为了定位问题,需要在Linux上使用tcpdump并且保存到文件,遇到了如下问题:
tcpdump port 9001 -w xx
tcpdump: xx: Permission denied
因为已经是root用户,所以判断不是文件系统权限的问题。
在网上查了一下,找到解决方法:将tcpdump的模式从enforce改为complain模式。
修改过程如下:
先查看处在那个模式:
grep tcpdump /sys/kernel/security/apparmor/profiles
/usr/sbin/tcpdump (enforce)
果然不是complain模式。
修改为complain模式:
aa-complain /usr/sbin/tcpdump
The program 'aa-complain' is currently not installed. You can install it by typing:
apt-get install apparmor-utils
出现错误,按照提示安装apparmor-utils,过程略,然后再次执行:
aa-complain /usr/sbin/tcpdump
Setting /usr/sbin/tcpdump to complain mode.
查看:
grep tcpdump /sys/kernel/security/apparmor/profiles
/usr/sbin/tcpdump (complain)
完成
参考:
tcpdump permission denied:https://ubuntuforums.org/showthread.php?t=1501339
页面内容比较多,关键信息如下:
This is probably caused by AppArmor. You need to switch from 'enforcement' mode to 'complain' mode on 'tcpdump'. Run the following command as root:
Code:
aa-complain /usr/sbin/tcpdump
You can check by running the following command as root:
Code:
grep tcpdump /sys/kernel/security/apparmor/profiles
You should see (enforce) or (complain). You want it to say (complain).
AppArmor介绍:http://www.tuicool.com/articles/aeiIzq
Linux版本:Linux 10-6-13-14 3.2.0-85-generic #122-Ubuntu SMP Tue May 26 16:14:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux