Hi -
I've tried living with the syslogging that esx 4.1 does but the multiple lines
per event and does not provide any real value so I'm compiling the ossec agent
on Centos 5.8 to satisfy the libc.6.so requirement and it complies and installs
on the remote system successfully. However trying to run manage_agent I end up
with the error message:
manage_agents(1209): ERROR: Unable to chroot to directory: '/var/ossec'.
this is the destination I chose for OSSEC. The user and group ossec has been
created set as owner & group:
/var/ossec # ls -la
dr-xr-x--- 1 root ossec 512 Nov 12 14:41 .
drwxr-xr-x 1 root root 512 Nov 12 14:41 ..
drwx------ 1 ossec ossec 512 Nov 12 14:41 .ssh
dr-xr-x--- 1 root ossec 512 Nov 12 14:41 active-response
dr-xr-x--- 1 root ossec 512 Nov 12 18:22 agentless
dr-xr-x--- 1 root ossec 512 Nov 12 18:22 bin
dr-xr-x--- 1 root ossec 512 Nov 12 18:22 etc
drwxr-x--- 1 ossec ossec 512 Nov 12 14:41 logs
dr-xr-x--- 1 root ossec 512 Nov 12 14:41 queue
dr-xr-x--- 1 root ossec 512 Nov 12 18:22 var
I've tried completely changing the owner and group but it still fails.
permissions up the folder path look great
If I setup the client.keys manually by adding it into a temp system then
copying out the entry to the VM and attempt to run it I get:
2013/11/12 18:22:00 ossec-execd: INFO: Started (pid: 5933963).
2013/11/12 18:22:00 ossec-agentd(1209): ERROR: Unable to chroot to directory:
'/var/ossec'.
2013/11/12 18:22:04 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:04 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:10 ossec-logcollector(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:10 ossec-logcollector(1211): ERROR: Unable to access queue:
'/var/ossec/queue/ossec/queue'. Giving up..
2013/11/12 18:22:12 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:12 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:25 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2013/11/12 18:22:25 ossec-rootcheck(1211): ERROR: Unable to access queue:
'/var/ossec/queue/ossec/queue'. Giving up..
The agent was complied against this libc.6.so
GNU C Library stable release version 2.5, by Roland McGrath et al.
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.1.2 20080704 (Red Hat 4.1.2-52). <--
Compiled on a Linux 2.6.9 system on 2012-08-27.
Available extensions:
The C stubs add-on version 2.1.2.
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
GNU libio by Per Bothner
NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
RT using linux kernel aio
Thread-local storage support included.
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
The one from vmware is slightly different:
GNU C Library vmware release version 2.5, by Roland McGrath et al.
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.1.2 20070626 (Red Hat 4.1.2-14). <--
Compiled on a Linux 2.6.9 system on 2011-06-05.
Available extensions:
The C stubs add-on version 2.1.2.
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
GNU libio by Per Bothner
NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
RT using linux kernel aio
Thread-local storage support included.
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
Any help would be appreciated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
