LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-15-2013, 05:40 PM   #1
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Rep: Reputation: 3
Snort: ERROR: Can't start DAQ (-1) - socket: Operation not permitted!


I am using Unbuntu 11.4. (No newer version of Ubuntu works on this old desk top.) I decided to build the latest version of Snort on this server. Ubuntu does not support "sudo apt-get install" for the latest version of Snort since this version of Ubuntu is no longer supported. Hence I downloaded a tar ball and built Snort with ./configure and make. In order for snort to run, I needed to enter

Code:
export LD_LIBRARY_PATH=/usr/local/lib
so that it could find the shared library files.

Now, when I enter

Code:
snort -v -i eth0
I get

Code:
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting..
If I type

Code:
sudo snort -v -i eth0
I get

Code:
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
If I type

Code:
sudo export LD_LIBRARY_PATH=/usr/local/lib
I get

Code:
sudo: export: command not found
I can get around this problem by using su to become root and then entering

Code:
export LD_LIBRARY_PATH=/usr/local/lib
snort -v -i eth0
However I understand that one is encouraged to do as little as possible as root.

Can someone suggest the best solution to this problem?

Thanks,
OH.
 
Old 10-16-2013, 03:31 PM   #2
jason_not
Member
 
Registered: Aug 2010
Location: Beaverton, Oregon, USA
Distribution: Pfsense, Ubuntu, Centos, Fedora, Redhat, Scientfic, MacOS
Posts: 76

Rep: Reputation: 19
Hello,

The trouble here is that snort uses libraries in /usr/local/lib, but /usr/local/lib is not part of the system's library search path. This is why you are using the LD_LIBRARY_PATH variable.

Quote:
sudo export LD_LIBRARY_PATH=/usr/local/lib
The export command is a shell built-in function: it will not run because sudo is looking in PATH for export.

I recommend modifying ld.so.conf: if the contents of /etc/ld.so.conf read "include /etc/ld.so.conf.d/*.conf", then create a file under /etc/ld.so.conf.d that ends in ".conf". In my case I would call it jason.conf because a) it would tell everyone who added the entry and b) it will never get written over by a system update.

You will need to be root to modify this configuration. Afterwards, run "ldconfig" so that the system reads in your changes. once this is complete, reboot, and you should be able to run snort with sudo without any trouble.

EDIT: You might not need to reboot, but it is safer that way.

--jason

Last edited by jason_not; 10-17-2013 at 11:07 AM. Reason: afterthought
 
1 members found this post helpful.
Old 10-17-2013, 05:39 PM   #3
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by jason_not View Post
Hello,

The trouble here is that snort uses libraries in /usr/local/lib, but /usr/local/lib is not part of the system's library search path. This is why you are using the LD_LIBRARY_PATH variable.


The export command is a shell built-in function: it will not run because sudo is looking in PATH for export.

I recommend modifying ld.so.conf: if the contents of /etc/ld.so.conf read "include /etc/ld.so.conf.d/*.conf", then create a file under /etc/ld.so.conf.d that ends in ".conf". In my case I would call it jason.conf because a) it would tell everyone who added the entry and b) it will never get written over by a system update.

You will need to be root to modify this configuration. Afterwards, run "ldconfig" so that the system reads in your changes. once this is complete, reboot, and you should be able to run snort with sudo without any trouble.

EDIT: You might not need to reboot, but it is safer that way.

--jason
Hi Jason,

Thank you for your reply. I looked at /etc/ld.so.conf and the contents do indeed include

Code:
include /etc/ld.so.conf.d/*.conf
However /etc/ld.so.conf.d/ already includes a file that contains /usr/local/lib

Code:
OtagoHarbour@WebServer:~$ cat /etc/ld.so.conf.d/libc.conf
# libc default configuration
/usr/local/lib
Is there something additional that I should add to /etc/ld.so.conf.d/OtagoHarbour.conf?

Thanks,
OH.
 
Old 10-20-2013, 12:47 PM   #4
jason_not
Member
 
Registered: Aug 2010
Location: Beaverton, Oregon, USA
Distribution: Pfsense, Ubuntu, Centos, Fedora, Redhat, Scientfic, MacOS
Posts: 76

Rep: Reputation: 19
Well, running ldconfig as root should have set everything up for it.

if you run ldconfig -v, you should get an output showing all of the library paths, and libraries found. you should be able to grep for the /usr/local/lib path, and perhaps even see the new libraries installed.

Also, if you run "ldd /usr/local/bin/snort" you should see a list of all linked libraries that snort depends on.

--jason
 
1 members found this post helpful.
Old 10-26-2013, 09:13 AM   #5
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 312

Original Poster
Rep: Reputation: 3
Sorry about my slow reply.

Quote:
Originally Posted by jason_not View Post
Well, running ldconfig as root should have set everything up for it.

if you run ldconfig -v, you should get an output showing all of the library paths, and libraries found. you should be able to grep for the /usr/local/lib path, and perhaps even see the new libraries installed.

Also, if you run "ldd /usr/local/bin/snort" you should see a list of all linked libraries that snort depends on.

--jason
I put
Code:
# libc default configuration
/usr/local/lib
into /etc/ld.so.conf.d/OtagoHarbour.conf and ran

Code:
sudo ldconfig -f /etc/ld.so.conf.d/OtagoHarbour.conf
It ran without errors. However the following followed

Code:
OtagoHarbour@WebServer:~$ sudo snort -v -i eth0
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
OtagoHarbour@WebServer:~$
I then did

Code:
sudo ldconfig -v >junk.tmp
junk.tmp contains the following.

Code:
/usr/local/lib:
        libpcre.so.1 -> libpcre.so.1.0.1
        libpcreposix.so.0 -> libpcreposix.so.0.0.1
        libpcap.so.1 -> libpcap.so.1.3.0
        libpcrecpp.so.0 -> libpcrecpp.so.0.0.0
        libdaq.so.1 -> libdaq.so.1.0.0
        libsfbpf.so.0 -> libsfbpf.so.0.0.1
Also
Code:
OtagoHarbour@WebServer:~$ ls -l /usr/local/lib/libdnet.1
lrwxrwxrwx 1 root root 13 2012-08-11 21:52 /usr/local/lib/libdnet.1 -> libdnet.1.0.1
OtagoHarbour@WebServer:~$
Thanks,
OH.
 
  


Reply

Tags
shared object, snort, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Error creating directory: Operation not permitted alirezaimi Linux - Newbie 16 04-02-2013 10:51 AM
cat: Write Error: Operation not permitted Error knobby67 Programming 2 01-25-2010 09:01 AM
FAT32 error operation not permitted Maverick1182 Mandriva 5 06-23-2006 02:09 AM
mknod gives Operation Not Permitted error choobad Linux - Software 2 07-13-2004 06:46 AM
Type Read: Operation Not Permitted Error Snabber Linux - Newbie 5 06-05-2003 09:02 PM


All times are GMT -5. The time now is 03:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration