwd | grep suricata" if the account isn't listed
> correctly
> then do a "userdel suricata" and try again.
>
> Good Luck,
>
> Josh
>
>
> On Wednesday, September 29, 2010 09:51:44 am Sylvain Chillaud wrote:
> > Hi there,
> >
> > I'm trying to get suricata 1.0.2 to run on a debian 5 server.
> > I've configured and installed without problem (the basic conf for now)
> > following the guide on the oisf website as well as instructions here
> >
> http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initi
> > al-use-on-ubuntu-lucid-10-04.html, but when running the command :
> >
> > *suricata -c /etc/suricata/suricata.yaml -i eth1 --user suricata --group
> > suricata* I get the following error :
> >
> > (util-privs.c:86) <Error> (SCDropMainThreadCaps) -- [ERRCODE:
> > SC_ERR_CHANGING_CAPS_FAILED(155)] - capng_change_id for main thread
> failed
> >
> >
> > I'm guessing it is linked to the user and/or group because when I run
> > *suricata
> > -c /etc/suricata/suricata.yaml -i eth1* only, it starts as it should.
> >
> >
> > It is a minor problem, nothing urgent. Right now I am just on the
> learning
> > and testing suricata phase and can run it without user and group, but if
> > anyone know why it's not working when adding them in the command line,
> I'd
> > like to hear the reason, and the solution if there is one.
> > (I have of course tried to google it and have looked in these archives as
> > well without results)
> >
> >
> > Thank you for your help,
> >
> > Sylvain
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100930/6f3888df/attachment-0002.html>
More information about the Oisf-users
mailing list