Installation does not open port 1514/tcp in host Fedora Server 33

Support/Development for OSSEC
tchello2008br
New Forum User
New Forum User
Posts: 1
Joined: Fri Nov 05, 2021 3:16 pm

Installation does not open port 1514/tcp in host Fedora Server 33

Unread post by tchello2008br »

sudo systemctl status ossec-hids
● ossec-hids.service - SYSV: OSSEC-HIDS is an Open Source Host-based Intrusion Detection System.
Loaded: loaded (/etc/rc.d/init.d/ossec-hids; generated)
Active: active (running) since Fri 2021-11-05 14:26:19 -03; 1h 52min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 6 (limit: 4665)
Memory: 306.7M
CPU: 22min 29.717s
CGroup: /system.slice/ossec-hids.service
├─9163 /var/ossec/bin/ossec-maild -d
├─9167 /var/ossec/bin/ossec-execd -d
├─9171 /var/ossec/bin/ossec-analysisd -d
├─9175 /var/ossec/bin/ossec-logcollector -d
├─9187 /var/ossec/bin/ossec-syscheckd -d
└─9191 /var/ossec/bin/ossec-monitord -d

nov 05 14:26:16 fedora-bkp ossec-hids[9168]: 2021/11/05 14:26:16 ossec-analysisd: DEBUG: Read configuration ...
nov 05 14:26:16 fedora-bkp ossec-hids[9172]: 2021/11/05 14:26:16 ossec-logcollector: DEBUG: Starting ...
nov 05 14:26:16 fedora-bkp ossec-hids[9176]: 2021/11/05 14:26:16 ossec-remoted: DEBUG: Starting ...
nov 05 14:26:16 fedora-bkp ossec-hids[9182]: 2021/11/05 14:26:16 ossec-syscheckd: DEBUG: Starting ...
nov 05 14:26:16 fedora-bkp ossec-hids[9182]: 2021/11/05 14:26:16 rootcheck: DEBUG: Starting ...
nov 05 14:26:16 fedora-bkp ossec-hids[9182]: 2021/11/05 14:26:16 rootcheck: Starting queue ...
nov 05 14:26:17 fedora-bkp ossec-hids[9182]: 2021/11/05 14:26:17 ossec-syscheckd: INFO: (unix_domain) Maximum send buffer set to: '212992'.
nov 05 14:26:17 fedora-bkp ossec-hids[9188]: 2021/11/05 14:26:17 ossec-monitord: DEBUG: Starting ...
nov 05 14:26:19 fedora-bkp ossec-hids[9125]: [ OK ]
nov 05 14:26:19 fedora-bkp systemd[1]: Started SYSV: OSSEC-HIDS is an Open Source Host-based Intrusion Detection System..

Netstat Output:

Proto Recv-Q Send-Q Endereço Local Endereço Remoto Estado PID/Program name
tcp 0 0 127.0.0.1:8891 0.0.0.0:* OUÇA -
tcp 0 0 192.168.0.239:3306 0.0.0.0:* OUÇA -
tcp 0 0 0.0.0.0:5355 0.0.0.0:* OUÇA -
tcp 0 0 0.0.0.0:9101 0.0.0.0:* OUÇA -
tcp 0 0 0.0.0.0:9102 0.0.0.0:* OUÇA -
tcp 0 0 0.0.0.0:9103 0.0.0.0:* OUÇA -
tcp 0 0 127.0.0.53:53 0.0.0.0:* OUÇA -
tcp 0 0 0.0.0.0:22 0.0.0.0:* OUÇA -
tcp 0 48 192.168.0.239:52214 192.168.0.55:3260 ESTABELECIDA -
tcp 0 624 192.168.0.239:22 192.168.0.240:33842 ESTABELECIDA -
tcp6 0 0 :::443 :::* OUÇA -
tcp6 0 0 :::9090 :::* OUÇA -
tcp6 0 0 :::5355 :::* OUÇA -
tcp6 0 0 :::21 :::* OUÇA -
tcp6 0 0 :::22 :::* OUÇA -
tcp6 0 0 :::3000 :::* OUÇA -
tcp6 0 0 192.168.0.239:443 192.168.0.240:59644 TIME_WAIT -
tcp6 0 0 192.168.0.239:443 192.168.0.240:59646 TIME_WAIT -
tcp6 0 0 192.168.0.239:443 192.168.0.240:59642 TIME_WAIT -
tcp6 0 0 192.168.0.239:443 192.168.0.240:59638 TIME_WAIT -
udp 0 0 0.0.0.0:5355 0.0.0.0:* -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 127.0.0.1:323 0.0.0.0:* -
udp6 0 0 :::5355 :::* -
udp6 0 0 ::1:323 :::* -

Neither port 1514 and 514 e never agent connect
User avatar
cponton
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 61
Joined: Fri Oct 09, 2020 9:41 am

Re: Installation does not open port 1514/tcp in host Fedora Server 33

Unread post by cponton »

Go into /var/ossec/etc/ossec.conf and locate <remote> verify that port is set to 1514. If it is not, set the port. Also go to <auth> and set port to 1515. Save the changes and then restart the ossec-hids process
Post Reply