Dear Dan, Another problem which is entirely of my own making and which may be causing issues is that I am installing it on a Slackware system so it is being done from the sources. I am making a package as I go along so that once it is finished it is easy to install. I don't know if it would be of interest once it is finished. I have made a package for MariaDB, and Analogi as well and am nearly finished the OSSec one. There are a couple of places where there are some things that are specific to me but I'll get rid of them in a couple of weeks. The installation process for each package is:
cd /
download or copy the file
tar xvpf thing.tar.gz
./install/doinst.sh
rm thing.tar.gz
And it is all running. Of course there is still the configuration of the rules
etc. to be done:-(
It probably isn't of interest but if it is please let me know. I only have
access to Slackware systems at the moment but I am pretty sure the three
packages are sufficiently generic that they would work on most reasonably
standard Linux systems.
Best wishes….
Colin
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of dan (ddp)
Sent: 24 November 2014 15:29
To: [email protected]
Subject: Re: [ossec-list] Agent.conf not being distributed
On Mon, Nov 24, 2014 at 10:22 AM, Colin Bruce <[email protected]> wrote:
> Dear Dan,
>
> It is version 2.8.1
>
> I did wonder what merged.mg was for but it seemed to be quite complex so I
> have ignored it until now. The files in the etc/shared directory are all
> owned by root and in group ossec except for one The all have 440 permissions
> except for merged.mg which was just 400 and strangely it is owned by ossecr.
> I changed it to 600 and a few moments later (after restarting the server as
> I heard that speeded things up a bit) the linux agent received a copy of the
> agent file.
>
Thanks for reporting back. I think the permissions are off in the installer for
things in etc/shared, but I haven't had a chance to look into it properly.
> Progress is being made and panic is receding.
>
> Once again, thanks for your help.
>
> Best wishes....
> Colin
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of dan (ddp)
> Sent: 24 November 2014 14:48
> To: [email protected]
> Subject: Re: [ossec-list] Agent.conf not being distributed
>
> On Mon, Nov 24, 2014 at 6:42 AM, Colin Bruce <[email protected]> wrote:
>>
>> How do I get agent.conf to download to agents?
>>
>>
>>
>> I've given up on the Windows one and so I am just trying the Linux agent.
>>
>>
>>
>> It is in /var/ossec/etc/shared.
>>
>> It is readable by everyone.
>>
>> I've restarted the server many many times
>>
>> I've restarted the agent many many times
>>
>> I've waited 8 hours.
>>
>>
>>
>> Nothing happens.
>>
>>
>
> What version of OSSEC?
> What are the owners/permissions of the files in /var/ossec/etc/shared on the
> agents?
> The file that gets transferred is merged.mg, so see if that file has been
> transferred. Maybe it's an unpacking issue instead of a transfer issue.
>
>>
>>
>>
>> Best wishes........
>>
>> Colin Bruce | Operations Manager
>>
>>
>>
>> 01785 336666
>>
>> 07920 263901
>>
>> [email protected]
>>
>> www.ctalk.co.uk
>>
>> ============================================
>> This communication contains information which is confidential and may also
>> be privileged. It is for the exclusive use of the intended recipient. If
>> you have received this communication in error, please notify the sender
>> immediately and then destroy any copies of it. Please note that any
>> distribution, copying or use of this communication or the information in it
>> is strictly prohibited. We can be contacted in writing at, Darwin House,
>> Staffordshire Technology Park, Stafford. ST18 0FX.
>>
>>
>>
>>
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
