On Aug 26, 2010, at 12:56 PM, Scott R. Shinn wrote: > If you could send me your changes I can get those added into the main > package too.
I've attached my spec file so you can check it out. NOTE: I removed all of the atomicturtle specific stuff as I don't use it at this point.. I was purely interested in OSSEC itself. I'm up for feedback, though.. :)
ossec-hids.spec
Description: Binary data
> -Scott > > On Thu, 2010-08-26 at 11:41 -0400, David Porcello wrote: >> Indeed I am. Specifically, here are the Atomic packages I installed: >> >> inotify-tools-3.11-1.el5.art.x86_64.rpm >> ossec-hids-2.4-1.el5.art.x86_64.rpm >> ossec-hids-client-2.4-1.el5.art.x86_64.rpm >> >> Would be great to see your SPEC fix if you'd like to share. Otherwise I'll >> just build a new RPM from source. >> >> Thanks!! >> d. >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Jason 'XenoPhage' Frisvold >> Sent: Wednesday, August 18, 2010 4:25 PM >> To: [email protected] >> Subject: Re: [ossec-list] Detecting changes to running processes & ports >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Aug 12, 2010, at 11:53 AM, David Porcello wrote: >>> Hi all, >>> >>> I'm running OSSEC client 2.4.1 on a handful of RedHat EL 5.5 servers and >>> I'm seeing the following behavior across the board: It appears that >>> client-logcollector and client-syscheckd aren't detected as running, and >>> therefore aren't stopped by ossec-control. If these daemons aren't killed, >>> multiple instances begin building up with each start or restart request, >>> and new agent.conf configs are prevented from loading. >> >> Are you, perchance, running the atomicturtle RPM version of ossec? >> Specifically version 2.4.1-4 ? If so, I think this is a bug in that RPM >> causing the problem.. I have a SPEC that fixes the problem if you want it, >> though it removes all of the atomicturtle specific stuff (rules, decoders, >> etc). >> >>> Found a couple related threads, but none with a resolution. Anyone else >>> seeing this? >>> >>> Thanks, >>> d. >> >> - --------------------------- >> Jason 'XenoPhage' Frisvold >> [email protected] >> - --------------------------- >> "Any sufficiently advanced magic is indistinguishable from technology." >> - - Niven's Inverse of Clarke's Third Law >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.14 (Darwin) >> >> iEYEARECAAYFAkxsQZ0ACgkQ8CjzPZyTUTSQWQCgmLRn3ZAjHP8eZqYvinCFZ4+d >> nqUAn0CoHOSjIEBoJAyuhxy4wYBXynSb >> =g6SA >> -----END PGP SIGNATURE----- >> >> NOTICE: The information contained in this e-mail and any attachments is >> intended solely for the recipient(s) named above, and may be confidential >> and legally privileged. If you received this e-mail in error, please notify >> the sender immediately by return e-mail and delete the original message and >> any copy of it from your computer system. If you are not the intended >> recipient, you are hereby notified that any review, disclosure, >> retransmission, dissemination, distribution, copying, or other use of this >> e-mail, or any of its contents, is strictly prohibited. >> >> Although this e-mail and any attachments are believed to be free of any >> virus or other defects, it is the responsibility of the recipient to ensure >> that it is virus-free and no responsibility is accepted by the sender for >> any loss or damage arising if such a virus or defect exists. > > --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law
PGP.sig
Description: This is a digitally signed message part
