Updated to ossec-hids-2.7-32 broke ossec-hids

[biggles]

I just updated to ossec-hids-2.7-32.el6.art.x86_64 and then ossec refused to start. No errors in the log file, just these lines being repeated with each restart:

Code: Select all

tail -n 7  /var/ossec/logs/ossec.log
2013/10/16 09:27:31 ossec-testrule: INFO: Reading decoder file etc/decoder.xml.
2013/10/16 09:27:31 ossec-testrule: INFO: Reading decoder file etc/decoders.d/01-asl-decoder.xml.
2013/10/16 09:27:31 ossec-testrule: INFO: Reading decoder file etc/decoders.d/10-asl-drupal-decoder.xml.
2013/10/16 09:27:31 ossec-testrule: INFO: Reading decoder file etc/decoders.d/50-asl-exim-decoder.xml.
2013/10/16 09:27:31 ossec-testrule: INFO: Reading decoder file etc/decoders.d/50-asl-waf-decoder.xml.
2013/10/16 09:27:31 ossec-testrule: INFO: Started (pid: 16383).

I have now downgraded to ossec-hids-2.7-24.el6.art.x86_64 and everything is back to normal.

[scott]

You'll need to use ASL 4.0 from the -testing channel in order to be able to use ossec-2.7-32

[biggles]

Ok, thanks. Maybe ossec-hids 2.7 only should be published in testing channel as well?

[prupert]

Ok, thanks. Maybe ossec-hids 2.7 only should be published in testing channel as well?

The stable channel offers 2.7-24, which works fine with ASL 3.

[biggles]

Strange. I have not enabled the testing channel and still got the update.

edit: checked again. Now it has been removed. I guess someone read my post...

[mikeshinn]

It wasnt in the stable channel, is it possible you saw it in another channel?

[biggles]

No chance Lance

I was in the stable channel. I installed it and then it broke. I downgraded and everything worked. Then I run yum update again and the upgrade was offered again. The day after the upgrade was gone. True story...

[mikeshinn]

I'm positive it wasnt in the atomic stable channel, is it possible you got it from the nucleus channel? It is published there.

[biggles]

Nope, got it from the tortix channel.