[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] ossec-list Digest, Vol 7, Issue 9
- Subject: [Ossec-list] ossec-list Digest, Vol 7, Issue 9
- From: sebastian.benner at FernUni-Hagen.de (Sebastian Benner)
- Date: Tue, 16 May 2006 09:01:25 +0200 (CEST)
Hello,
thank's for the help. I just checked my installation directory:
..............................................................
bash-3.00# cd bin
bash: cd: bin: Not a directory
bash-3.00# more bin
ELF?4??4 (?44?????,?88?/usr/lib/ld.so.1
?!#$&(),0246789:;<>@BDFIJLMNOQRSTVXZ[\]^_`acefhiklpqrtwxyz{|}
bash-3.00#
bash-3.00# ls -alF
total 200
drwxr-xr-x 6 1000 1005 May 15 11:13 ./
drwxrwxrwt 3 root 377 May 16 03:30 ../
-rw-r--r-- 1 1000 3132 Feb 8 21:04 BUGS
-rw-r--r-- 1 1000 18638 May 10 01:40 CHANGELOG
-rw-r--r-- 1 1000 365 Apr 12 22:42 CONFIG
-rw-r--r-- 1 1000 1240 May 4 21:29 CONTRIB
-rw-r--r-- 1 1000 1926 Apr 12 22:42 INSTALL
-rw-r--r-- 1 1000 1887 Mar 22 22:01 INSTALL.br
-rw-r--r-- 1 1000 234 May 10 01:40 README
-rw-r--r-- 1 1000 236 Feb 8 16:35 TODO
drwxr-xr-x 3 1000 400 May 10 16:35 active-response/
-rwxr-xr-x 1 root 42256 May 16 08:19 bin*
drwxr-xr-x 3 1000 745 May 10 16:35 doc/
drwxr-xr-x 4 1000 665 May 15 10:42 etc/
-rwxr-xr-x 1 1000 19007 May 10 01:40 install.sh*
drwxr-xr-x 23 1000 2015 May 15 10:43 src/
..............................................................
bin is created, but it's a regular file and not a directory ...
I removed bin and followed your hint (creating ./bin by hand). It's still
not working ...
------------------------------------------------------------
cp -pr ossec-maild ../../bin
cp -pr ossec-execd ../../bin
cp -pr ossec-analysisd ../../bin
cp -pr ossec-logcollector ../../bin
cp -pr ossec-remoted ../../bin
cp -pr ossec-agentd ../../bin
cp -pr manage_agents ../../bin
cp -pr manage_agents ../../bin
cp -pr syscheck_update clear_stats ../../bin
cp -pr ossec-syscheckd ../../bin
chmod: WARNING: can't access /var/ossec
chown: unknown user id: root:ossec
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/queue/alerts
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/queue/ossec
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/queue/fts
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/queue/syscheck
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/queue/rootcheck
chown: unknown user id: ossecr:ossec
chmod: WARNING: can't access /var/ossec/queue/agent-info
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/stats
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/logs
touch: cannot create /var/ossec/logs/ossec.log: No such file or directory
chown: unknown user id: ossec:ossec
chmod: WARNING: can't access /var/ossec/logs/ossec.log
cp: /var/ossec/rules/ not found
chown: unknown user id: root:ossec
chmod: WARNING: can't access /var/ossec/rules
chmod: WARNING: can't access /var/ossec/etc
chown: unknown user id: root:ossec
Usage: cp [-f] [-i] [-p] [-@] f1 f2
cp [-f] [-i] [-p] [-@] f1 ... fn d1
cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
chmod: WARNING: can't access /var/ossec/var/run
chown: unknown user id: root:ossec
cp: /var/ossec/bin/ not found
cp: cannot create /var/ossec/bin/: No such file or directory
cp: cannot create /var/ossec/bin/: No such file or directory
cp: cannot create /var/ossec/bin/: No such file or directory
cp: cannot create /var/ossec/bin/ossec-control: No such file or directory
cp: cannot create /var/ossec/etc/: No such file or directory
cp: /var/ossec/etc/shared/ not found
cp: /var/ossec/active-response/bin/ not found
chmod: WARNING: can't access /var/ossec/active-response/bin/*
Not overwritting /etc/ossec.conf.
