oddities with Centos 7

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

oddities with Centos 7

Unread post by faris »

I'm seeing an oddity with ASL in Centos 7, and I'm not sure how significant it may be.

Essentially, on system boot up, I get four email notifications from psmon, as follows:

************
1) Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0

Restarting ossec-hids (via systemctl): [ OK ]


2) Killed PID 2066 (ossec-dbd) because 2 instances exceeds limit of 1
(no content in email)


3) Killed PID 1992 (ossec-dbd) because 2 instances exceeds limit of 1
(no content in email)


4) Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0

Restarting ossec-hids (via systemctl): [ OK ]

***************

Are these duplicate ossec-dbd processes significant?

And are there plans to switch clamd, tortixd and ossec-dbd to systemd so that psmon won't be required?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: oddities with Centos 7

Unread post by faris »

Further to this, something is definitely not right under Centos 7. This is from /var/log/messages on boot:

Feb 21 11:29:22 ip160 psmon[1915]: Forking background daemon, process 1933.
Feb 21 11:29:22 ip160 psmon[1933]: Forking second background daemon, process 1934.
Feb 21 11:29:22 ip160 psmon: Starting psmon: [ OK ]
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: [ OK ]

Feb 21 11:29:27 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: cat: /var/ossec/var/start-script-lock/pid: No such file or directory

Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 1981 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 2075 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:31:27 ip160 ossec-hids: Shutting down ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 ossec-hids: Starting ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:41:31 ip160 clamd[1152]: SelfCheck: Database status OK.


Is /var/ossec/var/start-script-lock/pid a typo? Shouldn't it be /var/ossec/var/start-script-lock.pid instead?

[EDIT - not a typo:

From /var/ossec/bin/ossec-control
## Locking for the start/stop
LOCK="${DIR}/var/start-script-lock"
LOCK_PID="${LOCK}/pid"

Later there's a mkdir for LOCK and $$ is written to LOCK_PID so it looks OK.

]
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
MEDISinn
New Forum User
New Forum User
Posts: 1
Joined: Sat Apr 02, 2016 9:39 am
Location: Munich

Re: oddities with Centos 7

Unread post by MEDISinn »

Hello,

are there any updates on this?

I too have the same problems with my CentOS7 x64 installation...


Thanks a lot and best regards,

Christian
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: oddities with Centos 7

Unread post by faris »

Yes, I'm working with the guys to resolve this. I need to update the case to give them more details. Please hold on for a bit.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply