Difference between revisions of "Ossec"
From Atomicorp Wiki
(New page: == Overview == OSSEC is a host based intrusion detection system, it performs numerous local security controls including log analysis, active-response to attacks (shunning), rootkit detec...) |
(→Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)) |
||
Line 1: | Line 1: | ||
− | |||
== Overview == | == Overview == | ||
Line 15: | Line 14: | ||
Step 1) Upgrade to a CVS snapshot (1.99 or higher) | Step 1) Upgrade to a CVS snapshot (1.99 or higher) | ||
− | yum --enablerepo=asl-2.0-testing upgrade | + | yum --enablerepo=asl-2.0-testing upgrade ossec-hids |
Step 2) Update ASL policy | Step 2) Update ASL policy | ||
Line 28: | Line 27: | ||
use database tortix; | use database tortix; | ||
− | Step 5) | + | Step 5) Create the new OSSEC database |
+ | mysql -u admin -p`cat /etc/psa/.psa.shadow` tortix < /var/ossec/etc/mysql/mysql.schema | ||
Step 6) restart ossec | Step 6) restart ossec | ||
/etc/init.d/ossec-hids restart | /etc/init.d/ossec-hids restart |
Revision as of 15:17, 30 January 2009
Overview
OSSEC is a host based intrusion detection system, it performs numerous local security controls including log analysis, active-response to attacks (shunning), rootkit detection, file integrity checks, and local security policy assessments. Just to name a few. You can read more about OSSEC here: http://www.ossec.net
Troubleshooting
Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
This is a known problem in versions of OSSEC 1.6.1 and lower. Currently to fix this an upgrade to a newer version is required:
Step 1) Upgrade to a CVS snapshot (1.99 or higher)
yum --enablerepo=asl-2.0-testing upgrade ossec-hids
Step 2) Update ASL policy
asl -s -f
Step 3) Drop the existing tortix database
mysql -u admin -p`cat /etc/psa/.psa.shadow` drop database tortix
Step 4) Create a new database, and select it
create database tortix; use database tortix;
Step 5) Create the new OSSEC database
mysql -u admin -p`cat /etc/psa/.psa.shadow` tortix < /var/ossec/etc/mysql/mysql.schema
Step 6) restart ossec
/etc/init.d/ossec-hids restart