[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] a few items

Subject: [Ossec-list] a few items
From: dom at vbi.vt.edu (Dominik L. Borkowski)
Date: Wed, 29 Mar 2006 09:43:13 -0500

Hello,
I stumbled upon ossec, and it really sparked my interest. I'm interested in 
deploying it for our servers, maybe in addition to tripwire. 

Now, a few things I've noticed that may be of interest to the developers:

1) the install script doesn't adjust ossec-control if you specify a location 
different than /var/ossec. So far that's the only thing that needs to be 
manually adjusted

2) ownership on ossec-control seems to be a bit odd: it's owned by uid 1000, 
gid 1000, which is different from the users that ossec creates.

3) on the agent side during the install I've selected to not use active 
response. However, ossec-control will still start ossec-agentd, which of 
course then fails:

2006/03/29 09:33:01 ossec-agentd(1301): Unable to connect to active response 
queue.

I also have a question about the checksum_db dir, what is it used for? I've 
tried server, agent and local installations, and neither seem to be using 
that dir for anything.

None of the issues listed above are critical, but they may make life easier on 
some folks :)

sincerely,
-- 
Dominik L. Borkowski - Senior Systems Administrator
Virginia Bioinformatics Institute - www.vbi.vt.edu

Follow-Ups:
- [Ossec-list] a few items
  - From: Daniel Cid

Prev by Date: [Ossec-list] 0.6-1 and Mac OS X
Next by Date: [Ossec-list] a few items
Previous by thread: [Ossec-list] Version 0.7 of the OSSEC HIDS is now available
Next by thread: [Ossec-list] a few items
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.