Hey all, I'm running OSSEC on a openvz based VPS and the rootcheck module reports all sorts of hidden processes and such (as expected inside a VPS). I've tried to disable the rootcheck module by with
<rootcheck> <disabled>yes</disabled> </rootcheck> in the ossec.conf but when I start ossec via init.d I get the following ossec-rootcheck: Rootcheck disabled. Exiting. ossec-syscheckd: Rootcheck module disabled. Everything seems to be fine... except with rootcheck disabled active response no longer works. In the ossec.log file I see ossec-analysisd(1210): Queue '/queue/alerts/execq' not accessible: 'Connection refused'. ossec-analysisd(1301): Unable to connect to active response queue. Any suggestions are appreciated, Blaine Aldridge
