Hi Brad, Wish that was the case, both times I run the script as the apache user, one time from command line, and one time through the web server, think something might be wrong with my Apache / PHP configuration, but I can't figure out what. "phpinfo" doesn't show anything strange. There are no errors. I was thinking of environment settings, but there's nothing OSSEC related in the environment of the apache user.
Is there anything in addition that OSSEC requires, besides PHP? Does it need any additional PHP modules or libraries? E. 2007/6/19, Brad Lhotsky <[EMAIL PROTECTED]>: > > > Perhaps you're running them as different users and it's a permissions > problem? > > Erik Delfgaauw wrote: > > Hi folks, > > > > I have found out that when I do: > > > > apache@<host>:/var/www/website/ossec-wui> php index.php f=i > > > > ...I get a correct output with an "Agent name" picklist containing all > > the agents, plus the Integrity Check information displayed below. > > > > However, when I go to: > > > > http://<host>/ossec-wui/index.php?f=i > > > > ...I get an incorrect output with an empty "Agent name" picklist (or > > merely containing ossec-server), and no Integrity Check information is > > displayed. > > > > So, apparently OSSEC-WUI is working fine, but somehow it goes wrong > > between Apache and PHP. > > > > We have tried PHP debugging, but apparently it's not that there are any > > errors occuring, it is just not working properly ;-) > > > > Does anybody have any idea or hint on where to look regarding this > > strange behavior? A PHP script that returns different information when > > launched on the command line than when launched through Apache web > > server, without returning errors? > > > > Thanks in advance ! > > > > E. > > > > > > 2007/5/30, Erik Delfgaauw <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>: > > > > Hi Daniel, > > > > Verified once more, the web user is apache, and it has definitely > > access to the OSSEC-WUI tmp directory. > > > > In a different environment which IS working, in the OSSEC-WUI tmp > > directory, I see a file called output-tmp-<some-id>.php, and this > > file does not exist in the NOT working environment. > > > > How to proceed, where else can I look? Can it also be an Apache > > setting that is causing the problem? > > > > E. > > > > 2007/5/28, Daniel Cid < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>: > > > > Hi Erik, > > > > Yes, I mean the ossec-wui tmp directory :) sorry for not being > > specific. Also, > > make sure to restart apache, otherwise the group permissions > > will not apply. > > > > Let me know how it goes :) > > > > Thanks, > > > > Daniel > > > > On 5/27/07, Erik Delfgaauw < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > Hi Daniel, > > > > > > I guess you mean the OSSEC-WUI tmp directory right? Just to be > > 100% sure, > > > because there's also a /tmp and a /var/ossec/tmp. > > > > > > I will verify once more, gotta admit that it already makes me > > feel stupid > > > now, if this is the case ;-) > > > > > > Thanks, will get back to you this Tuesday ! > > > > > > E. > > > > > > 2007/5/27, Daniel Cid < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>: > > > > Hi Erik, > > > > > > > > Can you make sure that your web server is really running as > > user "www"? > > > Probably > > > > a ps auwx |grep http will show you that. It looks like to > > me that > > > > php can't write > > > > to the tmp directory... > > > > > > > > daniel > > > > > > > > On 5/25/07, Erik Delfgaauw < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > Hi Daniel, > > > > > > > > > > /var/ossec/queue/syscheck/ contains a bunch of files with > a > > naming > > > scheme > > > > > like: > > > > > > > > > > (<host>) <ip>->syscheck > > > > > .(<host>) <ip>->syscheck.cpt > > > > > > > > > > There is a couple for each agent, plus there's: > > > > > > > > > > syscheck > > > > > .syscheck.cpt > > > > > > > > > > I have executed every single step from the OSSEC WUI > > install guide, the > > > only > > > > > thing about permissions was regarding the ossec-wui/tmp/ > > directory > > > (chmod > > > > > 770/chgrp www), there are no errors in the web server log, > > and I have > > > just > > > > > found out that Stats isn't working too, and ONLY real time > > search is > > > > > working. > > > > > > > > > > So, very likely a permission problem :-) > > > > > > > > > > What OSSEC HIDS files / directories are required for the > > OSSEC-WUI > > > Integrity > > > > > Check, Stats and Search functionality? > > > > > > > > > > Thanks, > > > > > > > > > > E. > > > > > > > > > > > > > > > 2007/5/22, Daniel Cid < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>: > > > > > > Hi Erik, > > > > > > > > > > > > We first need to determine where the problem is > (agent/server > > > connection > > > > > or at > > > > > > the ui). > > > > > > > > > > > > -Did you follow all the steps from the installation > > guide? If the > > > > > > permissions are > > > > > > wrong, it will not work properly. In addition to that, > > did you add > > > > > > your apache user > > > > > > name to the ossec group and restarted apache? > > > > > > > > > > > > -Do you have any file at /var/ossec/queue/syscheck ? Can > > you show what > > > is > > > > > > in there to us? > > > > > > > > > > > > -Is there any errors at the apache error log? At the > > ossec log (both > > > > > server > > > > > > and agent side)? > > > > > > > > > > > > > > > > > > With that information we can start troubleshooting :) > > > > > > > > > > > > thanks, > > > > > > > > > > > > -- > > > > > > Daniel B. Cid > > > > > > dcid ( at ) ossec.net <http://ossec.net> > > > > > > > > > > > > > > > > > > > > > > > > On 5/11/07, Erik Delfgaauw < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > Hi folks, > > > > > > > > > > > > > > The Main screen of the OSSEC WUI shows "ossec-server" > > plus 4 agents. > > > The > > > > > > > ossec-server is receiving information from the agents > > correctly, > > > BUT: > > > > > > > > > > > > > > The Integrity checking screen shows: > > > > > > > > > > > > > > "No integrity checking information available. > > > > > > > Nothing reported as changed." > > > > > > > > > > > > > > The Agent name pick list only contains "ossec-server" > > and clicking > > > the > > > > > Dump > > > > > > > database button doesn't have any result but a quick > > reload of the > > > page. > > > > > > > > > > > > > > OSSEC ( 1.1) + WUI ( 0.2) are running on RHEL ES 4.4. > > Port 1514 is > > > > > reachable > > > > > > > for the agents. > > > > > > > > > > > > > > Syscheckd is running on all agents. > > > > > > > > > > > > > > I'm very curious to what the problem can be, and > > especially to what > > > > > would be > > > > > > > the best way to troubleshoot this. > > > > > > > > > > > > > > Many thanks in advance ! > > > > > > > > > > > > > > Erik > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Brad Lhotsky <[EMAIL PROTECTED]> > NCTS Computer Specialist Phone: 410.558.8006 > "Darkness is a state of mind, I can go where you would stumble." > -Wolfsheim, 'Blind' >
