Difference between revisions of "Ossec"
Line 6: | Line 6: | ||
== Announcements == | == Announcements == | ||
+ | |||
+ | [https://atomicrocketturtle.com/forum/viewtopic.php?f=8&t=2885 OSSEC 2.0 Final] Official 2.0 release has been published to the ASL-2.0 channel | ||
[http://atomicrocketturtle.com/forum/viewtopic.php?t=2812 OSSEC 2.0.0-0.090205 test build] this update addresses mysql issues mentioned in the troubleshooting section | [http://atomicrocketturtle.com/forum/viewtopic.php?t=2812 OSSEC 2.0.0-0.090205 test build] this update addresses mysql issues mentioned in the troubleshooting section | ||
+ | |||
== Troubleshooting == | == Troubleshooting == | ||
+ | |||
+ | |||
+ | == Error: Missing Dependency: libpq.so.3 is needed by package ossec-hids-server == | ||
+ | |||
+ | This occurs on CentOS4 systems using the CentOSPlus repository, and updating to OSSEC 2.0. It can be resolved with: | ||
+ | |||
+ | |||
+ | yum install postgresql-devel | ||
Revision as of 07:37, 28 February 2009
Contents |
Overview
OSSEC is a host based intrusion detection system, it performs numerous local security controls including log analysis, active-response to attacks (shunning), rootkit detection, file integrity checks, and local security policy assessments. Just to name a few. You can read more about OSSEC here: http://www.ossec.net
Announcements
OSSEC 2.0 Final Official 2.0 release has been published to the ASL-2.0 channel
OSSEC 2.0.0-0.090205 test build this update addresses mysql issues mentioned in the troubleshooting section
Troubleshooting
Error: Missing Dependency: libpq.so.3 is needed by package ossec-hids-server
This occurs on CentOS4 systems using the CentOSPlus repository, and updating to OSSEC 2.0. It can be resolved with:
yum install postgresql-devel
Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
This is a known problem in versions of OSSEC 1.6.1 and lower. Currently to fix this an upgrade to a newer version is required:
Step 1) Upgrade to a CVS snapshot (1.99 or higher)
yum --enablerepo=asl-2.0-testing upgrade ossec-hids
Step 2) Update ASL policy
asl -s -f
Step 3) Drop the existing tortix database
mysql -u admin -p`cat /etc/psa/.psa.shadow` drop database tortix;
Step 4) Create a new database, and select it
create database tortix; use tortix; quit
Step 5) Create the new OSSEC database
mysql -u admin -p`cat /etc/psa/.psa.shadow` tortix < /var/ossec/etc/mysql/mysql.schema
Step 6) restart ossec
/etc/init.d/ossec-hids restart