Hi Blaine, I think your problem is unrelated to rootcheck. The error you mentioned only happens when ossec-analysisd can not connect to ossec-execd...
Can you make sure that ossec-execd is running (ps auwx |grep ossec)? If it is not, try to start it manually and see if it generates any errors. If it starts fine, just restart ossec and see if the problem persist... If that doesn't help, let us know and we will look deep into that :) Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 5/20/07, Blaine Aldridge <[EMAIL PROTECTED]> wrote: > > Hey all, > > I'm running OSSEC on a openvz based VPS and the rootcheck module > reports all sorts of hidden processes and such (as expected inside a > VPS). I've tried to disable the rootcheck module by with > > <rootcheck> > <disabled>yes</disabled> > </rootcheck> > > in the ossec.conf but when I start ossec via init.d I get the following > > ossec-rootcheck: Rootcheck disabled. Exiting. > ossec-syscheckd: Rootcheck module disabled. > > Everything seems to be fine... except with rootcheck disabled active > response no longer works. In the ossec.log file I see > > ossec-analysisd(1210): Queue '/queue/alerts/execq' not accessible: > 'Connection refused'. > ossec-analysisd(1301): Unable to connect to active response queue. > > Any suggestions are appreciated, > Blaine Aldridge >
