Hello Igor! I also installed OSSEC 2.9.3 by rpm packages on centos7, same as you (as described here: https://ossec.github.io/docs/manual/installation/installation-package.html#rpm-installation ).
I had the same problem, and it's caused because /etc/ and /bin/ appears on the check list on both configuration files: /var/ossec/etc/ossec.conf and /var/ossec/etc/shared/agent.conf. The first one, /var/ossec/etc/ossec.conf, is the agent's local configuration file. Meanwhile, /var/ossec/etc/shared/agent.conf is the centralized configuration file sent by the manager. When starting the agent, both files are merged, reading first ossec.conf and then agent.conf. If the same field appears on both files, it will be ending in a duplicate field in the final configuration file. So, the solution is to remove those fields in one of the files (it will depend on if you want to use centralized configuration in the manager or if you want to configure every agent individually). Best regards, Fran. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
