OSSEC - sudo
54 views
Skip to first unread message
Kumar G
Sep 15, 2016, 2:38:52 PM9/15/16
to ossec...@googlegroups.com
Hi team,
We are in the process of getting the sudo rules worked out for OSSEC environment. However there came up a question like if we can have the ossec user have read/write access on them.(eg: /var/ossec/rules, /var/ossec/etc - ossec accountshould have the write permission). Is it advisable to change the chmod permissions of files / folders under /var/ossec directory? Any one has the list of sudo commands required on the OSSEC server / agent t?
dan (ddp)
Sep 27, 2016, 8:33:44 AM9/27/16
to ossec...@googlegroups.com
On Thu, Sep 15, 2016 at 2:38 PM, Kumar G <mkg...@gmail.com> wrote:
> Hi team,
>
> We are in the process of getting the sudo rules worked out for OSSEC
> environment. However there came up a question like if we can have the ossec
> user have read/write access on them.(eg: /var/ossec/rules, /var/ossec/etc -
> ossec accountshould have the write permission). Is it advisable to change
> the chmod permissions of files / folders under /var/ossec directory?
>
I prefer to not let the ossec user have write permissions to anything
> Hi team,
>
> We are in the process of getting the sudo rules worked out for OSSEC
> environment. However there came up a question like if we can have the ossec
> user have read/write access on them.(eg: /var/ossec/rules, /var/ossec/etc -
> ossec accountshould have the write permission). Is it advisable to change
> the chmod permissions of files / folders under /var/ossec directory?
>
it doesn't need to write to.
There's no reason for the ossec user to write to the rules.
> Any one has the list of sudo commands required on the OSSEC server / agent
> t?
>
>
> Thanks
> Kumar
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Kumar G
Sep 27, 2016, 3:26:49 PM9/27/16
to ossec...@googlegroups.com
Hi Dan,
The main concern was we have to get the sudo command in place for maintaining ossec. With our setup the sudo commands started growing and increasing with any additional customizations. We are reluctant to change the permissions for files / directory, however checking if we are able to do them by any alternatives.
Thanks
Kumar
Victor Fernandez
Sep 30, 2016, 7:51:57 AM9/30/16
to ossec-list
Hi Kumar,
The ossec group is intended to access shared files and write only onto logs and queues, but not on settings and rules files. Nevertheless, if you need to write those files, it's more secure to create a new user and add it to the ossec group and give it the needed permissions that run maintenance scripts as root, IMHO.
So I'd make the following changes:
$ adduser <you user> ossec
If you need to modify the rules files:
$ chmod g+w /var/ossec/rules/*.xml
And/or, if you need to create or delete rules files:
$ chmod g+w /var/ossec/rules
Hope it helps.
Victor.
The ossec group is intended to access shared files and write only onto logs and queues, but not on settings and rules files. Nevertheless, if you need to write those files, it's more secure to create a new user and add it to the ossec group and give it the needed permissions that run maintenance scripts as root, IMHO.
So I'd make the following changes:
$ adduser <you user> ossec
If you need to modify the rules files:
$ chmod g+w /var/ossec/rules/*.xml
And/or, if you need to create or delete rules files:
$ chmod g+w /var/ossec/rules
Hope it helps.
Victor.
> email to ossec-list+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
Kumar G
Oct 5, 2016, 2:28:35 AM10/5/16
to ossec...@googlegroups.com
Thank you Victor/Dan. We tried these suggestion and implemented them on the systems. Looks good now with out list
Reply all
Reply to author
Forward
0 new messages