no properly formatted SHA256 checksum lines found
55 views
Skip to first unread message
karthik s
Dec 11, 2019, 6:14:39 AM12/11/19
to ossec-list
Hello Team,
When I try to run below command, i'm getting this error. Could someone help me ASAP.
ubuntu@ip-x-x-x-x:~$ cat ossec-hids-2.8.3.tar.gz.sha256
SHA256 (ossec-hids-2.8.3.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd
ubuntu@ip-x-x-x-x:~$ sha256sum -c ossec-hids-2.8.3.tar.gz.sha256 ossec-hids-2.8.3.tar.gz
ossec-hids-2.8.3.tar.gz: OK
sha256sum: ossec-hids-2.8.3.tar.gz: no properly formatted SHA256 checksum lines found
ubuntu@ip-x-x-x-x:~$
Thanks and Regards,
Karthik
Natassia S
Dec 11, 2019, 10:32:48 AM12/11/19
to ossec...@googlegroups.com
Correction, I just noticed that you used the -c option and got the same error as you did. I normally run sha256sum without any flags.
Natassia
On Wed, Dec 11, 2019 at 7:27 AM Natassia S <ste...@uw.edu> wrote:
I'm not sure why you got the error. I ran the sha256sum on the same file on a CentOS 8 box, got the same checksum and no errors. I'm guessing that you already tried downloading a fresh copy?Natassia
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/f11e7cea-c4e8-4d22-b7d6-25012db7d5e0%40googlegroups.com.
Natassia S
Dec 11, 2019, 10:33:06 AM12/11/19
to ossec...@googlegroups.com
I'm not sure why you got the error. I ran the sha256sum on the same file on a CentOS 8 box, got the same checksum and no errors. I'm guessing that you already tried downloading a fresh copy?
Natassia
On Wed, Dec 11, 2019 at 3:14 AM karthik s <karth...@gmail.com> wrote:
--
Natassia S
Dec 11, 2019, 10:44:20 AM12/11/19
to ossec...@googlegroups.com
Sorry that this is coming in bits and pieces. It looks to me that -c option is used when verifying the checksum file.
[ Downloads]$ sha256sum -c ossec-hids-2.8.3.tar.gz.sha256
ossec-hids-2.8.3.tar.gz: OK
I don't think that the actual program tar file contains a checksum (hence the error) and you use the command without any options to calculate a sum that you compare to the checksum file that you download separately.
[ Downloads]$ sha256sum ossec-hids-2.8.3.tar.gz
917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd ossec-hids-2.8.3.tar.gz
917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd ossec-hids-2.8.3.tar.gz
Natassia
Schultheis Burkhard
Jan 13, 2020, 9:04:35 AM1/13/20
to ossec...@googlegroups.com
Some weeks ago I've installed Ossec on on three servers. One is running
CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
as expected, but the opensuse installations behave very different,
although the configurations are as close as possible.
From the CentOS server we get emails as expected, from the opensuse
servers not (other programs send us emails as expected from all
servers). The opensuse servers write tons of ossec logs, because it's in
a start-terminate loop. Excerpt:
2020/01/13 13:45:25 ossec-testrule: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-testrule: INFO: Started (pid: 28499).
2020/01/13 13:45:25 ossec-maild: INFO: Started (pid: 28516).
2020/01/13 13:45:25 ossec-execd: INFO: Started (pid: 28520).
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'rules_config.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pam_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'telnetd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'arpwatch_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-ws_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'named_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vsftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'proftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'roundcube_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cimserver_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vmpop3d_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apache_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'php_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postgresql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ids_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'firewall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cisco-ios_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sonicwall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sendmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mailscanner_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms-exchange_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vpn_concentrator_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'msauth_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'trend-osce_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'zeus_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vmware_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'asterisk_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'attack_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'clam_av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sysmon_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'exim_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dnsmasq_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'local_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Total rules enabled: '1603'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/mnttab'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'/etc/svc/volatile'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Logs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/CatRoot'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: '127.0.0.1'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: 4 IPs in the allow list for
active response.
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing Hostname: '::1'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing Hostname:
'localhost.localdomain'
2020/01/13 13:45:25 ossec-analysisd: INFO: 2 Hostname(s) in the allow
list for active response.
2020/01/13 13:45:25 ossec-analysisd: INFO: Started (pid: 28524).
2020/01/13 13:45:26 ossec-monitord: INFO: Started (pid: 28536).
