Re: [ossec-list] Permission denied in /var/www/html/lib/os_lib_syscheck.php

Tue, 24 Jul 2012 05:11:44 -0700 

On Tue, Jul 24, 2012 at 7:08 AM, Kashirin, Anton <[email protected]> wrote:
> Ок. But I still receive next notification every 1-2 minutes:
>

Ok what? What have you done? Why haven't you answered the questions I
asked? You're asking for help, but not accepting it. Many of us have
better things to do than try to force you to accept help.

>
>
> OSSEC HIDS Notification.
>
> 2012 Jul 24 12:17:11
>
>
>
> Received From: SRVAP280->/var/log/httpd/error_log
>
> Rule: 31412 fired (level 5) -> "PHP internal error (missing file)."
>
> Portion of the log(s):
>
>
>
> [Tue Jul 24 12:17:10 2012] [error] [client 10.14.64.18] PHP Warning:
> fopen(/var/ossec/queue/syscheck/(SRV008) 10.12.198.133->syscheck-registry):
> failed to open stream: Permission denied in
> /var/www/html/lib/os_lib_syscheck.php on line 165, referer:
> http://srvap280.rccf.ru/index.php
>
>
>
>
>
>
>
> --END OF NOTIFICATION
>
>
>
> Information for Tshoot:
>
>
>
> [root@SRVAP280 syscheck]# uname -a
>
> Linux SRVAP280.rccf.ru 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17 GMT
> 2010 i686 i686 i386 GNU/Linux
>
>
>
> [root@SRVAP280 ossec]# ll
>
> total 40
>
> dr-xr-x---.  3 root  ossec 4096 Jul  9 18:05 active-response
>
> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 agentless
>
> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 bin
>
> dr-xr-x---.  3 root  ossec 4096 Jul 13 11:25 etc
>
> drwxr-x---.  5 ossec ossec 4096 Jul  9 18:05 logs
>
> drwxrwx---. 11 root  ossec 4096 Jul  9 18:05 queue
>
> dr-xr-x---.  3 root  ossec 4096 Jul  9 18:05 rules
>
> drwxr-x---.  5 ossec ossec 4096 Jul  9 18:09 stats
>
> dr-xr-x---.  2 root  ossec 4096 Jul  9 18:05 tmp
>
> dr-xr-x---.  3 root  ossec 4096 Jul 23 15:43 var
>
>
>
> [root@SRVAP280 queue]# ll
>
> total 36
>
> drwxr-xr-x. 2 ossecr ossec 4096 Jul 13 12:30 agent-info
>
> drwxr-xr-x. 2 ossec  ossec 4096 Jul  9 18:05 agentless
>
> drwxrwx---. 2 ossec  ossec 4096 Jul 23 15:43 alerts
>
> drwxr-x---. 2 ossec  ossec 4096 Jul  9 18:05 diff
>
> drwxr-x---. 2 ossec  ossec 4096 Jul  9 18:09 fts
>
> drwxrwx---. 2 ossec  ossec 4096 Jul 23 15:43 ossec
>
> drwxr-xr-x. 2 ossecr ossec 4096 Jul 13 12:30 rids
>
> drwxr-x---. 2 ossec  ossec 4096 Jul 13 12:31 rootcheck
>
> drwxrwxrwx. 2 ossec  ossec 4096 Jul 24 14:04 syscheck
>
>
>
> [root@SRVAP280 syscheck]# ll
>
> total 384
>
> -rw-rw-rw-. 1 ossec ossec      0 Jul 23 15:45 (SRV008)
> 10.12.198.133->syscheck
>
> -rw-rw-rw-. 1 ossec ossec   1434 Jul 24 08:53 (SRV008)
> 10.12.198.133->syscheck-registry
>
> -rw-rw-rw-. 1 ossec ossec      0 Jul 23 15:45 (SRVAP295)
> 10.15.129.182->syscheck
>
> -rw-rw-rw-. 1 ossec ossec    131 Jul 24 10:51 (SRVAP295)
> 10.15.129.182->syscheck-registry
>
> -rw-rw-rw-. 1 ossec ossec 449938 Jul 23 15:52 syscheck
>
>
>
> [root@SRVAP280 etc]# cat /etc/group
>
> …
>
> apache:x:48:
>
> ossec:x:500:apache
>
>
>
> Please help me!
>
>
>
> Best regards,
>
> Anton Kashirin
>
>
>
>
>
>
>

Reply via email to