Did anyone faced the similar issue when installing the agent using binary package?
On Mon, Jul 26, 2010 at 12:09 PM, Devendra Agrawal < [email protected]> wrote: > It seems, if you try to install using a binary package (on systems with no > gcc), it expects ossec to be under /var/ossec directory even if you mention > install dierctory as something else. I dont know why and how to fix this > behaviour. > > > > > On Mon, Jul 26, 2010 at 10:51 AM, Devendra Agrawal < > [email protected]> wrote: > >> We changed the install directory to /opt/ossec >> >> 1- What kind of installation do you want (server, agent, local or help)? >> agent >> >> - Agent(client) installation chosen. >> >> 2- Setting up the installation environment. >> >> - Choose where to install the OSSEC HIDS [/var/ossec]: /opt/ossec >> >> - Installation will be made at /opt/ossec . >> >> 3- Configuring the OSSEC HIDS. >> >> 3.1- What's the IP Address of the OSSEC HIDS server?:X.X.X.X >> >> - Adding Server IP X.X.X.X >> >> 3.2- Do you want to run the integrity check daemon? (y/n) [y]: >> >> - Running syscheck (integrity check daemon). >> >> 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: >> >> - Running rootcheck (rootkit detection). >> >> 3.4 - Do you want to enable active response? (y/n) [y]: n >> >> - Active response disabled. >> >> 3.5- Setting the configuration to analyze the following logs: >> >> -- /var/log/messages >> >> -- /var/log/secure >> >> -- /var/log/maillog >> >> - If you want to monitor any other file, just change >> >> the ossec.conf and add a new localfile entry. >> >> Any questions about the configuration can be answered >> >> by visiting us online at >> *http://www.ossec.net* <http://www.ossec.net/> . >> >> >> >> --- Press ENTER to continue --- >> >> >> >> >> >> 5- Installing the system >> >> - Running the Makefile >> >> >> >> - System is Redhat Linux. >> >> - Init script modified to start OSSEC HIDS during boot. >> >> - Configuration finished properly. >> >> - To start OSSEC HIDS: >> >> /opt/ossec/bin/ossec-control start >> >> - To stop OSSEC HIDS: >> >> /opt/ossec/bin/ossec-control stop >> >> - The configuration can be viewed or modified at /opt/ossec/etc/ossec.conf >> >> >> >> Thanks for using the OSSEC HIDS. >> >> If you have any question, suggestion or if you find any bug, >> >> contact us at [email protected] or using our public maillist at >> >> [email protected] >> >> ( >> *http://www.ossec.net/main/support/* <http://www.ossec.net/main/support/>). >> >> More information can be found at >> *http://www.ossec.net* <http://www.ossec.net/> >> >> --- Press ENTER to finish (maybe more information below). --- >> >> >> >> >> >> - You first need to add this agent to the server so they >> >> can communicate with each other. When you have done so, >> >> you can run the 'manage_agents' tool to import the >> >> authentication key from the server. >> >> /opt/ossec/bin/manage_agents >> >> More information at: >> >> *http://www.ossec.net/en/manual.html#ma*<http://www.ossec.net/en/manual.html> >> >> >> >> >> >> #/opt/ossec/bin/manage_agents >> >> 2010/07/26 10:41:38 manage_agents(1209): ERROR: Unable to chroot to >> directory: '/var/ossec'. >> >> >> >> >> >> On Sun, Jul 25, 2010 at 12:10 AM, dan (ddp) <[email protected]> wrote: >> >>> On Sat, Jul 24, 2010 at 12:20 PM, Devendra Agrawal >>> <[email protected]> wrote: >>> > I chose /opt/ossec as install directory. Why would it expect /var/ossec >>> when >>> > there is no / var/ossec on this machine. Should try re-install? If yes, >>> plz >>> > let me know of unistall steps >>> > >>> > Thanks, >>> > >>> > Devendra >>> > >>> >>> rm -rf /opt/ossec >>> >>> When you initially compiled ossec, did you change ossec's directory to >>> /opt/ossec or did you leave it as /var/ossec? If you did not compile >>> ossec, the person that did probably left the directory as /var/ossec, >>> so that is where it should be installed. If you want it in /opt/ossec, >>> you will have to make sure it expects to be installed there. >>> >> >> >
