Getting SQLight Error upgrading from 3.2.4 to 3.5.0 CentOS6

[Robert H]

Hi,

I'm updating a manager from version 3.2.4 to 3.5.0 on CentOS 6.9  The install appears to run fine, but I'm getting a couple errors.  

One is this 

[root@wazuh-manager-base wazuh-3.5.0]# restartmanager

Stopping OSSEC:                                            [  OK  ]

Starting OSSEC (EL6): rm: cannot remove `/opt/<path>/ossec/tmp/ruleset': Is a directory

                                                           [FAILED]

The other is this

Error starting wazuh-clusterd: Error 2001 - Incompatible version of SQLite: 3.6.20

Try to export the internal SQLite library:

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/lib

wazuh-clusterd did not start correctly.

====

I have run these additional commands but they don't resolve them.  Is it safe to rm the /ossec/tmp/ruleset directory listed above?

[root@wazuh-manager-base wazuh-3.5.0]# source /opt/rh/python27/enable

[root@wazuh-manager-base wazuh-3.5.0]# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/<path>/ossec/framework/lib

But still get the same errors.  Can you help me resolve this?

Regards,

Robert

[Robert H]

After rebooting the server, I'm getting these errors.

[root@wazuh-manager-base prosoc]# /opt/<path>/ossec/bin/ossec-control start

Starting Wazuh v3.5.0 (maintained by Wazuh Inc.)...

rm: cannot remove `/opt/<path>/ossec/tmp/ruleset': Is a directory

Started ossec-csyslogd...

Started wazuh-db...

Started wazuh-modulesd...

Started ossec-execd...

Started ossec-analysisd...

Started ossec-syscheckd...

Started ossec-remoted...

Started ossec-logcollector...

Started ossec-monitord...

/opt/rh/python27/root/usr/bin/python: error while loading shared libraries: libpython2.7.so.1.0: cannot open shared object file: No such file or directory

wazuh-clusterd did not start correctly.

Regards,

Robert

[Robert H]

The file is on the system.

 find / -name libpython2.7.so.1.0

/opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0

After running this, 

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/rh/python27/root/usr/lib64:/opt/rh/python27/root/usr/lib

I get this error again

Error starting wazuh-clusterd: Error 2001 - Incompatible version of SQLite: 3.6.20

Try to export the internal SQLite library:

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/lib

wazuh-clusterd did not start correctly.

Thanks,

Robert

[Victor Fernandez]

Hi Robert,

This is a known issue in Wazuh v3.5: Wazuh requires SQLite library v3.7+ to deal with databases enabling write-ahead-logging. The Wazuh Core includes an embedded SQLite v3.19.2 and the Cluster (written in Python) can use both system or embedded SQLite library files. 

Unfortunately, CentOS 6 provides SQLite v3.6.20 so the Cluster must use the SQLite library included with Wazuh. There is a missing file in Wazuh v3.5 that prevents the Cluster from using such library. We must install an updated SQLite library into /var/ossec/framework/lib.

To make things easier, this hotfix will install the missing library:

curl https://packages.wazuh.com/deps/3.5/patch_api_libs.sh | bash -

Downloading library file from https://packages.wazuh.com/deps/3.5/libsqlite3.so.0
Creating target directory: /var/ossec/framework/lib
Installing file...
Done. Please check if everything is working.

This issue has been already patched in the latest Wazuh v3.6.1.

Hope it helps.

Best regards,

Victor M Fernandez-Castro 
IT Engineer — Wazuh, Inc.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0dd1ce28-af28-4877-85b7-a1ebe116a225%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Robert H]

Hi Victor,

Thanks so much for this information.  I will test it out today.  We're not able to upgrade to 3.6.x just yet, and must stay at 3.5.0 for some time.

Best regards,

Robert

[Robert H]

Hi Victor,

It seems to work very well.  Thanks again.  One final question, I think it's okay, but can you confirm it's okay to rm this directory in the /tmp folder?

[root@wazuh-manager-base prosoc]# restartmanager

Stopping OSSEC:                                            [  OK  ]

Starting OSSEC (EL6): rm: cannot remove `/opt/<path>/ossec/tmp/ruleset': Is a directory

                                                           [  OK  ]

[root@wazuh-manager-base prosoc]# managerstatus

wazuh-clusterd is running...

Regards,

Robert

[Pedro Sánchez]

Hi Robert,

It is safe to remove that directory, everything included in ./tmp is not required.

Actually, the error you have is generated every time you start or restart the Wazuh daemons cause the ossec-control script is removing tmp the folder.

Looks like it is using "rm -f" instead of "rm -rf" that's why it can not remove empty folders.

# Delete all files in temporary folder
TO_DELETE="$DIR/tmp/*"
rm -f $TO_DELETE

https://github.com/wazuh/wazuh/blob/master/src/init/ossec-server.sh#L290-L292

We will take a look into it, I think we should modify that rm sentence.

Best regards,

Pedro.

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/045dc538-d516-42e2-bdea-8366925cb4bd%40googlegroups.com.