After installing or upgrading a Linux Network Monitor, all services are running but you see the following errors in Enforce console and no incidents are created:
Code | 3309 |
Summary | PacketCapture could not elevate its privilege level |
Detail | Packet Capture was unable to load MMAP . No native capture interface is available. Please see PacketCapture.log for more information. |
Code | 3302 |
Summary | MMAP is not available |
Detail | PacketCapture could not elevate its privileges. Some initialization tasks are likely to fail. Please check ownership and permissions of the PacketCapture executable. |
Code | 3301 |
Summary | Capture failed to start on device ethX |
Detail | Device ethX is configured for capture, but could not be initialized. Please see PacketCapture.log for more information. |
On a fresh install, this failure condition can happen if SELinux is enabled or if DLP is installed on a partition mounted with the option "nosuid".
On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.
If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Vontu/Protect/bin/PacketCapture" with the following 2 commands and restart the services:
chown root:protect PacketCapture
chmod 6755 PacketCapture
NOTE: It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.