OSSEC Managemet Agent error in windows "Unable to set permissions on new configuration file"
2,971 views
Skip to first unread message
Mercy Martinez
Jul 2, 2014, 8:52:49 AM7/2/14
to ossec...@googlegroups.com
Hi, I am newbie in Ossec and when I try to execute the managemet agent in windows I receive the error message "Unable to set permissions on new configuration file" .
The log error say:
ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
But if I run the command as the log suggests the error persists
Please help me!!!
The log error say:
ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
But if I run the command as the log suggests the error persists
Please help me!!!
LostInTheTubez
Jul 2, 2014, 8:16:48 PM7/2/14
to ossec...@googlegroups.com
Sounds like a UAC problem more than an OSSEC problem. Did you right-click and “Run as Administrator” when installing the agent and when running the agent config utility? When you ran the cacls command manually, did you run the command from an elevated command prompt? Check the permissions on the file (if it exists, which it probably won’t) and the containing directory. Verify Administrators do in fact have full control.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mercedes Martínez Galbán
Jul 7, 2014, 7:40:19 AM7/7/14
to ossec...@googlegroups.com
I was trying to install ossec agent in my windows 7 and when I
install my agent as administrator and then I run the program the
error persist. In windows xp pc's is the same but I probe install
ossec on a computer with windows 2003 server and may do so
without any problem.
In my ossec log in W7 or Xp I have the error:
2014/07/03 10:23:27 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
When I run the cacls command it is right but the file new-ossec.conf is created during the ossec execution and when I run calc this file doesn't exist yet.
I have administration permissions in the ossec container directory and I belong to administrators in my domain but this is the calc results in my W7:
C:\Archivos de programa\ossec-agent>cacls *.* /T /G Administradores:f
¿Está seguro (S/N)?s
directorio procesado: C:\Archivos de programa\ossec-agent\active-response
archivo procesado: C:\Archivos de programa\ossec-agent\add-localfile.exe
directorio procesado: C:\Archivos de programa\ossec-agent\bookmarks
archivo procesado: C:\Archivos de programa\ossec-agent\doc.html
archivo procesado: C:\Archivos de programa\ossec-agent\help.txt
archivo procesado: C:\Archivos de programa\ossec-agent\internal_options.conf
archivo procesado: C:\Archivos de programa\ossec-agent\LICENSE.txt
archivo procesado: C:\Archivos de programa\ossec-agent\local_internal_options
nf
archivo procesado: C:\Archivos de programa\ossec-agent\manage_agents.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-agent.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-lua.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-luac.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-rootcheck.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.conf
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.conf.bak
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.log
directorio procesado: C:\Archivos de programa\ossec-agent\rids
archivo procesado: C:\Archivos de programa\ossec-agent\setup-iis.exe
archivo procesado: C:\Archivos de programa\ossec-agent\setup-syscheck.exe
archivo procesado: C:\Archivos de programa\ossec-agent\setup-windows.exe
directorio procesado: C:\Archivos de programa\ossec-agent\shared
directorio procesado: C:\Archivos de programa\ossec-agent\syscheck
archivo procesado: C:\Archivos de programa\ossec-agent\uninstall.exe
archivo procesado: C:\Archivos de programa\ossec-agent\VERSION.txt
archivo procesado: C:\Archivos de programa\ossec-agent\vista_sec.csv
archivo procesado: C:\Archivos de programa\ossec-agent\win32ui.exe
Acceso denegado.
And this is the problem!!!!! although apparently have administrative rights on the ossec directory is not it really
Your help has been magnified because although I knew it was a problem of rights I was lost. Now I know what is the problem but I can't resolve anything in W7
My ossec in Windows server 2003 works very well. Please any suggestion?
Thanks, Please excuse my bad English, I hope you can understand me!!
In my ossec log in W7 or Xp I have the error:
2014/07/03 10:23:27 ossec-win32ui: INFO: Running the following command (C:\Windows\system32\cmd.exe /c echo y|cacls "new-ossec.conf" /T /G Administrators:f)
When I run the cacls command it is right but the file new-ossec.conf is created during the ossec execution and when I run calc this file doesn't exist yet.
