I am a information security student and am tasked with installing and configuring Snort IDS on a virtual machine. We are supposed to create a security group with a user named Jane who has permissions for snort. I am using linux mint because I was unable to compile the source code on centos and get snort working properly.
We are supposed to run the command "sudo snort -T -i (interface) -u Jane -g snort -c /etc/snort/snort.conf" to validate our configuration of snort. So far if I omit the "-u Jane -g snort" and execute just "sudo snort -T -i (interface) -c /etc/snort/snort.conf" I get a successful validation after the command is executed. When I introduce Jane into the command I get an error saying "cant set DAQ BPF filter to 'Jane' (pcap_daq_set_filter: pcap_compile: syntax error)!"
I have created the user Jane and added her to the snort group. I logged in as Jane and am able to run snort from that account in the way mentioned above, but I still cannot use the -U switch. I did a google search and found something about utc, which is supposed to be the equivalent of the -U switch. I did more google searches but came up with nothing that could help me. I searched around the snort.conf file and couldn't find anything related to utc. There is probably something very obvious that I am overlooking here. Any pointers would be greatly appreciated. If there is any other information that is required, it can be provided.
-Thank you
Trev19
We are supposed to run the command "sudo snort -T -i (interface) -u Jane -g snort -c /etc/snort/snort.conf" to validate our configuration of snort. So far if I omit the "-u Jane -g snort" and execute just "sudo snort -T -i (interface) -c /etc/snort/snort.conf" I get a successful validation after the command is executed. When I introduce Jane into the command I get an error saying "cant set DAQ BPF filter to 'Jane' (pcap_daq_set_filter: pcap_compile: syntax error)!"
I have created the user Jane and added her to the snort group. I logged in as Jane and am able to run snort from that account in the way mentioned above, but I still cannot use the -U switch. I did a google search and found something about utc, which is supposed to be the equivalent of the -U switch. I did more google searches but came up with nothing that could help me. I searched around the snort.conf file and couldn't find anything related to utc. There is probably something very obvious that I am overlooking here. Any pointers would be greatly appreciated. If there is any other information that is required, it can be provided.
-Thank you
Trev19
Facebook
Twitter
Instagram