Hello,
I have had a setup with Suricata 7.x which was installed from the PPA in Ubuntu. This version of Suricata ran as root by default, and I have built a toolchain around Suricata.
Suricata 8.0 has been released, which is great! However, it seems to want to run as non-root user by default, and that breaks a lot of things in my setup. My workaround to run Suricata as root is to remove ‘–user suricata –group suricata’ from the systemd descriptor file, and add:
User=root
What is the reason Suricata does not run as root anymore, and is there an easier fix? A different package name to install, for example.
Thanks in advance!