On Thu, 14 Apr 2011 10:15:28 -0700 (PDT), sempai <[email protected]>
wrote:
Hello,
I'm in a position where it would be advantageous to run ossec-hids as
a server by an unprivileged user.
Has anyone already gone down this road before and written
documentation or shared their installation details?
OSSEC can be installed without root access but the install script would
likely fail. It needs to place an init script for startup, one file in
/etc and create the users and groups. Finally, it needs to create
/var/osssec. This can all be done manually, but someone obviously needs
to have some privileges to perform these steps.
OSSEC can be administered with someone who has sudo access to
impersonate/become the ossec user account. I tried this several years
ago. I recall that there was one daemon that failed to start because it
started as root and then dropped privileges. The situation may be
slightly different today since there have been a few more daemons added.
You can probably design a strategy around allowing someone to become the
ossec user then granting sudo root access to perform bin/ossec-control
stop|start|restart, or something along those lines.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
