Project

General

Profile

Actions

Support #3126

closed

Suricata can't drop privilages on Debian 10

Added by Daniel Vein over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Affected Versions:
Label:

Description

user@debian:~$ suricata --build-info
This is Suricata version 4.1.4 RELEASE
Features: NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LIBJANSSON TLS MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 8.3.0, C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.30, linked against LibHTP v0.5.30

Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no

Unix socket enabled:                     yes
Detection enabled: yes
Libmagic support:                        yes
libnss support: yes
libnspr support: yes
libjansson support: yes
liblzma support: no
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: yes
Non-bundled htp: no
Old barnyard2 support: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: no
Rust support:                            yes (default)
Rust strict mode: no
Rust debug mode: no
Rust compiler: rustc 1.34.2
Rust cargo: cargo 1.34.0
Install suricatasc:                      yes
Install suricata-update: yes
Profiling enabled:                       no
Profiling locks enabled: no

Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no

Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/

--prefix                                 /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host:                                    x86_64-pc-linux-gnu
Compiler: gcc (exec name) / gcc (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS g -O2 -march=native -I${srcdir}/../rust/gen/c-headers
PCAP_CFLAGS -I/usr/include
SECCFLAGS
-----------------------------------------------------------------------------------------------------------------------------------------

root@sdebian:/etc/suricata# suricata c suricata.yaml -q 0 --user=suri --group=suri
25/8/2019 -
16:15:10 - <Notice> - This is Suricata version 4.1.4 RELEASE
25/8/2019 -- 16:15:10 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata/classification.config": Permission denied
25/8/2019 -- 16:15:10 - <Error> - [ERRCODE: SC_ERR_OPENING_FILE(40)] - please check the "classification-file" option in your suricata.yaml file
25/8/2019 -- 16:15:10 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata/reference.config": Permission denied
25/8/2019 -- 16:15:10 - <Error> - [ERRCODE: SC_ERR_OPENING_FILE(40)] - please check the "reference-config-file" option in your suricata.yaml file
25/8/2019 -- 16:15:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules
25/8/2019 -- 16:15:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
25/8/2019 -- 16:15:10 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": Permission denied
25/8/2019 -- 16:15:10 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Cannot create socket directory /var/run/suricata/: Permission denied
25/8/2019 -- 16:15:10 - <Warning> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unable to create unix command socket
25/8/2019 -- 16:15:10 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
^C25/8/2019 -- 16:15:46 - <Notice> - Signal Received. Stopping engine.
25/8/2019 -- 16:15:47 - <Notice> - (RX-Q0) Treated: Pkts 0, Bytes 0, Errors 0
25/8/2019 -- 16:15:47 - <Notice> - (RX-Q0) Verdict: Accepted 0, Dropped 0, Replaced 0

Actions

Also available in: Atom PDF