I tried this again. This time, the link on the download page downloaded ossec-hids-2.1.1.tar.gz. Same results.
TM On Jul 2, 12:00 pm, tm <[email protected]> wrote: > I just downloaded ossec-hids-2.1.tar.gz and did an update on my OSSEC > 2.0 installation on a 32-bit SuSE host. It segfaults: > > lillooet:/var/ossec/bin # ./ossec-control start > Starting OSSEC HIDS v2.1 (by Trend Micro Inc.)... > 2009/07/02 11:50:12 ossec-syscheckd(1702): INFO: No directory provided > for syscheck to monitor. > ./ossec-control: line 197: 23391 Segmentation fault ${DIR}/bin/$ > {i} -t > ossec-syscheckd: Configuration error. Exiting > > Next steps? > > TM > > On Jun 30, 8:34 pm, louie <[email protected]> wrote: > > > > > Hi: > > > Yeah, it works. > > > After re-download the newest ossec-hids-2.1.tar.gz, seems fix my > > segfault problem > > > The two machine (one i386, one x86_64) ossec-syscheckd is running > > fine over 15 minutes > > > Thanks, daniel. > > > $ ls -l ossec-hids-2.1.tar.gz > > -rw-r--r-- 1 louie louie 711299 Jul 1 02:39 ossec-hids-2.1.tar.gz > > > DIRECTORY="/var/ossec" > > VERSION="v2.1" > > DATE="Wed Jul 1 11:17:38 CST 2009" > > TYPE="agent" > > > -- > > Louie July 01, 2009 11:19:22On Tue, Jun 30, 2009 at 12:48:06PM -0600, Md > > Monk wrote: > > > No segfault for me yet, and I've been running it for a bit over an hour. > > > > I am using the snapshot: ossec-hids-090630.tar.gz > > > > -Chuck (MdMonk) > > > > On Tue, Jun 30, 2009 at 11:59 AM, Koski, David <[email protected]> wrote: > > > > > I got a seg fault on the new one as well, I won't have a chance for at > > > > least a few hours to gdb it. > > > > > David > > > > > -----Original Message----- > > > > From: > > > > [email protected]<https://mail.google.com/mail?view=cm&tf=0&ui=1&to=ossec-l...@googlegr...>[mailto: > > > > [email protected]<https://mail.google.com/mail?view=cm&tf=0&ui=1&to=ossec-l...@googlegr...>] > > > > On Behalf Of louie > > > > Sent: Tuesday, June 30, 2009 1:28 PM > > > > To: > > > > [email protected]<https://mail.google.com/mail?view=cm&tf=0&ui=1&to=ossec-l...@googlegr...> > > > > Subject: [ossec-list] Re: OSSEC v2.1 released > > > > > Hi Daniel: > > > > > I re-download ossec-hids-2.1, but it segfault again > > > > > $ ls -ltr ossec-hids-2.1* > > > > -rw-r--r-- 1 louie louie 711257 Jul 1 00:18 ossec-hids-2.1.tar.gz > > > > > cat /etc/ossec-init.conf > > > > DIRECTORY="/var/ossec" > > > > VERSION="v2.1" > > > > DATE="Wed Jul 1 00:57:48 CST 2009" > > > > TYPE="agent" > > > > > root 6547 1 0 00:57 ? 00:00:00 > > > > /var/ossec/bin/ossec-execd > > > > ossec 6551 1 0 00:57 ? 00:00:00 > > > > /var/ossec/bin/ossec-agentd > > > > root 6555 1 0 00:57 ? 00:00:00 > > > > /var/ossec/bin/ossec-logcollector > > > > > the ossec-syschecked is gone > > > > > /var/log/message > > > > Jul 1 01:07:46 print kernel: [10258.274006] ossec-syscheckd[6559]: > > > > segfault at 0 ip 40448d sp 7fff8f484ab0 error 4 in > > > > ossec-syscheckd[400000+3b000] > > > > > and gdb's log the same with the ossec-hids-090630.tar.gz, where am I > > > > doing > > > > wrong? > > > > > # gdb /var/ossec/bin/ossec-syscheckd > > > > Tue Jun 30 23:48:34 CST 2009 > > > > GNU gdb 6.8-debian > > > > Copyright (C) 2008 Free Software Foundation, Inc. > > > > License GPLv3+: GNU GPL version 3 or later < > > > >http://gnu.org/licenses/gpl.html> > > > > This is free software: you are free to change and redistribute it. > > > > There is NO WARRANTY, to the extent