[9.171][ANSWERED] Snort PID file errors

Hi,

When stopping Snort from WebAdmin (disabling IPS), I see the following in the ips.log:

Could not remove pid file /var/run//snort_1.pid: Permission denied
Could not remove pid file /var/run//snort_0.pid: Permission denied

The double slashes (//) are not a typo on my end.

ls /var/chroot-snort/var/run/ does show the files are still there, owned by root, 400 permissions.

Barry

0 kofi over 11 years ago

Hi Barry,

this issue also exists in older versions, verified it with 9.106.

The problem here is that snorts drops his privileges after starting but the pid file is writen before the priviliges are dropped. When snort then shutdown he has not the permission to delete or even read this file.

-rw------- 1 root root 6 Nov 29 15:06 snort_0.pid

I'm not sure if we will change this behaviour because it has no functional impact.

I will ask the developer.

Thanks for reporting.

Best,
Kofi
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel