[ossec-list] Re: WebUI problems

Blot Nicolas Mon, 22 Jan 2007 05:25:31 -0800

Hi Rafael,


I just performed a test to see if there is anything in the error_log.

Whats curious is that even if I start apache with the u option, it seems
thath it is still in a jail.

 

[Mon Jan 22 12:02:59 2007] [notice] caught SIGTERM, shutting down

[Mon Jan 22 12:03:14 2007] [notice] Initializing etag from
/var/www/logs/etag-state

[Mon Jan 22 12:03:14 2007] [notice] chrooted in /var/www

[Mon Jan 22 12:03:14 2007] [notice] changed to uid 67, gid 67

[Mon Jan 22 12:03:14 2007] [notice] Apache/1.3.29 (Unix) PHP/5.1.4
mod_ssl/2.8.16 OpenSSL/0.9.7j configured -- resuming normal operations

[Mon Jan 22 12:03:14 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)

 

The access_log:

 

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET /ossec-wui/index.php?f=a
HTTP/1.1" 200 3277

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET /ossec-wui/css/cal.css
HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET /ossec-wui/js/calendar.js
HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET
/ossec-wui/js/calendar-en.js HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET
/ossec-wui/js/calendar-setup.js HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET /ossec-wui/js/hide.js
HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:49 +0100] "GET /ossec-wui/css/css.css
HTTP/1.1" 304 -

192.168.0.17 - - [22/Jan/2007:11:55:53 +0100] "GET /ossec-wui/index.php
HTTP/1.1" 200 2823

192.168.0.17 - - [22/Jan/2007:11:55:56 +0100] "GET /ossec-wui/index.php?f=s
HTTP/1.1" 200 1984

192.168.0.17 - - [22/Jan/2007:11:55:58 +0100] "GET /ossec-wui/index.php?f=t
HTTP/1.1" 200 2803

192.168.0.17 - - [22/Jan/2007:11:58:21 +0100] "GET /ossec-wui/index.php?f=s
HTTP/1.1" 200 1984

192.168.0.17 - - [22/Jan/2007:11:58:26 +0100] "GET /ossec-wui/index.php?f=t
HTTP/1.1" 200 2803

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET /ossec-wui/index.php?f=t
HTTP/1.1" 200 2803

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET /ossec-wui/css/cal.css
HTTP/1.1" 200 4830

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET /ossec-wui/js/calendar.js
HTTP/1.1" 200 49234

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET
/ossec-wui/js/calendar-en.js HTTP/1.1" 200 3600

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET
/ossec-wui/js/calendar-setup.js HTTP/1.1" 200 8850

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET /ossec-wui/js/hide.js
HTTP/1.1" 200 1163

192.168.0.17 - - [22/Jan/2007:12:03:39 +0100] "GET /ossec-wui/css/css.css
HTTP/1.1" 200 7339

192.168.0.17 - - [22/Jan/2007:12:03:45 +0100] "GET /ossec-wui/index.php
HTTP/1.1" 200 2823

192.168.0.17 - - [22/Jan/2007:12:03:52 +0100] "GET /ossec-wui/index.php?f=s
HTTP/1.1" 200 1984

 

I re-verified my ossec_conf.php, the installation directory is correct
/var/www/ossec

My etc/group seems to be well configured to ossec:*:1002:www

 

Thanks.

 

Nicolas

 

 

 

  _____  

De : [email protected] [mailto:[EMAIL PROTECTED] De la
part de Rafael Capovilla
Envoyé : lundi 22 janvier 2007 11:18
À : [email protected]
Objet : [ossec-list] Re: WebUI problems

 

Checkout the error_log of your apache, I'm pretty sure that will show us
some useful stuff :)

And always run your apache with "-u", doesn't matter if you installed ossec
in /var/www, it still access somethings out of the apache jail. 

2007/1/21, Blot Nicolas <[EMAIL PROTECTED]>:


The web server is chrooted, in /var/www that's why I installed ossec in
/var/www/ossec.
By default the Apache user is www if I'm right.
I edited the /etc/group and put the line: osse:*:1002:www

I think it's correct, but still the Unable to access ossec directory is
displayed...

Daniel, if you have an idea, it would be great.
I've tested by launching httpd with the -u option the problem is the same. 
I'm totally lost.

Many thanks for your help.

Regards,

Nicolas.

-----Message d'origine-----
De: [email protected] [mailto: [EMAIL PROTECTED] De la
part de Kayvan A. Sylvan
Envoyé: dimanche 21 janvier 2007 22:46
À: [email protected]  <mailto:[email protected]> 
Objet: [ossec-list] Re: WebUI problems


On Sun, Jan 21, 2007 at 06:26:50PM +0100, Blot Nicolas wrote:
>
> Here they are:
>
> # ls -l /var/www/ossec
> total 36
> dr-xr-x---  3 root   ossec   512 Jan 21 02:13 active-response 
[...]
> dr-xr-x---  3 root   ossec   512 Jan 21 02:22 var

If your web server user is indeed in the ossec group (and you are not
running
SELinux) then it should work.

Unless your web server is running in a chroot() jail. I don't know enough 
about your particular OS to say for certain.

                        ---Kayvan
--
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena 
(8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)




-- 
Certified LPIC -1
http://under-linux.org/

Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

[ossec-list] Re: WebUI problems

Reply via email to