Hi Victor, > There is a recent commit related to this issue: > https://github.com/ossec/ossec-hids/commit/8d16a383a280e301d8d3e6441cfc75482 > 222445e > > The thing is that the process ossec-agentd runs –and should run– as user > *ossec*. Those files should have *ossec* as owner and permissions 640, or, > *root* as owner and permissions 660. OSSEC will use the former combination > (probably in the next release), Wazuh has the last one.
Thanks for the clarifications. I did not find that commit but changed the owner of the files to ossec and it is good to know that this was the right approach. > Anyway, you can remove all files contained inside */var/ossec/etc/shared*, > the agent will restore them when connects to the manager, and they will get > the correct permissions. This did not come to my mind and probably would have been the fastest solution. Best, Tobias -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.