Thanks! I'd appreciate the help :) On Tuesday, November 1, 2016 at 8:27:43 PM UTC, dan (ddpbsd) wrote: > > On Nov 1, 2016 2:12 PM, "Eponymous -" <[email protected] <javascript:>> > wrote: > > > > Just after I posted that message I had an idea to check the permissions > again and it looks like they were wrong. > > > > The permissions on the FreeBSD install are all messed up completely. > I've had to change so many manually and this was another I'd missed. > > > > So far I have the processes running as default like this (user - > command): > > > > root /usr/local/ossec-hids/bin/ossec-execd > > ossec /usr/local/ossec-hids/bin/ossec-agentd > > root /usr/local/ossec-hids/bin/ossec-logcollector > > root /usr/local/ossec-hids/bin/ossec-syscheckd > > > > All the directories are set to root:ossec (root owner) and rwxr-wr-x. > > > > This is why agentd complained as it only had r-x access to > /usr/local/ossec-hids/var/run. > > > > I also had to change /usr/local/ossec-hids/etc/shared, > /usr/local/ossec-hids/queue/ossec and /usr/local/ossec-hids/queue/rids to > be owned by the ossec user. > > > > I've no idea how this installer managed to mess this up. > > > > Just for reference, what should the permissions for the processes and > chroot directory look like? > > > > The users for the processes look correct, but I don't know the permissions > off hand. I'll try to look them up later. > > > Thanks! > > > > > > On Tuesday, November 1, 2016 at 6:03:31 PM UTC, dan (ddpbsd) wrote: > >> > >> On Tue, Nov 1, 2016 at 1:53 PM, dan (ddp) <[email protected]> wrote: > >> > On Tue, Nov 1, 2016 at 1:49 PM, Eponymous - <[email protected]> > wrote: > >> >>>> To a process chrooted to /usr/local/ossec-hids, /var/run and > >> >>>> /usr/local/ossec-hids/var/run are the same thing. The process' > root > >> >>>> directory (/) is now /usr/local/ossec-hids. So > /usr/local/ossec-hids/var/run > >> >>>> looks like /var/run to that process. > >> >> > >> >> That is very true. > >> >> > >> >> Hmm, so why is it I get the error: ossec-agentd(1103): ERROR: Unable > to open > >> >> file '/var/run/.syscheck_run' > >> >> when I run without any command line options but then the error > disappears > >> >> when I specify "-D /usr/local/ossec-hids"? The two instances should > result > >> >> in the same behaviour? > >> >> > >> > > >> > No idea, I haven't looked at FreeBSD's port. Perhaps they have it > >> > configured to chroot to a directory that doesn't contain var/run? > >> > >> It's possible that this line > >> ( > https://svnweb.freebsd.org/ports/head/security/ossec-hids-server/Makefile?revision=413754&view=markup#l87) > > > >> @${ECHO} "DIR=\"${STAGEDIR}${PREFIX}/${PORTNAME}\"" > > ${WRKSRC}/src/LOCATION > >> in the port Makefile configures the chroot directory incorrectly. > >> > >> You can try `strings /var/ossec/bin/ossec-agentd | grep ossec` to see > >> if it gives you any clues as to what directory is expected. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
