On Tue, May 18, 2010 at 4:44 AM, BOUTROUILLE PASCAL <[email protected]> wrote: > > Hello > > I have a problem with the installation of ossec. > > After the installation i have the message « No agent available. » > > I have read the forum but i dont find the solution. Here the problem : > > > /etc/init.d/ossec start > > Starting OSSEC HIDS v2.4.1 (by Trend Micro Inc.)... > > 2010/05/15 23:25:16 ossec-maild: INFO: E-Mail notification disabled. Clean > Exit. > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > Started ossec-logcollector... > > Started ossec-remoted... > > Started ossec-syscheckd... > > Started ossec-monitord... > > Completed. > > > > > > /var/ossec/bin/manage_agents > > **************************************** > > * OSSEC HIDS v2.4.1 Agent manager. * > > * The following options are available: * > > **************************************** > > (A)dd an agent (A). > > (E)xtract key for an agent (E). > > (L)ist already added agents (L). > > (R)emove an agent (R). > > (Q)uit. > > Choose your action: A,E,L,R or Q: L > > > > Available agents: > > ID: 001, Name: debiantest, IP: 10.135.12.45 > > ID: 002, Name: linux13, IP: 10.135.13.8 > > ID: 003, Name: windows1, IP: 10.135.12.23 > > ID: 004, Name: local, IP: 10.135.12.45 > > > > ** Press ENTER to return to the main menu. > > > > > > /var/ossec/bin/agent_control -lc > > OSSEC HIDS agent_control. List of available agents: > > ID: 000, Name: debiantest (server), IP: 127.0.0.1, Active/Local > > > > > > /var/ossec/bin/agent_control -r -a > > 2010/05/15 23:20:29 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not > accessible: 'Queue not found'. > > 2010/05/15 23:20:44 agent_control(1301): ERROR: Unable to connect to active > response queue. > > ** Unable to connect to remoted. > > > > /var/ossec/bin/list_agents -a > > ** No agent available. > > > > > > dr-xr-x--- 3 root ossec 4096 2010-05-03 05:18 active-response > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 agentless > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 bin > > dr-xr-x--- 3 root ossec 4096 2010-05-04 04:47 etc > > drwxr-x--- 5 ossec ossec 4096 2010-05-09 23:59 logs > > dr-xr-x--- 11 root ossec 4096 2010-05-03 05:18 queue > > dr-xr-x--- 5 root ossec 4096 2010-05-04 04:27 rules > > drwxr-x--- 5 ossec ossec 4096 2010-05-04 00:18 stats > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 tmp > > dr-xr-x--- 3 root ossec 4096 2010-05-10 00:37 var > > > > /etc/group : ossec:x:1002:www-data > > /etc/passwd : ossec:x:1001:1001::/var/ossec:/bin/false > > ossecm:x:1002:1001::/var/ossec:/bin/false > > ossecr:x:1003:1001::/var/ossec:/bin/false > > > > ps –ef : > > www-data 9796 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9799 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9802 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9804 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9807 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 10290 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > root 16867 1 0 23:25 ? 00:00:00 /var/ossec/bin/ossec-execd > > ossec 16871 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-analysisd > > root 16875 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-logcollector > > root 16884 1 2 23:25 ? 00:00:01 > /var/ossec/bin/ossec-syscheckd > > ossec 16888 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-monitord > > > > > > Thank you for your help
Shouldn't the ossec user be a member of the ossec group? What is gid 1001?
