Can an updated ossec-hids be released urgently compiled for mysql support as now both my two servers are running without ossec-hids now
[/u]ASL 2.02 ossec-hids completely broken :( [[SOLVED]]
ASL 2.02 ossec-hids completely broken :( [[SOLVED]]
ASL 2.02 ossec-hids way broken. Its not compiled for mysql meaning ossec-hids now refuses to run. Rolled back to ASL 2 but this did nothing there is obviously some change 2.02 did to try to use mysql with ossec.
Can an updated ossec-hids be released urgently compiled for mysql support as now both my two servers are running without ossec-hids now[/u]
Can an updated ossec-hids be released urgently compiled for mysql support as now both my two servers are running without ossec-hids now
[/u]
I was kind of in the same boat - my suggestion, although maybe not the best is to update again, run asl -c to configure the mysql support with new configuration options, then asl -s -f -t.
Hopefully this will help you out, but check for credential issues in /var/ossec/logs/ossec.log every couple of seconds, it seems there are two seperate logins being stored somewhere for this database, maybe one that a typical asl -c doesn't update....
Let me know how it goes for you as I fought with it for a while myself.
Hopefully this will help you out, but check for credential issues in /var/ossec/logs/ossec.log every couple of seconds, it seems there are two seperate logins being stored somewhere for this database, maybe one that a typical asl -c doesn't update....
Let me know how it goes for you as I fought with it for a while myself.
Oh, gotcha, sorta. Yea, I'm having problems with CentOS 5 with the MySQL integration as well. But, from looking at the archives it appears our versions were published at right about the same time although I'm CentOS 5 and you're FC8...
It appears to me that MySQL is very much compiled into OSSec but I suppose I could be wrong. What makes me think this is all of the errors in osssec.log complaining of being unable to connect to the DB, along with this ossec-dbd daemon.
After struggling with ASL/MySQL for a while and disabling it in the ASL config, I'm back to text logs and such for the time being. I resolved one issue with borked up credentials, but I believe it's configured in more than one place.
It appears to me that MySQL is very much compiled into OSSec but I suppose I could be wrong. What makes me think this is all of the errors in osssec.log complaining of being unable to connect to the DB, along with this ossec-dbd daemon.
After struggling with ASL/MySQL for a while and disabling it in the ASL config, I'm back to text logs and such for the time being. I resolved one issue with borked up credentials, but I believe it's configured in more than one place.
I ended up:
yum remove ossec*
This gets rid off all the stuff.
Cleaned out /var/asl and var/ossec
Reinstalled but testing is off
Its running again.
But I need some files nothing I do creates them and it whines they don't exist:
/var/asl/rules/appinv/headers
/var/asl/rules/modsec/domain-blacklist.txt
infact the /var/asl/rules is as far as anything existed I had to create the sub dirs.
For now I created blank 0 byte files and that shuts it up!
Seems the package that is evil is the actual asl 2.02 in testing
yum remove ossec*
This gets rid off all the stuff.
Cleaned out /var/asl and var/ossec
Reinstalled but testing is off
Its running again.
But I need some files nothing I do creates them and it whines they don't exist:
/var/asl/rules/appinv/headers
/var/asl/rules/modsec/domain-blacklist.txt
infact the /var/asl/rules is as far as anything existed I had to create the sub dirs.
For now I created blank 0 byte files and that shuts it up!
Seems the package that is evil is the actual asl 2.02 in testing
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
If you're going to play with the -testing channel packages, what you want to do is:
yum --enablerepo=asl-2.0-testing update
asl -c
(follow dialog)
This part will create the DB, if you're using asl 2.0.2 you *HAVE* to do this. No exceptions. You can opt out of it at this point by saying "no" to mysql support. Either way you have to do it.
asl -s -f
This is what will change the settings in OSSEC and the web interface. Running this before you run asl -c will cause problems.
Last but not least, Fedora 8 and 9 aren't supported.
yum --enablerepo=asl-2.0-testing update
asl -c
(follow dialog)
This part will create the DB, if you're using asl 2.0.2 you *HAVE* to do this. No exceptions. You can opt out of it at this point by saying "no" to mysql support. Either way you have to do it.
asl -s -f
This is what will change the settings in OSSEC and the web interface. Running this before you run asl -c will cause problems.
Last but not least, Fedora 8 and 9 aren't supported.
