I'm seeing an oddity with ASL in Centos 7, and I'm not sure how significant it may be.
Essentially, on system boot up, I get four email notifications from psmon, as follows:
************
1) Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0
Restarting ossec-hids (via systemctl): [ OK ]
2) Killed PID 2066 (ossec-dbd) because 2 instances exceeds limit of 1
(no content in email)
3) Killed PID 1992 (ossec-dbd) because 2 instances exceeds limit of 1
(no content in email)
4) Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0
Restarting ossec-hids (via systemctl): [ OK ]
***************
Are these duplicate ossec-dbd processes significant?
And are there plans to switch clamd, tortixd and ossec-dbd to systemd so that psmon won't be required?
oddities with Centos 7
oddities with Centos 7
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: oddities with Centos 7
Further to this, something is definitely not right under Centos 7. This is from /var/log/messages on boot:
Feb 21 11:29:22 ip160 psmon[1915]: Forking background daemon, process 1933.
Feb 21 11:29:22 ip160 psmon[1933]: Forking second background daemon, process 1934.
Feb 21 11:29:22 ip160 psmon: Starting psmon: [ OK ]
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: [ OK ]
Feb 21 11:29:27 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: cat: /var/ossec/var/start-script-lock/pid: No such file or directory
Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 1981 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 2075 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:31:27 ip160 ossec-hids: Shutting down ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 ossec-hids: Starting ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:41:31 ip160 clamd[1152]: SelfCheck: Database status OK.
Is /var/ossec/var/start-script-lock/pid a typo? Shouldn't it be /var/ossec/var/start-script-lock.pid instead?
[EDIT - not a typo:
From /var/ossec/bin/ossec-control
## Locking for the start/stop
LOCK="${DIR}/var/start-script-lock"
LOCK_PID="${LOCK}/pid"
Later there's a mkdir for LOCK and $$ is written to LOCK_PID so it looks OK.
]
Feb 21 11:29:22 ip160 psmon[1915]: Forking background daemon, process 1933.
Feb 21 11:29:22 ip160 psmon[1933]: Forking second background daemon, process 1934.
Feb 21 11:29:22 ip160 psmon: Starting psmon: [ OK ]
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: [ OK ]
Feb 21 11:29:27 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:29:27 ip160 ossec-hids: Starting ossec-hids: cat: /var/ossec/var/start-script-lock/pid: No such file or directory
Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 1981 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:30:27 ip160 psmon[1934]: Killed PID 2075 (ossec-dbd) because 2 instances exceeds limit of 1
Feb 21 11:31:27 ip160 ossec-hids: Shutting down ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 ossec-hids: Starting ossec-hids: [ OK ]
Feb 21 11:31:31 ip160 psmon[1934]: Spawned 'ossec-dbd' with '/sbin/service ossec-hids restart'
Feb 21 11:41:31 ip160 clamd[1152]: SelfCheck: Database status OK.
Is /var/ossec/var/start-script-lock/pid a typo? Shouldn't it be /var/ossec/var/start-script-lock.pid instead?
[EDIT - not a typo:
From /var/ossec/bin/ossec-control
## Locking for the start/stop
LOCK="${DIR}/var/start-script-lock"
LOCK_PID="${LOCK}/pid"
Later there's a mkdir for LOCK and $$ is written to LOCK_PID so it looks OK.
]
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: oddities with Centos 7
Hello,
are there any updates on this?
I too have the same problems with my CentOS7 x64 installation...
Thanks a lot and best regards,
Christian
are there any updates on this?
I too have the same problems with my CentOS7 x64 installation...
Thanks a lot and best regards,
Christian
Re: oddities with Centos 7
Yes, I'm working with the guys to resolve this. I need to update the case to give them more details. Please hold on for a bit.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>