Hi Jimi, Can you run syscheck_control under gdb?
# gdb /var/ossec/bin/syscheck_control (gdb) set follow-fork-mode child (gdb) run -i 001 (gdb) bt And give us the output? I never had any issue with it, so I can't reproduce from here. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Oct 1, 2008 at 6:30 PM, Jimi Schwar <[EMAIL PROTECTED]> wrote: > > Thanks for the links, I had been wondering if there were tools like > these. However has anyone run into any trouble with syscheck_control > seg faulting on Fedora 9. > > Well, let me a bit more specific (ip addresses removed from info) > > The following command fails: > > [EMAIL PROTECTED] bin]# ./syscheck_control -i 001 > > Integrity changes for agent 'harp (001) - ': > Segmentation fault > > and ossec reports > > Oct 1 17:27:11 menace kernel: syscheck_contro[6818]: segfault at 8 ip > 6cc461 sp 7fff0b659380 error 4 in libc-2.8.so[62f000+162000] > > but the following works just fine > > [EMAIL PROTECTED] bin]# ./syscheck_control -i 001 -f ossec > > Integrity changes for agent 'harp (001) - 130.68.4.82': > Detailed information for entries matching: 'ossec' > > 2008 Oct 01 16:34:00,0 - /var/ossec/etc/ossec.conf > File added to the database. > Integrity checking values: > Size: 2428 > Perm: r--r----- > Uid: 0 > Gid: 504 > Md5: 9ce39facef5d9dd3a9379f82898ee14d > Sha1: 608a28d729ec7409f5ae8879fd49a12b7564dba1 > > 19974 Mar 25 07:32:03,0 - /var/ossec/etc/ossec.conf > File changed. - 1st time modified. > Integrity checking values: > Size: >3129 > Perm: r--r----- > Uid: 0 > Gid: 504 > Md5: >e3e41ddc592fe7fa26d4cd6604333e45 > Sha1: >3793141962eced5e0e783db4605a2615b6b1ce33 > > > Bryan Jacobs wrote: >> Yes sir... the following did the trick! >> >> /var/ossec/bin/agent_control -r -u 000 >> >> Thank You! >> >> On Sun, 2008-09-28 at 23:03 -0200, Rodrigo Montoro(Sp0oKeR) wrote: >>> Try >>> >>> >>> http://www.ossec.net/dcid/?p=130 >>> >>> http://www.ossec.net/dcid/?p=142 >>> >>> >>> >>> >>> Hope it helps! >>> >>> >>> Regards, >>> >>> >>> Rodrigo Montoro(Sp0oKeR) >>> >>> On Sun, Sep 28, 2008 at 7:21 AM, Byran Jacobs <[EMAIL PROTECTED]> >>> wrote: >>> >>> How do I manually invoke a system check? I have a few laptops >>> that >>> OSSEC is installed on and they do not get used all that often >>> but when >>> they do I usually run updates on them, do what I need to, and >>> shut them >>> down. I would like to manually run a system check after the >>> updates >>> have been installed/run so all alerts of changed files will be >>> processed >>> at the time the updates are run and not weeks/months later >>> when the >>> laptop(s) are turned back on and used. >>> >>> Thanks In Advance, >>> >>> BKJ >>> >>> >>> >>> ---------------------------------------------------- >>> Virus Free -- Scanned By MailSecurity >>> ---------------------------------------------------- >>> This email message is for the sole use of the intended >>> recipient(s) and may contain confidential and privileged >>> information. Any unauthorized review, use, disclosure or >>> distribution is prohibited. If you are not the intended >>> recipient, please contact the sender by reply email and >>> destroy all copies of the original message. Any views >>> expressed in this message are those of the author, except >>> where the sender specifically states them to be the views of >>> BBG, Inc. >>> >>> >>> >>> -- >>> =========================== >>> Rodrigo Montoro (Sp0oKeR) >>> Security Analyst >>> SnortCP / RHCE / LPIC-I / MCSO >>> http://www.spooker.com.br >>> http://www.snort.org.br >>> http://www.linkedin.com/in/spooker >>> =========================== >>> >> >> >> >> ---------------------------------------------------- >> Virus Free -- Scanned By MailSecurity >> ---------------------------------------------------- >> This email message is for the sole use of the intended recipient(s) and may >> contain confidential and privileged information. Any unauthorized review, >> use, disclosure or distribution is prohibited. If you are not the intended >> recipient, please contact the sender by reply email and destroy all copies >> of the original message. Any views expressed in this message are those of >> the author, except where the sender specifically states them to be the views >> of BBG, Inc. > >