I have administration permissions in the ossec container directory and I belong to administrators in my domain but this is the calc results in my W7:
C:\Archivos de programa\ossec-agent>cacls *.* /T /G Administradores:f
¿Está seguro (S/N)?s
directorio procesado: C:\Archivos de programa\ossec-agent\active-response
archivo procesado: C:\Archivos de programa\ossec-agent\add-localfile.exe
directorio procesado: C:\Archivos de programa\ossec-agent\bookmarks
archivo procesado: C:\Archivos de programa\ossec-agent\doc.html
archivo procesado: C:\Archivos de programa\ossec-agent\help.txt
archivo procesado: C:\Archivos de programa\ossec-agent\internal_options.conf
archivo procesado: C:\Archivos de programa\ossec-agent\LICENSE.txt
archivo procesado: C:\Archivos de programa\ossec-agent\local_internal_options
nf
archivo procesado: C:\Archivos de programa\ossec-agent\manage_agents.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-agent.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-lua.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-luac.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec-rootcheck.exe
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.conf
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.conf.bak
archivo procesado: C:\Archivos de programa\ossec-agent\ossec.log
directorio procesado: C:\Archivos de programa\ossec-agent\rids
archivo procesado: C:\Archivos de programa\ossec-agent\setup-iis.exe
archivo procesado: C:\Archivos de programa\ossec-agent\setup-syscheck.exe
archivo procesado: C:\Archivos de programa\ossec-agent\setup-windows.exe
directorio procesado: C:\Archivos de programa\ossec-agent\shared
directorio procesado: C:\Archivos de programa\ossec-agent\syscheck
archivo procesado: C:\Archivos de programa\ossec-agent\uninstall.exe
archivo procesado: C:\Archivos de programa\ossec-agent\VERSION.txt
archivo procesado: C:\Archivos de programa\ossec-agent\vista_sec.csv
archivo procesado: C:\Archivos de programa\ossec-agent\win32ui.exe
Acceso denegado.
And this is the problem!!!!! although apparently have administrative rights on the ossec directory is not it really
Your help has been magnified because although I knew it was a problem of rights I was lost. Now I know what is the problem but I can't resolve anything in W7
My ossec in Windows server 2003 works very well. Please any suggestion?
Thanks, Please excuse my bad English, I hope you can understand me!!
Mercedes Martínez Galbán
Jul 7, 2014, 7:40:21 AM7/7/14
to ossec...@googlegroups.com
Finally I can resolve my problem with ossec. I could install ossec
in xp station when I modify the clients.key file for the user .
Ossec works well in this way and then I copied the ossec directory
from de xp station to my windows 7 station.
When I modified the clients.key file for my own user I could run ossec in Windows 7.
That was the only way I could do it because although I had all the correct rights Ossec never get it to work on windows 7.
Thanks for your help
When I modified the clients.key file for my own user I could run ossec in Windows 7.
That was the only way I could do it because although I had all the correct rights Ossec never get it to work on windows 7.
Thanks for your help
El 02/07/2014 8:15 PM, LostInTheTubez
escribió:
ggra...@googlemail.com
Sep 11, 2014, 12:50:00 PM9/11/14
to ossec...@googlegroups.com
Hi Mercy,
I had exactly the same problem even though I've already done quite a few OSSEC installations. Because the agent systems differed a lot it took me a while to figure out the obvious; the command that gets written to the logfile is the command for the english version of Windows! But in german versions there is no such group like 'Administrators' as in german it is 'Administratoren'. Like presumably in Spanish 'Adminstradores' or something simliar. Looks like if the command fails the service won't be installed.
Since the code appears to be hardcoded in the executables I can't fix the problem at the roots. But I've created the group and added an administrative account I use to install OSSEC to that new 'Administrators' group and then the installation succeeded.
Might be a good idea to contact the programmers and point out that it its current version the program appears to run only on english Windows versions. Hopefully in newer version there will be support for other languages as well. The trick with the english group might not work if e.g. the non-interactive-confirmation 'y' is different in other languages.
Best regards
Guido Grassl
I had exactly the same problem even though I've already done quite a few OSSEC installations. Because the agent systems differed a lot it took me a while to figure out the obvious; the command that gets written to the logfile is the command for the english version of Windows! But in german versions there is no such group like 'Administrators' as in german it is 'Administratoren'. Like presumably in Spanish 'Adminstradores' or something simliar. Looks like if the command fails the service won't be installed.
Since the code appears to be hardcoded in the executables I can't fix the problem at the roots. But I've created the group and added an administrative account I use to install OSSEC to that new 'Administrators' group and then the installation succeeded.
Might be a good idea to contact the programmers and point out that it its current version the program appears to run only on english Windows versions. Hopefully in newer version there will be support for other languages as well. The trick with the english group might not work if e.g. the non-interactive-confirmation 'y' is different in other languages.
Best regards
Guido Grassl
Enrique García M.
Nov 22, 2014, 7:50:37 PM11/22/14
to ossec...@googlegroups.com
Thanks a lot, you save my day.
My operating system is in spanish, so creating the group in english was fine.
Also I think that will be another change required for future versions since the program uses CACLS and Windows 7 Pro says that this program is obsolete and must changed to ICACLS.
Thanks again.
Reply all
Reply to author
Forward
0 new messages