Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: OSSEC Installation

  1. #1
    Join Date
    Jan 2014
    Posts
    28

    Default OSSEC Installation

    I was wondering if someone knew a little bit about OSSEC installation in openSUSE 13.1.

    I have downloaded, compiled, and installed the program from source with no issue. I then issued the command to start the service, which also gave no problem. Upon restart of my system, my login screen now has 3 additional names all having to do with the OSSEC program (ossec, etc.). When I login to my original account, which I made during the installation, everything works fine, but I have to manually instruct the program to run each time I logon. I was wondering if somebody can identify an error I made in the installation that would prevent it from automatically starting, and if not, a reference on how to set up a run script on openSUSE to run the program each time the computer starts up and I logon to the account.

    Below I have included the step-by-step instructions I gave in the terminal to download, compile, and installed the program. Perhaps I failed to notice a OS specific instruction that would have prevented my issue.

    cd /tmp

    wget http://www.ossec.net/files/ossec-hids-latest.tar.gz

    wget http://www.ossec.net/files/ossec-hid...t_checksum.txt

    cat ossec-hids-latest_checksum.txt

    md5sum ossec-hids-*.tar.gz

    sha1sum ossec-hids-*.tar.gz

    tar -zxvf ossec-hids-*.tar.gz

    cd ossec-hids-*

    ./install.sh

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,781
    Blog Entries
    15

    Default Re: OSSEC Installation

    Hi
    Looking at an OBS build the ossec users were not created with the -s option (system users) so they don't show up as normal users...

    https://build.opensuse.org/package/v....spec?expand=1
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,797

    Default Re: OSSEC Installation

    Perhaps it created new users. look in the /home and see if you some new user directories.

  4. #4
    Join Date
    Jan 2014
    Posts
    28

    Default Re: OSSEC Installation

    Is there a way to prevent them from showing up during an installation and also have OSSEC start normally at every system startup without having to create a separate script?

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,781
    Blog Entries
    15

    Default Re: OSSEC Installation

    On Sun 26 Jan 2014 06:16:01 AM CST, BMor wrote:


    Is there a way to prevent them from showing up during an installation
    and also have OSSEC start normally at every system startup without
    having to create a separate script?


    Hi
    Modify the install script to set as system users, does it not have an
    init script or a systemd service file?

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.6-4-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  6. #6
    Join Date
    Jan 2014
    Posts
    28

    Default Re: OSSEC Installation

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Modify the install script to set as system users, does it not have an
    init script or a systemd service file?

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.6-4-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!
    I originally just followed their instructions on how to compile and where to install the program. During this normal installation I receive the message that the "Int" file has been modified to boot the program at startup, but it does not boot at startup. It now creates four separate IDs, none of which can be logged in. When I start my system, I can re-enter the start command in the terminal, and the program starts normally. On other Linux OS builds, the installation does not cause any of these issues, and I am having trouble identifying why this happens in openSUSE, and how to prevent it. Nevertheless, as I said above, the "int" file is modified to start the program at startup automatically, yet this does not happen.

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,781
    Blog Entries
    15

    Default Re: OSSEC Installation

    Hi
    Because openSUSE 13.1 doesn't use init files any more, it uses systemd, however, some init files do work but may need tweaking.

    Other systems use different ways to implement system users I guess, it also depends on what the developer develops on, no different that for instance someone using openSUSE and then a Debian user having difficulties installing, each may/may not need adapting....
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  8. #8
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,781
    Blog Entries
    15

    Default Re: OSSEC Installation

    Hi
    And re-looking at this users spec file on the building, it would appear that using the install.sh is not appropriate, or needs modifying for openSUSE;
    https://build.opensuse.org/package/v....spec?expand=1

    In the above users repository, do you see anything untoward with it to not use this build?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  9. #9
    Join Date
    Jan 2014
    Posts
    28

    Default Re: OSSEC Installation

    Quote Originally Posted by malcolmlewis View Post
    Hi
    And re-looking at this users spec file on the building, it would appear that using the install.sh is not appropriate, or needs modifying for openSUSE;
    https://build.opensuse.org/package/v....spec?expand=1

    In the above users repository, do you see anything untoward with it to not use this build?
    I am sorry, but I do not understand your question. Specifically, I don't know what you mean by "untoward." You say the above user's repository. Is there a repository available with OSSEC already on it?

    Nevertheless, I appreciate your help.

  10. #10
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,299
    Blog Entries
    14

    Default Re: OSSEC Installation

    What Malcolm is saying is that there's a ready built package for openSUSE: http://software.opensuse.org/package/ossec-hids
    Chances are that the user who built this package already solved the issues you are meeting right now. I suggest you uninstall what you have installed so far, then install the package and see if the situation improves.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •