[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] A few comments on installation

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] A few comments on installation
From: Stephen Bunn <sbunn@xxxxxxxxxxxxxxxxx>
Date: Tue, 11 Jul 2006 23:00:23 +0900
Organization: Rogue Software

I have recently setup ossec 0.8 on my Ubuntu machine and would like to
make the following comments for improvement.

1.  The installation documentation refers to this address
http://www.ossec.net/files/ossec-hids-latest_sum.txt for the MD5 and
SHA1 checksums, however this document does not exist.  I found only the
ossec-hids-0.8-latest_sum.txt existing.  This is fine, however the
documentation needs to be updated.

2. Just a minor note, on both my Gentoo and Ubuntu boxes the commands
for md5 and sha1 are called md5sum and sha1sum.  The installation
documentation might want to make a Note: about this, however its not
that important. If you are installing a HIDS then you should probably
know how to calculate a MD5 sum on your box.

3.  tar -zxvf ossec-hids-* doesn't work because of the MD5/SHA1 text
file is there.  The documentation has you download the checksums making
the untar command ambiguous. 

4.  During the last part of installation the world "below" is misspelled
(as pointed out below).

"Press ENTER to finish (maybe more information bellow)"


5.  none of the syscheck check_xxx values seem to work as described in
the documentation.  For example the documentation says check_sum should
take a yes or no value, however
<check_sum>yes</check_sum> is listed as an invalid value upon startup.
This applies to all the check_xxx values listed in the documentation.  I
couldn't get any of them to work. 


6. The one question that I can't find an answer to is; Where can you get
updated txt files for the rootcheck program?  Several points in the
documentation point out a "the signature files are here" but I could not
find a link to the actual signatures anywhere.  I'm assuming that ossec
is not going to update the signatures by it's self.  So how do I go
about making sure that rootcheck's signature files are up to date?

Overall I'm very impressed, and find the installation very easy.

Thanks.

-- 
Stephen Bunn
http://sbunn.roguesoftware.net


--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: A few comments on installation
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: A few comments on installation
Next by Date: [ossec-list] Re: A few comments on installation
Previous by thread: [ossec-list] Re: Russian translation of installation process is available
Next by thread: [ossec-list] Re: A few comments on installation
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.