Difference between revisions of "Ossec"

Revision as of 16:17, 30 January 2009

Overview

OSSEC is a host based intrusion detection system, it performs numerous local security controls including log analysis, active-response to attacks (shunning), rootkit detection, file integrity checks, and local security policy assessments. Just to name a few. You can read more about OSSEC here: http://www.ossec.net

Troubleshooting

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

This is a known problem in versions of OSSEC 1.6.1 and lower. Currently to fix this an upgrade to a newer version is required:

Step 1) Upgrade to a CVS snapshot (1.99 or higher)

 yum --enablerepo=asl-2.0-testing upgrade ossec-hids

Step 2) Update ASL policy

 asl -s -f

Step 3) Drop the existing tortix database

 mysql -u admin -p`cat /etc/psa/.psa.shadow`
 drop database tortix

Step 4) Create a new database, and select it

 create database tortix;
 use database tortix;

Step 5) Create the new OSSEC database

 mysql -u admin -p`cat /etc/psa/.psa.shadow` tortix < /var/ossec/etc/mysql/mysql.schema

Step 6) restart ossec

 /etc/init.d/ossec-hids restart

Difference between revisions of "Ossec"

Revision as of 16:17, 30 January 2009

Overview

Troubleshooting

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 1: / Line 1: @@
 == Overview ==
@@ Line 15: / Line 14: @@
 Step 1) Upgrade to a CVS snapshot (1.99 or higher)
-   yum --enablerepo=asl-2.0-testing upgrade
+   yum --enablerepo=asl-2.0-testing upgrade ossec-hids
 Step 2) Update ASL policy
@@ Line 28: / Line 27: @@
    use database tortix;
-Step 5) Copy & Paste the contents of /var/ossec/etc/mysql/mysql.schema into the terminal.
+Step 5) Create the new OSSEC database
+  mysql -u admin -p`cat /etc/psa/.psa.shadow` tortix < /var/ossec/etc/mysql/mysql.schema
 Step 6) restart ossec
    /etc/init.d/ossec-hids restart