2020/01/13 13:45:28 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-logcollector(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-analysisd(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-maild(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-execd(1314): INFO: Shutdown received. Deleting
responses.
2020/01/13 13:45:28 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
Where should I look what could terminate the process?
Best regards
Burkhard
CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
as expected, but the opensuse installations behave very different,
although the configurations are as close as possible.
From the CentOS server we get emails as expected, from the opensuse
servers not (other programs send us emails as expected from all
servers). The opensuse servers write tons of ossec logs, because it's in
a start-terminate loop. Excerpt:
2020/01/13 13:45:25 ossec-testrule: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-testrule: INFO: Started (pid: 28499).
2020/01/13 13:45:25 ossec-maild: INFO: Started (pid: 28516).
2020/01/13 13:45:25 ossec-execd: INFO: Started (pid: 28520).
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'rules_config.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pam_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'telnetd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'arpwatch_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-ws_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'named_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vsftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'proftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'roundcube_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cimserver_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vmpop3d_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apache_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'php_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postgresql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ids_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'firewall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cisco-ios_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sonicwall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sendmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mailscanner_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms-exchange_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vpn_concentrator_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'msauth_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'trend-osce_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'zeus_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vmware_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'asterisk_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'attack_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'clam_av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sysmon_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'exim_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dnsmasq_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'local_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Total rules enabled: '1603'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/mnttab'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'/etc/svc/volatile'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Logs'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2020/01/13 13:45:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/CatRoot'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: '127.0.0.1'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing IP: 'xxxx'
2020/01/13 13:45:25 ossec-analysisd: INFO: 4 IPs in the allow list for
active response.
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing Hostname: '::1'
2020/01/13 13:45:25 ossec-analysisd: INFO: Allow listing Hostname:
'localhost.localdomain'
2020/01/13 13:45:25 ossec-analysisd: INFO: 2 Hostname(s) in the allow
list for active response.
2020/01/13 13:45:25 ossec-analysisd: INFO: Started (pid: 28524).
2020/01/13 13:45:26 ossec-monitord: INFO: Started (pid: 28536).
2020/01/13 13:45:28 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-logcollector(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-analysisd(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-maild(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2020/01/13 13:45:28 ossec-execd(1314): INFO: Shutdown received. Deleting
responses.
2020/01/13 13:45:28 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
Where should I look what could terminate the process?
Best regards
Burkhard
dan (ddp)
Jan 17, 2020, 7:13:14 AM1/17/20
to ossec...@googlegroups.com
On Mon, Jan 13, 2020 at 9:04 AM Schultheis Burkhard
<burkhard....@gmail.com> wrote:
>
> Some weeks ago I've installed Ossec on on three servers. One is running
> CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
> as expected, but the opensuse installations behave very different,
> although the configurations are as close as possible.
>
> From the CentOS server we get emails as expected, from the opensuse
> servers not (other programs send us emails as expected from all
> servers). The opensuse servers write tons of ossec logs, because it's in
> a start-terminate loop. Excerpt:
>
How did you install OSSEC (package, source, etc)?
<burkhard....@gmail.com> wrote:
>
> Some weeks ago I've installed Ossec on on three servers. One is running
> CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
> as expected, but the opensuse installations behave very different,
> although the configurations are as close as possible.
>
> From the CentOS server we get emails as expected, from the opensuse
> servers not (other programs send us emails as expected from all
> servers). The opensuse servers write tons of ossec logs, because it's in
> a start-terminate loop. Excerpt:
>
You could check the /var/log/audit/audit.log to see if it mentions
anything about it.
I have an OpenSuse VM where it worked fine, but I installed from
source. I haven't powered it up in a while though.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/2f6a0b29-db32-1a1a-8a67-e031ce24bab3%40gmail.com.
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
Burkhard Schultheis
Jan 17, 2020, 4:24:59 PM1/17/20
to ossec...@googlegroups.com
Hi,
I installed it. In the meantime I solved the problem with help from
Google:
https://unix.stackexchange.com/questions/200280/systemd-kills-service-immediately-after-start
Thanks for your help!
Best regards from Germany
Burkhard
I installed it. In the meantime I solved the problem with help from
Google:
https://unix.stackexchange.com/questions/200280/systemd-kills-service-immediately-after-start
Thanks for your help!
Best regards from Germany
Burkhard
Reply all
Reply to author
Forward
0 new messages