[ossec-dev] [Bug 53] New: syscheck won't run if rootcheck is disabled

[ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx]

http://www.ossec.net/bugs/show_bug.cgi?id=53

           Summary: syscheck won't run if rootcheck is disabled
           Product: OSSEC
           Version: 1.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P3
         Component: syscheck
        AssignedTo: ossec-dev@xxxxxxxxx
        ReportedBy: nkrukauskas@xxxxxxxxx


Observed on 'local' installation of 1.3. Actually it was an upgrade from 1.1.
As this particular instance runs on VPS, I decided to turn rootkit checking
off. In /var/ossec/etc/ossec.conf I did:

  <rootcheck>
    <disabled>yes</disabled>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
   
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
  </rootcheck>

After that rootchek daemon does not start as expected. But syscheck daemon also
does not start, which was not the desired outcome.


-- 
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.