Error 3302 - PacketCapture could not elevate its privilege level
Article ID: 160662
Updated On:
Products
Issue/Introduction
After installing or upgrading a Linux Network Monitor, all services are running but you see the following errors in Enforce console and no incidents are created:
| Code | 3309 |
| Summary | PacketCapture could not elevate its privilege level |
| Detail | Packet Capture was unable to load MMAP . No native capture interface is available. Please see PacketCapture.log for more information. |
| Code | 3302 |
| Summary | MMAP is not available |
| Detail | PacketCapture could not elevate its privileges. Some initialization tasks are likely to fail. Please check ownership and permissions of the PacketCapture executable. |
| Code | 3301 |
| Summary | Capture failed to start on device ethX |
| Detail | Device ethX is configured for capture, but could not be initialized. Please see PacketCapture.log for more information. |
Resolution
On a fresh install, this failure condition can happen if SELinux is enabled or if DLP is installed on a partition mounted with the option "nosuid".
On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.
If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Vontu/Protect/bin/PacketCapture" with the following 2 commands and restart the services:
chown root:protect PacketCapture
chmod 6755 PacketCapture
In DLP 16.0+ You must also chown PacketCaptureLauncher and PacketCaptureLoaderArguments.conf
chown root:protect PacketCaptureLauncher
chown root:protect PacketCaptureLoaderArguments.conf
In the Protect/bin directory, all executables should be set to 750 , except for PacketCaptureLauncher which should be 4750.
The defaults will be corrected in a future release.
NOTE: It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.
Feedback
