Indeed I am. Specifically, here are the Atomic packages I installed: inotify-tools-3.11-1.el5.art.x86_64.rpm ossec-hids-2.4-1.el5.art.x86_64.rpm ossec-hids-client-2.4-1.el5.art.x86_64.rpm
Would be great to see your SPEC fix if you'd like to share. Otherwise I'll just build a new RPM from source. Thanks!! d. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jason 'XenoPhage' Frisvold Sent: Wednesday, August 18, 2010 4:25 PM To: [email protected] Subject: Re: [ossec-list] Detecting changes to running processes & ports -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 12, 2010, at 11:53 AM, David Porcello wrote: > Hi all, > > I'm running OSSEC client 2.4.1 on a handful of RedHat EL 5.5 servers and I'm > seeing the following behavior across the board: It appears that > client-logcollector and client-syscheckd aren't detected as running, and > therefore aren't stopped by ossec-control. If these daemons aren't killed, > multiple instances begin building up with each start or restart request, and > new agent.conf configs are prevented from loading. Are you, perchance, running the atomicturtle RPM version of ossec? Specifically version 2.4.1-4 ? If so, I think this is a bug in that RPM causing the problem.. I have a SPEC that fixes the problem if you want it, though it removes all of the atomicturtle specific stuff (rules, decoders, etc). > Found a couple related threads, but none with a resolution. Anyone else > seeing this? > > Thanks, > d. - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkxsQZ0ACgkQ8CjzPZyTUTSQWQCgmLRn3ZAjHP8eZqYvinCFZ4+d nqUAn0CoHOSjIEBoJAyuhxy4wYBXynSb =g6SA -----END PGP SIGNATURE----- NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists.
