host-deny.sh locked
134 views
Skip to first unread message
Leo Feyer
Nov 14, 2014, 4:42:59 AM11/14/14
to ossec...@googlegroups.com
Hi,
I am using the latest OSSEC on an Ubuntu 14.04 server. There is something wrong with the host-deny.sh script, because it keeps getting locked:
Unable to execute. Locked: /var/ossec/active-response/bin/host-deny.sh
I have read the code at https://github.com/ossec/ossec-hids/blob/master/active-response/host-deny.sh#L63 but I am not able to figure out why this is.
Can someone please advise?
Cheers
Leo
dan (ddp)
Nov 17, 2014, 7:55:58 AM11/17/14
to ossec...@googlegroups.com
you're trying to update quicker than the updates can happen?
> Cheers
> Leo
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Leo Feyer
Nov 18, 2014, 9:06:04 AM11/18/14
to ossec...@googlegroups.com
I don't think this is the reason. Here's the command line output:
/var/ossec/active-response/bin/host-deny.sh: 114: /var/ossec/active-response/bin/host-deny.sh: TMP_FILE: not found
/var/ossec/active-response/bin/host-deny.sh: 117: /var/ossec/active-response/bin/host-deny.sh: TMP_FILE: not found
/var/ossec/active-response/bin/host-deny.sh: 123: /var/ossec/active-response/bin/host-deny.sh: cannot create : Directory nonexistentDoes this look familiar to anyone?
Doug Burks
Nov 18, 2014, 9:20:12 AM11/18/14
to ossec...@googlegroups.com
Hi Leo,
Could you be experiencing the symptom described here?
http://www.ossec.net/?p=1135#comment-555
Also see:
https://github.com/ossec/ossec-hids/pull/315
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Could you be experiencing the symptom described here?
http://www.ossec.net/?p=1135#comment-555
Also see:
https://github.com/ossec/ossec-hids/pull/315
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Leo Feyer
Nov 19, 2014, 5:15:01 AM11/19/14
to ossec...@googlegroups.com
Hi Doug,
that's exactly it! Thanks a bunch for pointing me to the pull request. I have applied the changes and now it works again :)
Thank you for your help.
Cheers
Leo
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/jdngrV_XMCU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages