3.6.0 local install ossec.conf unchanged

[John B Dougherty]

hello to all

I am not seeing what I expect when installing ossec-hids-3.6.0

- Local installation chosen.

/var/ossec/etc# ls -l

total 188

-rw-r----- 1 root ossec      0 Apr 18 23:13 client.keys

-rw-r----- 1 root ossec 152472 Apr 18 23:42 decoder.xml

-rw-r----- 1 root ossec   3306 Apr 18 23:42 internal_options.conf

-rw-r----- 1 root ossec   3306 Apr 18 23:13 internal_options.conf~

-rw-rw---- 1 root ossec    320 Feb 14  2020 local_internal_options.conf

-r--r----- 1 root ossec   2845 Apr 18 23:42 localtime

-rw-r----- 1 root root      90 Apr 18 23:42 ossec-init.conf

-rw-rw---- 1 root ossec   6500 Sep 14  2020 ossec.conf

-r--r----- 1 root ossec    715 Apr 18 23:42 resolv.conf

drwxrwx--- 2 root ossec   4096 Apr 18 23:42 shared

You can see I tried twice 

-rw-r----- 1 root ossec   3306 Apr 18 23:42 internal_options.conf

-rw-r----- 1 root ossec   3306 Apr 18 23:13 internal_options.conf~

so install.sh is writing to /var/ossec/etc (and to /etc/init.d)

I would think install.sh would be writing the configuration directives to 

/var/ossec/etc/ossec.conf

In all other respect the install.sh scripts sees to have worked, but of course no 

email_notification block in ossec.conf.

  <global>

    <email_notification>no</email_notification>

  </global>

Is this how it doesn't work for everybody?

Thanks!

[Jose Luis Fernandez Aguilera]

Hello,

When you use install.sh it will keeps local_internal_options.conf and ossec.conf files in order to maintain your previously made configuration.
The default global section in 3.6.0 ossec-hids-server contains the block you mentioned.