Hi Felix, I followed your steps and got the same result. Maybe the OSSEC log could help us:
root@centos ~]# tail /var/ossec/logs/ossec.log 2017/04/07 00:59:35 ossec-testrule: INFO: Reading local decoder file. 2017/04/07 00:59:35 ossec-testrule: INFO: Started (pid: 2303). 2017/04/07 00:59:50 ossec-maild(1501): ERROR: Invalid SMTP Server: smtp.example.com. 2017/04/07 00:59:50 ossec-maild(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. 2017/04/07 00:59:50 ossec-maild(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. I think that the problem is that email notifications are enabled but no valid SMTP server is configured, so if you get the same error edit file "/var/ossec/etc/ossec.conf" and try to configure the email settings, or disable email notifications if you won't use them: <global> *<email_notification>no</email_notification>* <email_to>daniel....@example.com</email_to> <smtp_server>smtp.example.com.</smtp_server> <email_from>oss...@ossec.example.com.</email_from> </global> Then try to start OSSEC again: [root@centos ~]# systemctl start ossec-hids [root@centos ~]# systemctl status ossec-hids *●* ossec-hids.service - SYSV: OSSEC-HIDS is an Open Source Host-based Intrusion Detection System. Loaded: loaded (/etc/rc.d/init.d/ossec-hids; bad; vendor preset: disabled) Active: *active (running)* since Fri 2017-04-07 01:03:08 PDT; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2386 ExecStart=/etc/rc.d/init.d/ossec-hids start (code=exited, status=0/SUCCESS) CGroup: /system.slice/ossec-hids.service ├─2414 /var/ossec/bin/ossec-execd ├─2418 /var/ossec/bin/ossec-analysisd ├─2422 /var/ossec/bin/ossec-logcollector ├─2433 /var/ossec/bin/ossec-syscheckd └─2437 /var/ossec/bin/ossec-monitord Hope it help. Best regards. On Fri, Apr 7, 2017 at 4:12 AM, Felix Martel <martel.fe...@gmail.com> wrote: > Hello, > > Not finding any useful information regarding my problems anywhere. I'm new > to OSSEC HIDS. I played around a little bit with an appliance version, but > now want to install it on a DevOps host. > > I just did a fresh install of OSSEC HIDS from the atomicorp repo. Install > seemed to go normally, although none of the usual installation questions > were asked with respect to the questions asked by /install.sh in the manual > (ie installation type, e-mail address, notifications, different engines, > etc.). Haven't found any instructions on how to do those configuration > steps post-install either. > > Anyways, I installed using the command > > yum install ossec-hids ossec-hids-server > > > Everything seemed normal. No error messages during the installation. > > After the installation, I attempted to start OSSEC-HIDS with the command > > /etc/init.d/ossec-hids start > > At this point I got an error "Command not found". > > I rebooted the server and was then able to run the command. At this point > I got the following errors: > > Starting ossec-hids (via systemctl): Job for ossec-hids.service failed > because the control process exited with error code. See "systemctl status > ossec-hids.service" and "journalctl -xe" for details. > [FAILED] > > > I then ran journalctl -xe and gotr the following output: > > -- Unit ossec-hids.service has begun starting up. > Apr 06 21:35:48 RHEL7HOST realmd[1698]: quitting realmd service after > timeout > Apr 06 21:35:48 RHEL7HOST realmd[1698]: stopping service > Apr 06 21:36:01 RHEL7HOST ossec-hids[2382]: Starting ossec-hids: [FAILED] > Apr 06 21:36:01 RHEL7HOST systemd[1]: ossec-hids.service: control process > exited, code=exited status=1 > Apr 06 21:36:01 RHEL7HOST systemd[1]: Failed to start SYSV: OSSEC-HIDS is > an Open Source Host-based Intrusion Detection System.. > -- Subject: Unit ossec-hids.service has failed > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit ossec-hids.service has failed. > -- > -- The result is failed. > Apr 06 21:36:01 RHEL7HOST systemd[1]: Unit ossec-hids.service entered > failed state. > Apr 06 21:36:01 RHEL7HOST systemd[1]: ossec-hids.service failed. > > I'm stumped. What I find really curious is the fact that realmd seems to > stop (and immediately restarts after the failed start). Any help > appreciated. > > > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Victor M. Fernandez-Castro IT Security Engineer Wazuh Inc. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.