Closed jrossi closed 10 years ago
jrossi
commented
10 years ago This was fixed in commit 8df2257
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2012-10-31 16:01:59+00:00, last updated: 2012-10-31 16:02:15+00:00
jrossi
commented
10 years ago a) Commit 8df2257 changed the permission to 0777 for queue/fts/fts-queue and ig-queue. It could work. b) zgzones's fix changed the group to 'ossec', but keep the permission 0660. It is better. c) I want to take it one step further, by chown to 'ossec:ossec', and keep permission at 0640. This is inline with release 2.6.
Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-10-31 21:48:13+00:00
Hi, the stronger file permissions can lead on a new system, that ossec does not start. The files queue/fts/fts-queue and ig-queue are not created at installation and so no permissions are set. On the first start ossec creates these files (i think logcollector or so) but with the permission ossec is running at (root:root). So analysisd (which runs at ossec:ossec) can not read these files. So these files should have an owner permission of root:ossec. I try to fix it in https://bitbucket.org/cgzones/ossec-hids/changeset/5d53d93686aee004f5eb0ac7bafd2ac2. Best regards
Note: This issue has been automatically migrated from Bitbucket Created by cgzones on 2012-10-30 18:39:37+00:00, last updated: 2012-10-31 22:53:31+00:00