18Oca
Snort fails when run as a service
I've got Snort compiled, configured, and running. Only problem I have is that it fails when I try to run it as a service. I've mainly been using the guide from here: https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/012/147/original/Snort_3.1.8.0_on_Ubuntu_18_and_20.pdf.
Running
snort -u snort -g snort -c /usr/local/snort/etc/snort/snort.lua -s 65535 -k none -l /var/log/snort -i enp3s0:enp4s0 -m 0x1b --plugin-path=/usr/local/etc/so_rules
from the terminal has no issue except that when try to stop it, it says that it's stopping but never stops. I have to send a SIGKILL to kill it.
Service file:
[Unit]
Description=Snort3 NIDS Daemon
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/usr/local/snort/bin/snort -Q -q -u snort -g snort -c /usr/local/snort/etc/snort/snort.lua snort -s 65535
-k none -l /var/log/snort -D -i enp3s0:enp4s0 -m 0xlb --create-pidfile
--plugin-path=/usr/local/etc/so_rules/
[Install]
WantedBy=multi-user.target
Output of 'systemctl status snort3':
root@snort:~# systemctl status snort3
× snort3.service - Snort3 NIDS Daemon
Loaded: loaded (/lib/systemd/system/snort3.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-01-02 13:18:44 CST; 6min ago
Duration: 64ms
Process: 798 ExecStart=/usr/local/snort/bin/snort -Q -q -u snort -g snort -c /usr/local/snort/etc/snort/snort.lua s>
Main PID: 798 (code=exited, status=1/FAILURE)
CPU: 57ms
Jan 02 13:18:44 snort systemd[1]: Started snort3.service - Snort3 NIDS Daemon.
Jan 02 13:18:44 snort snort[798]: ERROR: unknown option - snort
Jan 02 13:18:44 snort snort[798]: ERROR: can't set -m 0xlb
Jan 02 13:18:44 snort snort[798]: ERROR: usage: -m set the process file mode creation mask
Jan 02 13:18:44 snort snort[798]: FATAL: see prior 3 errors
Jan 02 13:18:44 snort snort[798]: Fatal Error, Quitting..
Jan 02 13:18:44 snort systemd[1]: snort3.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 13:18:44 snort systemd[1]: snort3.service: Failed with result 'exit-code'.
Snort version:
,,_ -> Snort++ <-
o" )~ Version 3.1.76.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.11 19 Sep 2023
Using libpcap version 1.10.3 (with TPACKET_V3)
Using PCRE version 8.39 2016-06-14
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-12-25
Using LZMA version 5.4.1
OS: Debian 12
