On Tue, Dec 19, 2017 at 7:32 AM, chintan shah <[email protected]> wrote: > Hi guys , > > I am using ossec linux agent v 2.9.2 and saw that it is chrooting to > /var/ossec directory . We have the requirement for ossec to avoid chrooting > to this directory since it has dependency on multiiple files outside this > installation path . > > Is there any way to avoid ossec from chrooting to this directory ? I have > tried to modify agentd.c to avoid the daemon from chrooting the default > directory but somehow it is not connecting to the server and throws the > error : > > 2017/12/19 17:36:48 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2017/12/19 17:36:48 rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2017/12/19 17:36:56 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2017/12/19 17:36:56 rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > > Any way to overcome this ? >
We don't really support removing the chroot feature. During compilation you can configure it to chroot to another directory, but we don't actively test that. > Regards > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