------------------------------------------------------------
bash-3.00# showrev
Hostname: ossec-server
Hostid: 83566709
Release: 5.10
Kernel architecture: sun4u
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain:
Kernel version: SunOS 5.10 Generic_118822-25
Regards,
Sebastian
> Today's Topics:
>
> 1. Re: ossec-list Digest, Vol 7, Issue 7 (Daniel Cid)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 15 May 2006 11:10:59 -0300
> From: "Daniel Cid" <daniel.cid at gmail.com>
> Subject: Re: [Ossec-list] ossec-list Digest, Vol 7, Issue 7
> To: "Sebastian Benner" <sebastian.benner at fernuni-hagen.de>
> Cc: ossec-list at ossec.net
> Message-ID:
> <b92e6f200605150710g4947bdf0ie5401bfd463c5050 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi Sebastian,
>
> Looks like the "bin" directory wasn't created for some reason... Can
> you do the following:
>
> -Remove /var/ossec (rm -rf /var/ossec)
> -Start the installation process again (cd ossec-hids-0.8).
> -Before running the install.sh script, create ./bin (mkdir ./bin).
> -Run ./install.sh and see if it works.
>
> *I don't have Solaris in here, so I can't help you much more than that.
> Probably Ahmet (the Solaris guy :)) will be able to give you a better answer.
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
>
> On 5/15/06, Sebastian Benner <sebastian.benner at fernuni-hagen.de> wrote:
>>
>> Hello,
>>
>> I tried to install ossec 0.8 on a Solaris 10 Zone. The install script
>> worked so far, but some errors occured making it impossible to start
>> ossec :-(
>>
>> .......................................................................
>> *** Making syscheckd ***
>>
>> gcc -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL
>> -lsocket -lnsl -lresolv -DSOLARIS -DHIGHFIRST -include strings.h
>> -DARGV0=\"ossec-syscheckd\" -DXML_VAR=\"var\" -DOSSECHIDS syscheck.c
>> config.c create_db.c run_check.c ../config/*.c ../shared/lib_shared.a
>> ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a
>> ../os_crypto/os_crypto.a ../rootcheck/rootcheck_lib.a -o ossec-syscheckd
>> cp -pr ossec-maild ../../bin
>> cp -pr ossec-execd ../../bin
>> cp -pr ossec-analysisd ../../bin
>> cp -pr ossec-logcollector ../../bin
>> cp -pr ossec-remoted ../../bin
>> cp -pr ossec-agentd ../../bin
>> cp -pr manage_agents ../../bin
>> cp -pr manage_agents ../../bin
>> cp -pr syscheck_update clear_stats ../../bin
>> cp: Target ../../bin must be a directory
>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>> *** Error code 2
>> make: Fatal error: Command failed for target `build'
>> Current working directory /tmp/ossec-hids-0.8/src/util
>>
>> Error Making the binaries
>> *** Error code 1
>> The following command caused the error:
>> /bin/sh ./Makeall build
>> make: Fatal error: Command failed for target `build'
>> chmod: WARNING: can't access /var/ossec
>> chown: unknown user id: root:ossec
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/queue/alerts
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/queue/ossec
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/queue/fts
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/queue/syscheck
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/queue/rootcheck
>> chown: unknown user id: ossecr:ossec
>> chmod: WARNING: can't access /var/ossec/queue/agent-info
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/stats
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/logs
>> touch: cannot create /var/ossec/logs/ossec.log: No such file or directory
>> chown: unknown user id: ossec:ossec
>> chmod: WARNING: can't access /var/ossec/logs/ossec.log
>> cp: /var/ossec/rules/ not found
>> chown: unknown user id: root:ossec
>> chmod: WARNING: can't access /var/ossec/rules
>> chmod: WARNING: can't access /var/ossec/etc
>> chown: unknown user id: root:ossec
>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>> chmod: WARNING: can't access /var/ossec/var/run
>> chown: unknown user id: root:ossec
>> cp: ../bin/ossec*: Not a directory
>> cp: ../bin/manage_agents: Not a directory
>> cp: ../bin/syscheck_update: Not a directory
>> cp: ../bin/clear_stats: Not a directory
>> cp: cannot create /var/ossec/bin/ossec-control: No such file or directory
>> cp: cannot create /var/ossec/etc/: No such file or directory
>> cp: /var/ossec/etc/shared/ not found
>> cp: /var/ossec/active-response/bin/ not found
>> chmod: WARNING: can't access /var/ossec/active-response/bin/*
>> Not overwritting /etc/ossec.conf.
>>
>>
>> - Unknown system. No init script added.
>>
>> - Configuration finished properly.
>>
>> - To start OSSEC HIDS:
>> /var/ossec/bin/ossec-control start
>>
>> - To stop OSSEC HIDS:
>> /var/ossec/bin/ossec-control stop
>>
>> - The configuration can be viewed or modified at
>> /var/ossec/etc/ossec.conf
>>
>>
>> Thanks for using the OSSEC HIDS.
>> If you have any question, suggestion or if you find any bug,
>> contact us at contact at ossec.net or using our public maillist at
>> ossec-list at ossec.net
>> (http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).
