I have these permissions in that directory currently:
-rw-r--r-- 1 root ossec 76 Sep 5 19:51 ar.conf
-r--r----- 1 root ossec 13828 Aug 8 20:42 rootkit_files.txt
-r--r----- 1 root ossec 3447 Mar 10 13:14 rootkit_trojans.txt
The daemons are running as:
ossecm 35685 0.0 0.1 1484 1012 ?? S Tue07PM
0:00.50 /var/ossec/bin/ossec-maild
root 35689 0.0 0.1 1388 836 ?? I Tue07PM 0:00.02
/var/ossec/bin/ossec-execd
ossec 35693 0.0 0.2 1984 1560 ?? I Tue07PM 0:01.87
/var/ossec/bin/ossec-analysi
root 35697 0.0 0.1 1420 832 ?? S Tue07PM 0:04.07
/var/ossec/bin/ossec-logcoll
ossecr 35703 0.0 0.1 2180 1320 ?? I Tue07PM 0:01.31
/var/ossec/bin/ossec-remoted
root 35707 0.0 0.1 1640 1256 ?? I Tue07PM 2:51.72
/var/ossec/bin/ossec-syschec
Thanks,
Forrest
Daniel Cid wrote:
Hi Forrest,
I noticed this too. It is a permission problem in the
/var/ossec/etc/shared
directory. I have been fixing a lot of stuff lately and I will release
a new
cvs snapshot with these fixes soon.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/5/06, Forrest Aldrich <forrie@xxxxxxxxxx> wrote:
Seems this is a problem elsewhere, too.
2006/09/05 20:00:51 /etc/shared/rootkit_trojans.txt: Error accessing
file ''
2006/09/05 20:00:51 /etc/shared/rootkit_files.txt: Error accessing file
''
Yet, I see:
ossec.conf:
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
ossec.conf:
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
Something's not getting the $PATH of OSSEC.
BTW, this is on FreeBSD-6.1, if that matters.
_F
|