https://bitbucket.org/dcid/ossec-hids/changesets
On Wed, Aug 31, 2011 at 5:36 PM, David Cottle <[email protected]> wrote: > Hi Dan, > > It's been a few weeks any progress on the issue? > > Thanks. > > Sent from my iPad > > On 16/08/2011, at 10:36, "dan (ddp)" <[email protected]> wrote: > >> Atomic pointed out the issue on IRC. :) >> It hasn't been fixed yet, I'm not sure if Daniel Cid has a Centos 6 >> based system to test at the moment (I don't). >> Best I can offer is that it'll be fixed "soon," and the Atomic guys will >> know. >> >> On Mon, Aug 15, 2011 at 8:20 PM, David Cottle <[email protected]> wrote: >>> Thanks! So it is a known issue :) >>> >>> Is the latest nightly got it fixed? >>> >>> I can hassle atomic to rebuild it since it's broken. >>> >>> Do you have a bug number so I can send it to them as they said they can't >>> find any issue. >>> >>> Cheers, >>> >>> David >>> >>> Sent from my iPad >>> >>> On 16/08/2011, at 10:13, "dan (ddp)" <[email protected]> wrote: >>> >>>> On Mon, Aug 15, 2011 at 8:07 PM, David Cottle <[email protected]> >>>> wrote: >>>>> No, it's a Centos 6 i686 server. The ossec I am running is from the >>>>> atomic repo. >>>>> >>>> >>>> The reports I've seen are about Centos 6 + OSSEC 2.6. >>>> >>>>> What's strange my second server, a Centos 6 x86 64 bit does NOT do this >>>>> with the same package (obviously one is i686 other is x64) but same >>>>> versions. >>>>> >>>>> I checked selinux and even set enforcing 0 to test. But roll back the >>>>> package it does not happen on this i686 server. >>>>> >>>>> I suspect the package probably has a wrong permission or owner on a file, >>>>> that's why it's effected, >>>>> >>>>> What logs can I check? That line refers to some ossec-logtest being run, >>>>> so I suspect this. >>>>> >>>> >>>> Yes, line 209 runs ossec-logtest. You can comment out the line if you >>>> need to. It's not necessary (it just checks the configuration to make >>>> sure it isn't too broken). >>>> >>>> The problem's known, if nothing else. >>>> >>>>> Obviously with two servers and one working once I can find out what it >>>>> can be check the owners, etc and compare. >>>>> >>>>> Cheers, >>>>> David >>>>> >>>>> Sent from my iPad >>>>> >>>>> On 16/08/2011, at 9:59, "dan (ddp)" <[email protected]> wrote: >>>>> >>>>>> Is your system using upstart? That seems to be a problem for that line >>>>>> in the script. >>>>>> >>>>>> On Mon, Aug 15, 2011 at 7:42 PM, [email protected] >>>>>> <[email protected]> wrote: >>>>>>> This only happened last week when I updated ossec-hids: >>>>>>> >>>>>>> /var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe >>>>>>> >>>>>>> Any idea's how to debug it? >>>>>>> >>>>>>> If I yum downgrade ossec* it goes away, so something is wrong. >>>>> >>> >
