# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
i will Try reimporting the key again And maybe try starting agentd with "-df" and if now will working i will try to reinstall agent and will come with output :) miercuri, 10 februarie 2016, 15:14:04 UTC+2, dan (ddpbsd) a scris: > > > On Feb 10, 2016 8:12 AM, "dan (ddp)" <[email protected] <javascript:>> > wrote: > > > > > > On Feb 10, 2016 7:51 AM, "Maxim Surdu" <[email protected] <javascript:>> > wrote: > > > > > > [root@mx2 ossec]# ll > > > total 16K > > > 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./ > > > 4.0K dr-xr-x--- 7 root ossec 4.0K Dec 30 09:32 ../ > > > 4.0K -rwxrwxrwx 1 ossec ossec 23 Feb 10 12:50 .agent_info* > > > 0 srw-rw---- 1 ossec ossec 0 Feb 10 14:27 queue= > > > 0 srwxrwxrwx 1 ossec ossec 0 Feb 10 12:18 queue_= > > > 4.0K -rwxrwxrwx 1 ossec ossec 1 Feb 10 12:03 .wait* > > > > > > > > > > You have working agents, I'm on a train. Compare those perms to a > working agent. > > Also Try reimporting the key again. > > > > And maybe try starting agentd with "-df" > > > > miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris: > > >> > > >> [root@mx2 bin]# ll > > >> total 2.4M > > >> 4.0K dr-xr-x--- 2 root ossec 4.0K Dec 30 09:32 ./ > > >> 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../ > > >> 192K -r-xr-x--- 1 root ossec 189K Dec 30 09:32 agent-auth* > > >> 268K -r-xr-x--- 1 root ossec 267K Dec 30 09:32 manage_agents* > > >> 540K -r-xr-x--- 1 root ossec 540K Dec 30 09:32 ossec-agentd* > > >> 8.0K -r-xr-x--- 1 root ossec 4.8K Oct 13 00:21 ossec-control* > > >> 116K -r-xr-x--- 1 root ossec 115K Dec 30 09:31 ossec-execd* > > >> 412K -r-xr-x--- 1 root ossec 411K Dec 30 09:32 ossec-logcollector* > > >> 216K -r-xr-x--- 1 root ossec 213K Dec 30 09:31 ossec-lua* > > >> 148K -r-xr-x--- 1 root ossec 145K Dec 30 09:31 ossec-luac* > > >> 536K -r-xr-x--- 1 root ossec 535K Dec 30 09:32 ossec-syscheckd* > > >> 8.0K -r-xr-x--- 1 root ossec 4.3K Oct 13 00:21 util.sh* > > >> > > >> > > >> miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris: > > >>> > > >>> > > >>> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote: > > >>> > > > >>> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log > > >>> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... > > >>> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... > > >>> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to > access queue: '/var/ossec/queue/ossec/queue'. Giving up.. > > >>> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. > > >>> > > > >>> > > > >>> > > >>> Check the permissions of the queue directory and files. > > >>> Check any selinux or similar logs. > > >>> Reinstall? > > >>> > > >>> > > > >>> > the same > > >>> > > > >>> > > > >>> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris: > > >>> >> > > >>> >> > > >>> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> wrote: > > >>> >> > > > >>> >> > Hi dear community, > > >>> >> > > > >>> >> > i install and configure about 10 agents > > >>> >> > > > >>> >> > but one of then after install client key did not start > > >>> >> > > > >>> >> > > > >>> >> > [root@mx2 bin]# ./ossec-control start > > >>> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... > > >>> >> > Started ossec-execd... > > >>> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600 > and max time to reconnect: 1800 > > >>> >> > Started ossec-agentd... > > >>> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ... > > >>> >> > Started ossec-logcollector... > > >>> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ... > > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration > [/var/ossec/etc/ossec.conf] > > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration > [/var/ossec/etc/ossec.conf] > > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... > > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... > > >>> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > >>> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to > access queue: '/var/ossec/queue/ossec/queue'. Giving up.. > > >>> >> > ossec-syscheckd did not start > > >>> >> > > > >>> >> > > > >>> >> > please any suggestions because this servers are very important > for monitoring logs. > > >>> >> > > > >>> >> > > >>> >> Check the ossec.log for more detailed log messages. > > >>> >> > > >>> >> > Many thanks, > > >>> >> > Maxim Surdu > > >>> >> > > > >>> >> > -- > > >>> >> > > > >>> >> > --- > > >>> >> > You received this message because you are subscribed to the > Google Groups "ossec-list" group. > > >>> >> > To unsubscribe from this group and stop receiving emails from > it, send an email to [email protected]. > > >>> >> > > >>> >> > For more options, visit https://groups.google.com/d/optout. > > >>> > > > >>> > -- > > >>> > > > >>> > --- > > >>> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > >>> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > > >>> > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > > > --- > > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
