OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
[root@ossec src]# ./ossec-logcollector -ddddd -f
2022/05/11 17:04:04 ossec-logcollector: DEBUG: Starting ...
2022/05/11 17:04:04 ossec-logcollector(1905): INFO: No file configured to monitor.
2022/05/11 17:04:04 ossec-logcollector: DEBUG: Waiting main daemons to settle.
2022/05/11 17:04:10 ossec-logcollector: INFO: (unix_domain) Maximum send buffer set to: '212992'.
2022/05/11 17:04:10 ossec-logcollector: DEBUG: Entering LogCollectorStart().
2022/05/11 17:04:10 ossec-logcollector: INFO: Started (pid: 29980).
Segmentation fault (core dumped)
[root@ossec src]# gdb ./ossec-logcollector core.29980
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /root/tmp/ossec-hids/src/ossec-logcollector...done.
warning: core file may not match specified executable file.
[New LWP 29980]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./ossec-logcollector -ddddd -f'.
Program terminated with signal 11, Segmentation fault.
#0 __strncmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164
164 movdqu (%rdi), %xmm1
(gdb) bt
#0 __strncmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164
#1 0x0000000000407251 in LogCollectorStart () at logcollector/logcollector.c:292
#2 0x00000000004052ab in main (argc=3, argv=0x7ffc57232098) at logcollector/main.c:163
After trying to rename an agent (https://github.com/ossec/ossec-hids/blob/master/contrib/rename_agent.sh), logcollector is crashing all the time.
Any ideas what's going on anbd how to fix it?