Hello,
Not finding any useful information regarding my problems anywhere. I'm new
to OSSEC HIDS. I played around a little bit with an appliance version, but
now want to install it on a DevOps host.
I just did a fresh install of OSSEC HIDS from the atomicorp repo. Install
seemed to go normally, although none of the usual installation questions
were asked with respect to the questions asked by /install.sh in the manual
(ie installation type, e-mail address, notifications, different engines,
etc.). Haven't found any instructions on how to do those configuration
steps post-install either.
Anyways, I installed using the command
yum install ossec-hids ossec-hids-server
Everything seemed normal. No error messages during the installation.
After the installation, I attempted to start OSSEC-HIDS with the command
/etc/init.d/ossec-hids start
At this point I got an error "Command not found".
I rebooted the server and was then able to run the command. At this point I
got the following errors:
Starting ossec-hids (via systemctl): Job for ossec-hids.service failed
because the control process exited with error code. See "systemctl status
ossec-hids.service" and "journalctl -xe" for details.
[FAILED]
I then ran journalctl -xe and gotr the following output:
-- Unit ossec-hids.service has begun starting up.
Apr 06 21:35:48 RHEL7HOST realmd[1698]: quitting realmd service after
timeout
Apr 06 21:35:48 RHEL7HOST realmd[1698]: stopping service
Apr 06 21:36:01 RHEL7HOST ossec-hids[2382]: Starting ossec-hids: [FAILED]
Apr 06 21:36:01 RHEL7HOST systemd[1]: ossec-hids.service: control process
exited, code=exited status=1
Apr 06 21:36:01 RHEL7HOST systemd[1]: Failed to start SYSV: OSSEC-HIDS is
an Open Source Host-based Intrusion Detection System..
-- Subject: Unit ossec-hids.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ossec-hids.service has failed.
--
-- The result is failed.
Apr 06 21:36:01 RHEL7HOST systemd[1]: Unit ossec-hids.service entered
failed state.
Apr 06 21:36:01 RHEL7HOST systemd[1]: ossec-hids.service failed.
I'm stumped. What I find really curious is the fact that realmd seems to
stop (and immediately restarts after the failed start). Any help
appreciated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