permitted by law. ?Type "show > > > > copying" > > > > and "show warranty" for details. > > > > This GDB was configured as "x86_64-linux-gnu"... > > > > (gdb) set follow-fork-mode child > > > > (gdb) run > > > > Starting program: /var/ossec/bin/ossec-syscheckd Executing new program: > > > > /bin/bash (no debugging symbols found) (no debugging symbols found) > > > > [tcsetpgrp failed in terminal_inferior: No such process] (no debugging > > > > symbols found) (no debugging symbols found) (no debugging symbols found) > > > > Executing new program: /bin/ps (no debugging symbols found) (no > > > > debugging > > > > symbols found) (no debugging symbols found) (no debugging symbols found) > > > > > Program exited normally. > > > > > -- > > > > Louie July 01, 2009 01:10:11 > > > > > On Tue, Jun 30, 2009 at 01:46:23PM -0300, Daniel Cid wrote: > > > > > > Hi Louie, > > > > > > The log you sent is good. Means it is working now. I updated 2.1 with > > > > > the fix. If you had problems, please download it again: > > > > >http://www.ossec.net/main/downloads/ > > > > > > Thanks, > > > > > > -- > > > > > Daniel B. Cid > > > > > dcid ( at ) ossec.net > > > > > > On Tue, Jun 30, 2009 at 1:36 PM, > > > > > louie<[email protected]<https://mail.google.com/mail?view=cm&tf=0&ui=1&[email protected]>> > > > > wrote: > > > > > > Sorry, forgot the whole logs > > > > > > > # gdb /var/ossec/bin/ossec-syscheckd Tue Jun 30 23:48:34 CST 2009 > > > > > > GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. > > > > > > License GPLv3+: GNU GPL version 3 or later > > > > > > <http://gnu.org/licenses/gpl.html> > > > > > > This is free software: you are free to change and redistribute it. > > > > > > There is NO WARRANTY, to the extent permitted by law. ?Type "show > > > > copying" > > > > > > and "show warranty" for details. > > > > > > This GDB was configured as "x86_64-linux-gnu"... > > > > > > (gdb) set follow-fork-mode child > > > > > > (gdb) run > > > > > > Starting program: /var/ossec/bin/ossec-syscheckd Executing new > > > > > > program: /bin/bash (no debugging symbols found) (no debugging > > > > > > symbols found) [tcsetpgrp failed in terminal_inferior: No such > > > > > > process] (no debugging symbols found) (no debugging symbols found) > > > > > > (no debugging symbols found) Executing new program: /bin/ps (no > > > > > > debugging symbols found) (no debugging symbols found) (no debugging > > > > > > symbols found) (no debugging symbols found) > > > > > > > Program exited normally. > > > > > > > -- > > > > > > ? ? ? ? ? ? ? ? ? ? ?Louie July 01, 2009 ? 00:35:47 > > > > > > > On Wed, Jul 01, 2009 at 12:26:31AM +0800, louie wrote: > > > > > >> Hi, Daniel: > > > > > > >> Thanks for quick fix, but it segfault again on both one i386 and > > > > > >> one x86_64 machine > > > > > > >> cat /etc/ossec-init.conf > > > > > >> DIRECTORY="/var/ossec" > > > > > >> VERSION="2.0-SNP-090630" > > > > > >> DATE="Tue Jun 30 23:29:49 CST 2009" > > > > > >> TYPE="agent" > > > > > > >> # gdb /var/ossec/bin/ossec-syscheckd Tue Jun 30 23:48:34 CST 2009 > > > > > >> GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, > > > > > >> Inc. > > > > > >> License GPLv3+: GNU GPL version 3 or later > > > > > >> <http://gnu.org/licenses/gpl.html> > > > > > >> This is free software: you are free to change and redistribute it. > > > > > >> There is NO WARRANTY, to the extent permitted by law. ?Type "show > > > > copying" > > > > > >> and "show warranty" for details. > > > > > >> This GDB was configured as "x86_64-linux-gnu"... > > > > > >> (gdb) set follow-fork-mode child > > > > > >> (gdb) run > > > > > >> Starting program: /var/ossec/bin/ossec-syscheckd > > > > > > >> -- > > > > > >> ? ? ? ? ? ? ? ? ? ? ? Louie June 30, 2009 ? 