Error 3302 - PacketCapture could not elevate its privilege level

book

Article ID: 160662

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor Data Loss Prevention

Issue/Introduction

After installing or upgrading a Linux Network Monitor, all services are running but you see the following errors in Enforce console and no incidents are created:

Code 3309
Summary PacketCapture could not elevate its privilege level
Detail Packet Capture was unable to load MMAP . No native capture interface is available. Please see PacketCapture.log for more information.
Code 3302
Summary MMAP is not available
Detail PacketCapture could not elevate its privileges. Some initialization tasks are likely to fail. Please check ownership and permissions of the PacketCapture executable.
Code 3301
Summary Capture failed to start on device ethX
Detail Device ethX is configured for capture, but could not be initialized. Please see PacketCapture.log for more information.

Resolution

On a fresh install, this failure condition can happen if SELinux is enabled or if DLP is installed on a partition mounted with the option "nosuid".

On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.

If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Vontu/Protect/bin/PacketCapture" with the following 2 commands and restart the services:

chown root:protect PacketCapture

chmod 6755 PacketCapture

NOTE:  It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.