3.6.0 local install ossec.conf unchanged

31 views
Skip to first unread message

John B Dougherty

unread,
Apr 19, 2021, 4:01:21 PMApr 19
to ossec-list
hello to all
I am not seeing what I expect when installing ossec-hids-3.6.0
- Local installation chosen.

/var/ossec/etc# ls -l
total 188
-rw-r----- 1 root ossec      0 Apr 18 23:13 client.keys
-rw-r----- 1 root ossec 152472 Apr 18 23:42 decoder.xml
-rw-r----- 1 root ossec   3306 Apr 18 23:42 internal_options.conf
-rw-r----- 1 root ossec   3306 Apr 18 23:13 internal_options.conf~
-rw-rw---- 1 root ossec    320 Feb 14  2020 local_internal_options.conf
-r--r----- 1 root ossec   2845 Apr 18 23:42 localtime
-rw-r----- 1 root root      90 Apr 18 23:42 ossec-init.conf
-rw-rw---- 1 root ossec   6500 Sep 14  2020 ossec.conf
-r--r----- 1 root ossec    715 Apr 18 23:42 resolv.conf
drwxrwx--- 2 root ossec   4096 Apr 18 23:42 shared

You can see I tried twice 

-rw-r----- 1 root ossec   3306 Apr 18 23:42 internal_options.conf
-rw-r----- 1 root ossec   3306 Apr 18 23:13 internal_options.conf~

so install.sh is writing to /var/ossec/etc (and to /etc/init.d)

I would think install.sh would be writing the configuration directives to 
/var/ossec/etc/ossec.conf

In all other respect the install.sh scripts sees to have worked, but of course no 
email_notification block in ossec.conf.

  <global>
    <email_notification>no</email_notification>
  </global>

Is this how it doesn't work for everybody?
Thanks!
Reply all
Reply to author
Forward
0 new messages