0

Running snort 2.9.7.0 on the latest Arch Linux OS on Raspberry Pi B+ model. I have tried to run Snort multiple times in NIDS mode: snort –dev –l log –h 192.168.1.0/24 –c snort.conf OR snort -c snort.conf -l /log -h 127.0.0.1/24 -s.

I always get this error: ./etc/snort/rules/emerging-icmp.rules(0) Unable to open rules file "./etc/snort/rules/emerging-icmp.rules" no such file or directory. The problem is this file does exist and is part of the rules directory!

I did modify the snort.conf as some tutorials and the manual http://manual.snort.org/node18.html suggested however this did not help in any way and I hit a brick wall. I'm not seeing what I'm doing wrong.

Does it have to do with . before / ?

user2050798
  • 1
  • 1

1 Answers1

0

The ./ will check the directory you're snort.conf is in so if it isn't in the root (/) directory that is probably why. You should remove the . If the rules files is actually in /etc. It could also be a permissions problem. Make sure the permissions are correct on that file for the user you are running snort as.

johnjg12
  • 1,083
  • 8
  • 17
  • Thanks for your answer johnjg12. The snort.conf pointed to /etc/snort/rules (where the rules actually were) however it might have been a permission issue: tried sudo snort bla bla and it worked ! :) I forgotten i followed a tutorial that suggested creating a limited user just for snort. I will check my devlog and provide the link. Thanks again – user2050798 Mar 17 '15 at 15:27