Perhaps it's corrupted. Clear it out and restart the OSSEC processes.
On Mon, Jul 23, 2012 at 7:41 AM, Kashirin, Anton <[email protected]> wrote: > In /var/ossec/logs/ossec.log I have next: > > > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > 2012/07/23 15:37:28 ossec-analysisd: Invalid integrity message in the > database. > > > > > > Best regards, > > Anton Kashirin > > > > [root@SRVAP280 bin]# ll /var/ossec/ > > total 40 > > dr-xr-x---. 3 root ossec 4096 Jul 9 18:05 active-response > > dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 agentless > > dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 bin > > dr-xr-x---. 3 root ossec 4096 Jul 13 11:25 etc > > drwxr-x---. 5 ossec ossec 4096 Jul 9 18:05 logs > > drwxrwx---. 11 root ossec 4096 Jul 9 18:05 queue > > dr-xr-x---. 3 root ossec 4096 Jul 9 18:05 rules > > drwxr-x---. 5 ossec ossec 4096 Jul 9 18:09 stats > > dr-xr-x---. 2 root ossec 4096 Jul 9 18:05 tmp > > dr-xr-x---. 3 root ossec 4096 Jul 23 15:32 var > > > > > > > > From: [email protected] [mailto:[email protected]] On > Behalf Of Ivan Zenteno > > > Sent: Monday, July 23, 2012 2:51 PM > To: > [email protected] > Cc: [email protected] > > Subject: Re: [ossec-list] Permission denied in > /var/www/html/lib/os_lib_syscheck.php > > > > Ok but what about the folder? > > > > What is the perms of /var/ossec/queue/ ? > > > > --------------------------------- > > Sent from iPhone > > > > > On 23/07/2012, at 05:25 a.m., "dan (ddp)" <[email protected]> wrote: > > > On Jul 23, 2012 6:18 AM, "Kashirin, Anton" <[email protected]> wrote: >> >> 1. File is exist: >> >> [root@SRVAP280 bin]# ll /var/ossec/queue/syscheck/ >> >> total 1060 >> >> -rw-r-----. 1 ossec ossec 3230 Jul 16 19:08 (SRV008) >> 10.12.198.133->syscheck >> >> -rw-r-----. 1 ossec ossec 547440 Jul 21 20:17 (SRV008) >> 10.12.198.133->syscheck-registry >> >> -rw-r-----. 1 ossec ossec 0 Jul 13 12:53 (SRVAP295) >> 10.15.129.182->syscheck >> >> -rw-r-----. 1 ossec ossec 517713 Jul 20 05:53 (SRVAP295) >> 10.15.129.182->syscheck-registry >> >> -rw-r-----. 1 ossec ossec 196696 Jul 17 05:19 syscheck >> >> 2. cat /etc/group: >> >> … >> >> apache:x:48: >> >> ossec:x:500:apache >> >> 3. ls -la /var/www/html/lib/os_lib_syscheck.php >> >> -rwxr-xr-x. 1 apache apache 9442 Jul 9 17:39 >> /var/www/html/lib/os_lib_syscheck.php >> >> >> >> >> >> Best regards, >> >> Anton Kashirin >> >> > > Ok, step 1.5: are you using linux? If so, are you using selinix? If so, have > you checked those logs to make sure it's not blocking access? > >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of dan (ddp) >> Sent: Friday, July 20, 2012 5:19 PM >> To: [email protected] >> Subject: Re: [ossec-list] Permission denied in >> /var/www/html/lib/os_lib_syscheck.php >> >> >> >> I guess we should start slowly, kind of an "Introduction to >> Troubleshooting" sort of thing? If I need to provide the commands for you, >> let me know! >> >> >> >> First step in troubleshooting below. >> >> >> >> On Fri, Jul 20, 2012 at 4:08 AM, Anton Kashirin <[email protected]> >> wrote: >> >> > Hello! >> >> > Please help. >> >> > I recieve next notification: >> >> > >> >> > OSSEC HIDS Notification. >> >> > >> >> > 2012 Jul 20 12:05:50 >> >> > >> >> > >> >> > >> >> > Received From: SRVAP280->/var/log/httpd/error_log >> >> > >> >> > Rule: 31412 fired (level 5) -> "PHP internal error (missing file)." >> >> > >> >> > Portion of the log(s): >> >> > >> >> > [Fri Jul 20 12:05:50 2012] [error] [client 10.14.64.18] PHP Warning: >> >> > fopen(/var/ossec/queue/syscheck/(SRV008) >> > 10.12.198.133->syscheck-registry): >> >> > failed to open stream: Permission denied in >> >> >> >> Does this file exist? What are the permissions? >> >> >> >> > /var/www/html/lib/os_lib_syscheck.php on line 165, referer: >> >> > http://srvap280.rccf.ru/ >> >> > >> >> > >> >> > >> >> > --END OF NOTIFICATION >> >> > >> >> > >> >> > What about it and how I solve this issue? >> >> > >> >> > Thenks for help!