>>
>> More information can be found at http://www.ossec.net
>>
>> --- Press ENTER to finish (maybe more information bellow). ---
>> ........................................................................
>>
>> I am using gnu tools and software installed as packages via blastwave.org
>> (e.g. gcc3, wget...) needed to install and compile ossec.
>>
>>
>> Regards,
>>
>> Sebastian
>>
>>
>>
>>
>>
>> On Fri, 12 May 2006, ossec-list-request at ossec.net wrote:
>>
>>> Send ossec-list mailing list submissions to
>>> ossec-list at ossec.net
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>> or, via email, send a message with subject or body 'help' to
>>> ossec-list-request at ossec.net
>>>
>>> You can reach the person managing the list at
>>> ossec-list-owner at ossec.net
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of ossec-list digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Version 0.8 of OSSEC HIDS is now available! (Daniel Cid)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Thu, 11 May 2006 17:17:30 -0300
>>> From: "Daniel Cid" <daniel.cid at gmail.com>
>>> Subject: [Ossec-list] Version 0.8 of OSSEC HIDS is now available!
>>> To: "OSSEC Users List" <ossec-list at ossec.net>
>>> Message-ID:
>>> <b92e6f200605111317n58aa5bale194d4cb30b4583e at mail.gmail.com>
>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>
>>> This is the first version offering native support to
>>> Windows NT, XP, 2000 and 2003. It includes as well a new set
>>> of log analysis rules for sendmail, web logs (Apache and
>>> IIS), IDSs and Windows authentication events.
>>>
>>> The correlation rules for squid, mail logs, firewall events
>>> and authentication systems have been improved, detecting
>>> scans, brute-force attacks, worms and internal attacks.
>>> In addition to that, the active-responses were refined, with
>>> support to IPFW (FreeBSD) added.
>>>
>>> The installation process was re-organized, now including simpler
>>> configuration options and translation on 6 different languages
>>> (English, Portuguese, German, Turkish, Polish and Italian).
>>>
>>>
>>> To download the Unix and Windows versions:
>>> http://www.ossec.net/en/downloads.html
>>>
>>>
>>> Use our mailling list if you have any question or comment:
>>> http://www.ossec.net/en/mailing_lists.html
>>>
>>>
>>> More information about the Windows support:
>>> http://www.ossec.net/en/manual.html#windows
>>>
>>>
>>>
>>> Detailed changelog (new features added):
>>>
>>> - Active response for IPFW (Thanks Welkson de Medeiros
>>> and Rafael Capovilla for the help).
>>>
>>> - Improved rules for Squid (Thanks Ahmet and Marcus Maciel for the help).
>>>
>>> - Rules for Sendmail (thanks Ahmet Ozturk).
>>>
>>> - Improvements to the host-deny active response, with
>>> support to locking added (Thanks Kayvan A. Sylvan).
>>>
>>> - Improvements to the installation script and the
>>> manage_agents tool, making it much simpler to use
>>> (thanks Ahmet and Kayvan for the help).
>>>
>>> - Installation in Italian (thanks Alberto Furia).
>>>
>>> - Installation in Polish (thanks Dziankowski Krzysztof).
>>>
>>> - Rules for Windows authentication, success audit and failure
>>> audit events.
>>>
>>> - Correlation rules for web logs (Apache and IIS).
>>>
>>> - Support for variable file names (based on date) to be monitored.
>>>
>>> - Support for Windows (Agent only).
>>> http://www.ossec.net/en/manual.html#windows
>>>
>>> - Support for IIS.
>>> http://www.ossec.net/en/manual.html#iis
>>>
>>> - Clean up of the configuration options and documentation on
>>> the web site.
>>> http://www.ossec.net/en/manual.html
>>>
>>> - Lot of new small features and bug fixes.
>>>
>>>
>>> For more information:
>>> http://www.ossec.net/
>>>
>>>
>>> To download the new version:
>>> http://www.ossec.net/en/downloads.html
>>>
>>>
>>> We want to thanks everyone who sent comments, suggestions
>>> or just some nice words to us! We really appreciate the
>>> feedback!
>>>
>>> Daniel B. Cid (in name of the OSSEC HIDS team).
>>> http://www.ossec.net/en/about.html#dev-team
>>> http://www.ossec.net/announcements/v08-2006-05-12.txt
>>>
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> ossec-list mailing list
>>> ossec-list at ossec.net
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>>
>>> End of ossec-list Digest, Vol 7, Issue 7
>>> ****************************************
>>>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>
>
>
> ------------------------------
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
>
> End of ossec-list Digest, Vol 7, Issue 9
> ****************************************
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.