On Oct 12, 2016 4:49 PM, "Kernel Panic" <netwarrior...@gmail.com> wrote:
>
> Hi there guys,
>
> When starting the agent I've get this info:
>
> Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify
time: 600 and max time to reconnect: 1800
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: '/root'.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: ''.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: ''.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: ''.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: ''.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: ''.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: '/etc'.
> 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory
given: '/bin'.
>
> 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''.
>
> This is what I configured:
>
> <!-- Directories to check  (perform all possible verifications) -->
>     <directories
check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories>
>     <directories realtime="yes"
check_all="yes">/root,/home,/etc</directories>

You have "/root" in both of the above entries.

>     <directories report_changes="yes"></directories>
>     <directories check_sum="yes"></directories>

Why do you have all of these empty entries? They're not checking anything,
I'm actually a little surprised they didn't cause more problems.

>     <directories check_size="yes"></directories>
>     <directories check_owner="yes"></directories>
>     <directories check_group="yes"></directories>
>     <directories check_perm="yes"></directories>
>
> Where is that data duplicated? I noticed that under the shared directory
there is an agent.conf which contains
>
>  <!-- Directories to check  (perform all possible verifications) -->
>     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
>     <directories check_all="yes">/bin,/sbin</directories>
>
> Is that configuration file taken into account? If I remove it it's
created once again.
>

Yes, that file also provides configuration. It's provided by the OSSEC
server.

> Thank you for your time and support
> Regards
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
"ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to