Support #2471
closed
Following error observed after installation and first run
Added by Jesus Padro over 6 years ago.
Updated almost 6 years ago.
Description
OS: CentOS 7
29/3/2018 -- 05:34:57 - <Notice> - This is Suricata version 4.0.3 RELEASE
29/3/2018 -- 05:35:27 - <Warning> - [ERRCODE: SC_ERR_DEPRECATED_CONF(274)] - deprecated 'force-md5' option found. Please use 'force-hash: [md5]' instead
29/3/2018 -- 05:35:27 - <Warning> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unix socket: UNIX socket bind(/var/run/suricata/suricata-command.socket) error: Permission denied
29/3/2018 -- 05:35:27 - <Warning> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unable to create unix command socket
29/3/2018 -- 05:35:27 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
How did you install suricata? Looks like it added or used an old config file. Regarding the second error, how did you start suricata and with what permissons set?
- Tracker changed from Bug to Support
I am seeing this error as well on CentOS 7 using the packages from EPEL, currently version 4.0.5-1.
On this platform suricata is run as user 'suricata', but /run/suricata has ownership root:root, so it cannot create the socket file. This is set in '/usr/lib/tmpfiles.d/suricata.conf'.
To resolve this error:
cp /usr/lib/tmpfiles.d/suricata.conf /etc/tmpfiles.d
Update /etc/tmpfiles.d/suricata.conf to have:
d /run/suricata 0775 root suricata -
systemd-tmpfiles --create --remove /etc/tmpfiles.d/suricata.conf
This change should probably be applied to the system-installed tmpfiles configuration file.
- Assignee changed from OISF Dev to Jason Taylor
- Status changed from New to Feedback
- Status changed from Feedback to Closed
this has been fixed in the latest rpm releases in fedora/epel.
Also available in: Atom
PDF