Hi All, I installed the beta 1 of 2.7.1 on a new server and noticed that ossec-dbd is not shut down from ossec-control stop or restart.
I compiled with mysql database support. Enabled the database (ossec-control enable database) and restarted ossec. I than had to make another change in the source, recompiled und updated again. At the end of install.sh I got the error: make[1]: Leaving directory `/root/ossec-hids-2.7.1-beta-1/src/os_auth' Killing ossec-monitord .. Killing ossec-logcollector .. Killing ossec-syscheckd .. Killing ossec-analysisd .. Killing ossec-maild .. Killing ossec-execd .. ossec-dbd not running .. OSSEC HIDS v2.7.1-beta-1 Stopped cp: reguläre Datei „/var/ossec/bin/ossec-dbd“ kann nicht angelegt werden: Das Programm kann nicht ausgeführt oder verändert werden (busy) Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)... Started ossec-dbd... Started ossec-maild... 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 60 (for #1) 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 120 (for #2) 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 1440 (for #3) Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-syscheckd... Started ossec-monitord... Completed. I than checked and found three ossec_dbd processes running. That's why the cp was not possible. I stopped ossec and killed the remaining ossec-dbd processes. I then cleaned my /var/ossec/bin/.process_list file to only contain DB_DAEMON=ossec-dbd and started ossec again. Here is what it says: root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/ insgesamt 0 root@server:~/ossec-hids-2.7.1-beta-1# /var/ossec/bin/ossec-control start Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)... Started ossec-dbd... Started ossec-maild... 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 60 (for #1) 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 120 (for #2) 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 1440 (for #3) Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-syscheckd... Started ossec-monitord... Completed. root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/ insgesamt 24 -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-analysisd-20823.pid -rw-r----- 1 root ossec 6 Jun 30 12:37 ossec-execd-20819.pid -rw-r----- 1 root root 6 Jun 30 12:37 ossec-logcollector-20827.pid -rw-r----- 1 ossecm ossec 6 Jun 30 12:37 ossec-maild-20814.pid -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-monitord-20834.pid -rw-r----- 1 root root 6 Jun 30 12:37 ossec-syscheckd-20831.pid root@server:~/ossec-hids-2.7.1-beta-1# ps aux | grep ossec root 20810 0.0 0.3 44700 1680 ? S 12:37 0:00 /var/ossec/bin/ossec-dbd ossecm 20814 0.0 0.1 12644 604 ? S 12:37 0:00 /var/ossec/bin/ossec-maild root 20819 0.0 0.0 12512 504 ? S 12:37 0:00 /var/ossec/bin/ossec-execd ossec 20823 0.1 0.4 14356 2428 ? S 12:37 0:00 /var/ossec/bin/ossec-analysisd root 20827 0.0 0.1 4284 580 ? S 12:37 0:00 /var/ossec/bin/ossec-logcollector root 20831 1.8 0.1 4556 724 ? S 12:37 0:02 /var/ossec/bin/ossec-syscheckd ossec 20834 0.0 0.1 12772 592 ? S 12:37 0:00 /var/ossec/bin/ossec-monitord root 20906 0.0 0.1 11724 916 pts/0 S+ 12:40 0:00 grep ossec ossec.log does not contain any further insight, only some of these (that I fix soon) ossec-dbd(5202): ERROR: Error connecting to database '127.0.0.1'(ossecdb): ERROR: Access denied for user 'ossec'@'localhost' to database 'ossecdb'. To me it seems that ossec-dbd forgets to place a pid file in var/run/. I did a quick search in the source code but couldn't find the right spot. I'm on Debian 7 64bit. Regards Christian -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
