Hi Andy, This is generally caused by the wrong apache username in /etc/group. I wrote a step-by-step article on how to install it on Ubuntu (8.04 and 8.10):
http://www.ossec.net/main/manual/wui-ubuntu/ But it should cover Debian as well. This is an important part that most people miss: " **To get the username that Apache is running r...@home:/var/www/ossec# ps auwx |grep apache | cut -d ” ” -f 1 | grep -v root | uniq *Adding www-data to ossec group and checking after r...@home:/var/www/ossec# usermod -a -G ossec www-data r...@home:/var/www/ossec# cat /etc/group |grep ossec ossec:x:1001:www-data And restart apache after that. If you add it to a group, the process must be restarted for it to take effect. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Thu, Mar 5, 2009 at 6:23 PM, Andy Tripp <[email protected]> wrote: > I’m getting the infamous message: > > > > Warning: opendir(/var/ossec) [function.opendir]: failed to open dir: > Permission denied in /var/www/ossec-wui/lib/os_lib_handle.php on line 94 > > Unable to access ossec directory. > > > > This is a clean install of Debian 5.0, nothing but the core system. > > I then installed Apache2, PHP5, GCC, make. > > Then OSSEC, then OSSEC-WUI… > > > > I followed this document > > http://www.ossec.net/wiki/index.php/OSSECWUI:Install > > > > I have searched the mail archives…I have verified what I know to verify…:( > > > > Thanks, > > > > -Andy > > ________________________________ > CONFIDENTIALITY NOTICE: This correspondence, and all attachments transmitted > with it, may contain legally privileged and confidential information > intended solely for the use of the intended recipient. If the reader of this > message is not the intended recipient or the employee or agent responsible > to deliver it to the intended recipient, you are hereby notified that any > reading, dissemination, distribution, copying or other use of this > communication is strictly prohibited. If you have received this message in > error, please notify the sender immediately by telephone at 580.213.1730, or > by electronic mail [email protected], and delete this message and all > copies and backups thereof. Failure to comply with this confidentiality > notice may result in criminal or civil penalties and/or prosecution. >
