Yes, the ossecr user (or ossec group) needs permission to read it.
thanks,
On Wed, Aug 22, 2012 at 1:00 PM, OSSEC junkie ossec.jun...@gmail.com wrote:
I am getting permission errors on client.keys:
2012/08/22 08:44:38 ossec-remoted(4111): INFO: Maximum number of
agents allowed: '3500'.
2012/08/22 08:44:38 ossec-remoted(1410): INFO: Reading authentication keys
file.
2012/08/22 08:44:38 ossec-remoted(1103): ERROR: Unable to open file
'/etc/client.keys'.
2012/08/22 08:44:38 ossec-remoted(1750): ERROR: No remote connection
configured. Exiting.
My configuration (permissions) for the file is:
root@wu-tang:/var/ossec/etc# ls -al
total 184
dr-xr-x--- 3 root ossec 4096 Aug 20 06:02 .
dr-xr-x--- 13 root ossec 4096 Aug 20 05:59 ..
-r--r- 1 root root 57369 Aug 20 06:22 client.keys
I assume it needs to be root:ossec but wanted to get final confirmation.
Can you let me know please?