I am setting up an OSSEC server and 10 clients. The server is CentOS6 with OSSEC installed via yum install atomic. The clients are CentOS 5 or 6, also installed with Atomic. I have done a bit of scraping here to find a wide mix of how etc/shared should be set up. This has obviously changed some since the newer clients look different from the older ones. This morning all the clients suddenly stopped pushing alerts, and I found the following site: http://www.eth0.us/ossec-ar%20conf There does not seem to be much agreement on how these files (especially ar.conf) should be set, and various folks report very different permissions than I am seeing here. Changing ar.conf manually did appear to get the clients talking again, and the log errors about ar.conf went away. And the Atomic OSSEC may have bugs the latest tarball may not? Apparently there is a process somewhere that is supposed to police the file permissions on these files, but I'm not sure how an RPM install got them wrong in the first place.
ossec-hids-2.7-24.el6.art.x86_64 ossec-hids-server-2.7-24.el6.art.x86_64 Can anyone shed some light on this situation? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