23:49:21 > > > > > > >> On Tue, Jun 30, 2009 at 12:16:39PM -0300, Daniel Cid wrote: > > > > > > >> > Hey, > > > > > > >> > Thanks for the output. Can you try very quickly the latest > > > > > >> > snapshot: > > > > > > >> >http://ossec.net/files/snapshots/ossec-hids-090630.tar.gz > > > > > > >> > I think I got it fixed. > > > > > > >> > Thanks, > > > > > > >> > On Tue, Jun 30, 2009 at 12:01 PM, > > > > > >> > louie<[email protected]<https://mail.google.com/mail?view=cm&tf=0&ui=1&[email protected]>> > > > > wrote: > > > > > >> > > This maybe no a 64-bit issue, because I had a another 32 bit > > > > machine segfault too. > > > > > > >> > > This is a x86_64 machine > > > > > >> > > debian lenny 5.0.2 > > > > > >> > > kernel 2.6.26-2-amd64 > > > > > > >> > > gdb /var/ossec/bin/ossec-syscheckd GNU gdb 6.8-debian Copyright > > > > > >> > > (C) 2008 Free Software Foundation, Inc. > > > > > >> > > License GPLv3+: GNU GPL version 3 or later > > > > > >> > > <http://gnu.org/licenses/gpl.html> > > > > > >> > > This is free software: you are free to change and redistribute > > > > > >> > > it. > > > > > >> > > There is NO WARRANTY, to the extent permitted by law. ?Type > > > > > >> > > "show > > > > copying" > > > > > >> > > and "show warranty" for details. > > > > > >> > > This GDB was configured as "x86_64-linux-gnu"... > > > > > >> > > (gdb) set follow-fork-mode child > > > > > >> > > (gdb) run > > > > > >> > > Starting program: /var/ossec/bin/ossec-syscheckd > > > > > > >> > > Program received signal SIGSEGV, Segmentation fault. > > > > > >> > > [Switching to process 1989] > > > > > >> > > 0x000000000040414b in start_daemon () at run_check.c:278 > > > > > >> > > 278 ? ? ? ? if(syscheck.realtime->fd >= 0) > > > > > >> > > (gdb) bt > > > > > >> > > #0 ?0x000000000040414b in start_daemon () at run_check.c:278 > > > > > >> > > #1 ?0x0000000000402a98 in main (argc=1, argv=0x7fffe574afb8) at > > > > > >> > > syscheck.c:337 > > > > > > >> > > sorry, but I don't know where to use -d -d > > > > > > >> > > gdb -d /var/ossec/bin/ossec-syscheckd Tue Jun 30 23:00:09 CST > > > > > >> > > 2009 GNU gdb 6.8-debian Copyright (C) 2008 Free Software > > > > > >> > > Foundation, Inc. > > > > > >> > > License GPLv3+: GNU GPL version 3 or later > > > > > >> > > <http://gnu.org/licenses/gpl.html> > > > > > >> > > This is free software: you are free to change and redistribute > > > > > >> > > it. > > > > > >> > > There is NO WARRANTY, to the extent permitted by law. ?Type > > > > > >> > > "show > > > > copying" > > > > > >> > > and "show warranty" for details. > > > > > >> > > This GDB was configured as "x86_64-linux-gnu". > > > > > > >> > > warning: /var/ossec/bin/ossec-syscheckd is not a directory. > > > > > > >> > > gdb /var/ossec/bin/ossec-syscheckd -d Tue Jun 30 23:00:33 CST > > > > > >> > > 2009 > > > > > >> > > gdb: option `-d' requires an argument Use `gdb --help' for a > > > > > >> > > complete list of options. > > > > > > >> > > segfault happened within ten minutes > > > > > > >> > > -- > > > > > >> > > ? ? ? ? ? ? ? ? ? ? ?Louie June 30, 2009 ? > > ... > > read more »- Hide quoted text - > > - Show quoted text -
