It seems, if you try to install using a binary package (on systems with no gcc), it expects ossec to be under /var/ossec directory even if you mention install dierctory as something else. I dont know why and how to fix this behaviour.
On Mon, Jul 26, 2010 at 10:51 AM, Devendra Agrawal < [email protected]> wrote: > We changed the install directory to /opt/ossec > > 1- What kind of installation do you want (server, agent, local or help)? > agent > > - Agent(client) installation chosen. > > 2- Setting up the installation environment. > > - Choose where to install the OSSEC HIDS [/var/ossec]: /opt/ossec > > - Installation will be made at /opt/ossec . > > 3- Configuring the OSSEC HIDS. > > 3.1- What's the IP Address of the OSSEC HIDS server?:X.X.X.X > > - Adding Server IP X.X.X.X > > 3.2- Do you want to run the integrity check daemon? (y/n) [y]: > > - Running syscheck (integrity check daemon). > > 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: > > - Running rootcheck (rootkit detection). > > 3.4 - Do you want to enable active response? (y/n) [y]: n > > - Active response disabled. > > 3.5- Setting the configuration to analyze the following logs: > > -- /var/log/messages > > -- /var/log/secure > > -- /var/log/maillog > > - If you want to monitor any other file, just change > > the ossec.conf and add a new localfile entry. > > Any questions about the configuration can be answered > > by visiting us online at > *http://www.ossec.net* <http://www.ossec.net/> . > > > > --- Press ENTER to continue --- > > > > > > 5- Installing the system > > - Running the Makefile > > > > - System is Redhat Linux. > > - Init script modified to start OSSEC HIDS during boot. > > - Configuration finished properly. > > - To start OSSEC HIDS: > > /opt/ossec/bin/ossec-control start > > - To stop OSSEC HIDS: > > /opt/ossec/bin/ossec-control stop > > - The configuration can be viewed or modified at /opt/ossec/etc/ossec.conf > > > > Thanks for using the OSSEC HIDS. > > If you have any question, suggestion or if you find any bug, > > contact us at [email protected] or using our public maillist at > > [email protected] > > ( > *http://www.ossec.net/main/support/* <http://www.ossec.net/main/support/>). > > More information can be found at > *http://www.ossec.net* <http://www.ossec.net/> > > --- Press ENTER to finish (maybe more information below). --- > > > > > > - You first need to add this agent to the server so they > > can communicate with each other. When you have done so, > > you can run the 'manage_agents' tool to import the > > authentication key from the server. > > /opt/ossec/bin/manage_agents > > More information at: > > *http://www.ossec.net/en/manual.html#ma*<http://www.ossec.net/en/manual.html> > > > > > > #/opt/ossec/bin/manage_agents > > 2010/07/26 10:41:38 manage_agents(1209): ERROR: Unable to chroot to > directory: '/var/ossec'. > > > > > > On Sun, Jul 25, 2010 at 12:10 AM, dan (ddp) <[email protected]> wrote: > >> On Sat, Jul 24, 2010 at 12:20 PM, Devendra Agrawal >> <[email protected]> wrote: >> > I chose /opt/ossec as install directory. Why would it expect /var/ossec >> when >> > there is no / var/ossec on this machine. Should try re-install? If yes, >> plz >> > let me know of unistall steps >> > >> > Thanks, >> > >> > Devendra >> > >> >> rm -rf /opt/ossec >> >> When you initially compiled ossec, did you change ossec's directory to >> /opt/ossec or did you leave it as /var/ossec? If you did not compile >> ossec, the person that did probably left the directory as /var/ossec, >> so that is where it should be installed. If you want it in /opt/ossec, >> you will have to make sure it expects to be installed there. >> > >
