We changed the install directory to /opt/ossec 1- What kind of installation do you want (server, agent, local or help)? agent
- Agent(client) installation chosen. 2- Setting up the installation environment. - Choose where to install the OSSEC HIDS [/var/ossec]: /opt/ossec - Installation will be made at /opt/ossec . 3- Configuring the OSSEC HIDS. 3.1- What's the IP Address of the OSSEC HIDS server?:X.X.X.X - Adding Server IP X.X.X.X 3.2- Do you want to run the integrity check daemon? (y/n) [y]: - Running syscheck (integrity check daemon). 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: - Running rootcheck (rootkit detection). 3.4 - Do you want to enable active response? (y/n) [y]: n - Active response disabled. 3.5- Setting the configuration to analyze the following logs: -- /var/log/messages -- /var/log/secure -- /var/log/maillog - If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at *http://www.ossec.net* <http://www.ossec.net/> . --- Press ENTER to continue --- 5- Installing the system - Running the Makefile - System is Redhat Linux. - Init script modified to start OSSEC HIDS during boot. - Configuration finished properly. - To start OSSEC HIDS: /opt/ossec/bin/ossec-control start - To stop OSSEC HIDS: /opt/ossec/bin/ossec-control stop - The configuration can be viewed or modified at /opt/ossec/etc/ossec.conf Thanks for using the OSSEC HIDS. If you have any question, suggestion or if you find any bug, contact us at [email protected] or using our public maillist at [email protected] ( *http://www.ossec.net/main/support/* <http://www.ossec.net/main/support/>). More information can be found at *http://www.ossec.net*<http://www.ossec.net/> --- Press ENTER to finish (maybe more information below). --- - You first need to add this agent to the server so they can communicate with each other. When you have done so, you can run the 'manage_agents' tool to import the authentication key from the server. /opt/ossec/bin/manage_agents More information at: *http://www.ossec.net/en/manual.html#ma*<http://www.ossec.net/en/manual.html> #/opt/ossec/bin/manage_agents 2010/07/26 10:41:38 manage_agents(1209): ERROR: Unable to chroot to directory: '/var/ossec'. On Sun, Jul 25, 2010 at 12:10 AM, dan (ddp) <[email protected]> wrote: > On Sat, Jul 24, 2010 at 12:20 PM, Devendra Agrawal > <[email protected]> wrote: > > I chose /opt/ossec as install directory. Why would it expect /var/ossec > when > > there is no / var/ossec on this machine. Should try re-install? If yes, > plz > > let me know of unistall steps > > > > Thanks, > > > > Devendra > > > > rm -rf /opt/ossec > > When you initially compiled ossec, did you change ossec's directory to > /opt/ossec or did you leave it as /var/ossec? If you did not compile > ossec, the person that did probably left the directory as /var/ossec, > so that is where it should be installed. If you want it in /opt/ossec, > you will have to make sure it expects to be installed there. >
