[root@SRVAP280 bin]# ll /var/ossec/ total 40 dr-xr-x---. 3 root ossec 4096 Jul 9 18:05 active-response dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 agentless dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 bin dr-xr-x---. 3 root ossec 4096 Jul 13 11:25 etc drwxr-x---. 5 ossec ossec 4096 Jul 9 18:05 logs drwxrwx---. 11 root ossec 4096 Jul 9 18:05 queue dr-xr-x---. 3 root ossec 4096 Jul 9 18:05 rules drwxr-x---. 5 ossec ossec 4096 Jul 9 18:09 stats dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 tmp dr-xr-x---. 3 root ossec 4096 Jul 23 15:32 var
С уважением, Антон Каширин тел.:+7(495)783-46-00*11377 Департамент информационной безопасности КБ "Ренессанс Капитал" (ООО) From: [email protected] [mailto:[email protected]] On Behalf Of Ivan Zenteno Sent: Monday, July 23, 2012 2:51 PM To: [email protected] Cc: [email protected] Subject: Re: [ossec-list] Permission denied in /var/www/html/lib/os_lib_syscheck.php Ok but what about the folder? What is the perms of /var/ossec/queue/ ? --------------------------------- Sent from iPhone On 23/07/2012, at 05:25 a.m., "dan (ddp)" <[email protected]<mailto:[email protected]>> wrote: On Jul 23, 2012 6:18 AM, "Kashirin, Anton" <[email protected]<mailto:[email protected]>> wrote: > > 1. File is exist: > > [root@SRVAP280 bin]# ll /var/ossec/queue/syscheck/ > > total 1060 > > -rw-r-----. 1 ossec ossec 3230 Jul 16 19:08 (SRV008) 10.12.198.133->syscheck > > -rw-r-----. 1 ossec ossec 547440 Jul 21 20:17 (SRV008) > 10.12.198.133->syscheck-registry > > -rw-r-----. 1 ossec ossec 0 Jul 13 12:53 (SRVAP295) > 10.15.129.182->syscheck > > -rw-r-----. 1 ossec ossec 517713 Jul 20 05:53 (SRVAP295) > 10.15.129.182->syscheck-registry > > -rw-r-----. 1 ossec ossec 196696 Jul 17 05:19 syscheck > > 2. cat /etc/group: > > … > > apache:x:48: > > ossec:x:500:apache > > 3. ls -la /var/www/html/lib/os_lib_syscheck.php > > -rwxr-xr-x. 1 apache apache 9442 Jul 9 17:39 > /var/www/html/lib/os_lib_syscheck.php > > > > > > Best regards, > > Anton Kashirin > > Ok, step 1.5: are you using linux? If so, are you using selinix? If so, have you checked those logs to make sure it's not blocking access? > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] On > Behalf Of dan (ddp) > Sent: Friday, July 20, 2012 5:19 PM > To: [email protected]<mailto:[email protected]> > Subject: Re: [ossec-list] Permission denied in > /var/www/html/lib/os_lib_syscheck.php > > > > I guess we should start slowly, kind of an "Introduction to Troubleshooting" > sort of thing? If I need to provide the commands for you, let me know! > > > > First step in troubleshooting below. > > > > On Fri, Jul 20, 2012 at 4:08 AM, Anton Kashirin > <[email protected]<mailto:[email protected]>> wrote: > > > Hello! > > > Please help. > > > I recieve next notification: > > > > > > OSSEC HIDS Notification. > > > > > > 2012 Jul 20 12:05:50 > > > > > > > > > > > > Received From: SRVAP280->/var/log/httpd/error_log > > > > > > Rule: 31412 fired (level 5) -> "PHP internal error (missing file)." > > > > > > Portion of the log(s): > > > > > > [Fri Jul 20 12:05:50 2012] [error] [client 10.14.64.18] PHP Warning: > > > fopen(/var/ossec/queue/syscheck/(SRV008) 10.12.198.133->syscheck-registry): > > > failed to open stream: Permission denied in > > > > Does this file exist? What are the permissions? > > > > > /var/www/html/lib/os_lib_syscheck.php on line 165, referer: > > > http://srvap280.rccf.ru/ > > > > > > > > > > > > --END OF NOTIFICATION > > > > > > > > > What about it and how I solve this issue? > > > > > > Thenks for help!
