Hi Erik, Did you restart Apache after making the group changes? This is the only thing I can think of... OSSEC WUI only requires PHP 4 or above with Posix support...
Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 6/19/07, Erik Delfgaauw <[EMAIL PROTECTED]> wrote: > Hi Brad, > > Wish that was the case, both times I run the script as the apache user, one > time from command line, and one time through the web server, think > something might be wrong with my Apache / PHP configuration, but I can't > figure out what. "phpinfo" doesn't show anything strange. There are no > errors. I was thinking of environment settings, but there's nothing OSSEC > related in the environment of the apache user. > > Is there anything in addition that OSSEC requires, besides PHP? Does it need > any additional PHP modules or libraries? > > E. > > 2007/6/19, Brad Lhotsky < [EMAIL PROTECTED]>: > > > > Perhaps you're running them as different users and it's a permissions > > problem? > > > > Erik Delfgaauw wrote: > > > Hi folks, > > > > > > I have found out that when I do: > > > > > > apache@<host>:/var/www/website/ossec-wui> php index.php > f=i > > > > > > ...I get a correct output with an "Agent name" picklist containing all > > > the agents, plus the Integrity Check information displayed below. > > > > > > However, when I go to: > > > > > > http://<host>/ossec-wui/index.php?f=i > > > > > > ...I get an incorrect output with an empty "Agent name" picklist (or > > > merely containing ossec-server), and no Integrity Check information is > > > displayed. > > > > > > So, apparently OSSEC-WUI is working fine, but somehow it goes wrong > > > between Apache and PHP. > > > > > > We have tried PHP debugging, but apparently it's not that there are any > > > errors occuring, it is just not working properly ;-) > > > > > > Does anybody have any idea or hint on where to look regarding this > > > strange behavior? A PHP script that returns different information when > > > launched on the command line than when launched through Apache web > > > server, without returning errors? > > > > > > Thanks in advance ! > > > > > > E. > > > > > > > > > 2007/5/30, Erik Delfgaauw <[EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED] >>: > > > > > > Hi Daniel, > > > > > > Verified once more, the web user is apache, and it has definitely > > > access to the OSSEC-WUI tmp directory. > > > > > > In a different environment which IS working, in the OSSEC-WUI tmp > > > directory, I see a file called output-tmp-<some-id>.php, and this > > > file does not exist in the NOT working environment. > > > > > > How to proceed, where else can I look? Can it also be an Apache > > > setting that is causing the problem? > > > > > > E. > > > > > > 2007/5/28, Daniel Cid < [EMAIL PROTECTED] > > > <mailto: [EMAIL PROTECTED]>>: > > > > > > Hi Erik, > > > > > > Yes, I mean the ossec-wui tmp directory :) sorry for not being > > > specific. Also, > > > make sure to restart apache, otherwise the group permissions > > > will not apply. > > > > > > Let me know how it goes :) > > > > > > Thanks, > > > > > > Daniel > > > > > > On 5/27/07, Erik Delfgaauw < [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi Daniel, > > > > > > > > I guess you mean the OSSEC-WUI tmp directory right? Just to be > > > 100% sure, > > > > because there's also a /tmp and a /var/ossec/tmp. > > > > > > > > I will verify once more, gotta admit that it already makes me > > > feel stupid > > > > now, if this is the case ;-) > > > > > > > > Thanks, will get back to you this Tuesday ! > > > > > > > > E. > > > > > > > > 2007/5/27, Daniel Cid < [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED]>>: > > > > > Hi Erik, > > > > > > > > > > Can you make sure that your web server is really running as > > > user "www"? > > > > Probably > > > > > a ps auwx |grep http will show you that. It looks like to > > > me that > > > > > php can't write > > > > > to the tmp directory... > > > > > > > > > > daniel > > > > > > > > > > On 5/25/07, Erik Delfgaauw < [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > Hi Daniel, > > > > > > > > > > > > /var/ossec/queue/syscheck/ contains a bunch of files with > a > > > naming > > > > scheme > > > > > > like: > > > > > > > > > > > > (<host>) <ip>->syscheck > > > > > > .(<host>) <ip>->syscheck.cpt > > > > > > > > > > > > There is a couple for each agent, plus there's: > > > > > > > > > > > > syscheck > > > > > > .syscheck.cpt > > > > > > > > > > > > I have executed every single step from the OSSEC WUI > > > install guide, the > > > > only > > > > > > thing about permissions was regarding the ossec-wui/tmp/ > > > directory > > > > (chmod > > > > > > 770/chgrp www), there are no errors in the web server log, > > > and I have > > > > just > > > > > > found out that Stats isn't working too, and ONLY real time > > > search is > > > > > > working. > > > > > > > > > > > > So, very likely a permission problem :-) > > > > > > > > > > > > What OSSEC HIDS files / directories are required for the > > > OSSEC-WUI > > > > Integrity > > > > > > Check, Stats and Search functionality? > > > > > > > > > > > > Thanks, > > > > > > > > > > > > E. > > > > > > > > > > > > > > > > > > 2007/5/22, Daniel Cid < [EMAIL PROTECTED] > > > <mailto: [EMAIL PROTECTED]>>: > > > > > > > Hi Erik, > > > > > > > > > > > > > > We first need to determine where the problem is > (agent/server > > > > connection > > > > > > or at > > > > > > > the ui). > > > > > > > > > > > > > > -Did you follow all the steps from the installation > > > guide? If the > > > > > > > permissions are > > > > > > > wrong, it will not work properly. In addition to that, > > > did you add > > > > > > > your apache user > > > > > > > name to the ossec group and restarted apache? > > > > > > > > > > > > > > -Do you have any file at /var/ossec/queue/syscheck ? Can > > > you show what > > > > is > > > > > > > in there to us? > > > > > > > > > > > > > > -Is there any errors at the apache error log? At the > > > ossec log (both > > > > > > server > > > > > > > and agent side)? > > > > > > > > > > > > > > > > > > > > > With that information we can start troubleshooting :) > > > > > > > > > > > > > > thanks, > > > > > > > > > > > > > > -- > > > > > > > Daniel B. Cid > > > > > > > dcid ( at ) ossec.net <http://ossec.net> > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 5/11/07, Erik Delfgaauw < [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > > Hi folks, > > > > > > > > > > > > > > > > The Main screen of the OSSEC WUI shows "ossec-server" > > > plus 4 agents. > > > > The > > > > > > > > ossec-server is receiving information from the agents > > > correctly, > > > > BUT: > > > > > > > > > > > > > > > > The Integrity checking screen shows: > > > > > > > > > > > > > > > > "No integrity checking information available. > > > > > > > > Nothing reported as changed." > > > > > > > > > > > > > > > > The Agent name pick list only contains "ossec-server" > > > and clicking > > > > the > > > > > > Dump > > > > > > > > database button doesn't have any result but a quick > > > reload of the > > > > page. > > > > > > > > > > > > > > > > OSSEC ( 1.1) + WUI ( 0.2) are running on RHEL ES 4.4. > > > Port 1514 is > > > > > > reachable > > > > > > > > for the agents. > > > > > > > > > > > > > > > > Syscheckd is running on all agents. > > > > > > > > > > > > > > > > I'm very curious to what the problem can be, and > > > especially to what > > > > > > would be > > > > > > > > the best way to troubleshoot this. > > > > > > > > > > > > > > > > Many thanks in advance ! > > > > > > > > > > > > > > > > Erik > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Brad Lhotsky > <[EMAIL PROTECTED] > > > NCTS Computer Specialist Phone: > 410.558.8006 > > "Darkness is a state of mind, I can go where you would stumble." > > -Wolfsheim, 'Blind' > > > >
