Ok but what about the folder? What is the perms of /var/ossec/queue/ ?
--------------------------------- Sent from iPhone On 23/07/2012, at 05:25 a.m., "dan (ddp)" <ddp...@gmail.com> wrote: > > On Jul 23, 2012 6:18 AM, "Kashirin, Anton" <akashi...@rencredit.ru> wrote: > > > > 1. File is exist: > > > > [root@SRVAP280 bin]# ll /var/ossec/queue/syscheck/ > > > > total 1060 > > > > -rw-r-----. 1 ossec ossec 3230 Jul 16 19:08 (SRV008) > > 10.12.198.133->syscheck > > > > -rw-r-----. 1 ossec ossec 547440 Jul 21 20:17 (SRV008) > > 10.12.198.133->syscheck-registry > > > > -rw-r-----. 1 ossec ossec 0 Jul 13 12:53 (SRVAP295) > > 10.15.129.182->syscheck > > > > -rw-r-----. 1 ossec ossec 517713 Jul 20 05:53 (SRVAP295) > > 10.15.129.182->syscheck-registry > > > > -rw-r-----. 1 ossec ossec 196696 Jul 17 05:19 syscheck > > > > 2. cat /etc/group: > > > > … > > > > apache:x:48: > > > > ossec:x:500:apache > > > > 3. ls -la /var/www/html/lib/os_lib_syscheck.php > > > > -rwxr-xr-x. 1 apache apache 9442 Jul 9 17:39 > > /var/www/html/lib/os_lib_syscheck.php > > > > > > > > > > > > Best regards, > > > > Anton Kashirin > > > > > > Ok, step 1.5: are you using linux? If so, are you using selinix? If so, have > you checked those logs to make sure it's not blocking access? > > > > > -----Original Message----- > > From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On > > Behalf Of dan (ddp) > > Sent: Friday, July 20, 2012 5:19 PM > > To: ossec-list@googlegroups.com > > Subject: Re: [ossec-list] Permission denied in > > /var/www/html/lib/os_lib_syscheck.php > > > > > > > > I guess we should start slowly, kind of an "Introduction to > > Troubleshooting" sort of thing? If I need to provide the commands for you, > > let me know! > > > > > > > > First step in troubleshooting below. > > > > > > > > On Fri, Jul 20, 2012 at 4:08 AM, Anton Kashirin <amkashi...@gmail.com> > > wrote: > > > > > Hello! > > > > > Please help. > > > > > I recieve next notification: > > > > > > > > > > OSSEC HIDS Notification. > > > > > > > > > > 2012 Jul 20 12:05:50 > > > > > > > > > > > > > > > > > > > > Received From: SRVAP280->/var/log/httpd/error_log > > > > > > > > > > Rule: 31412 fired (level 5) -> "PHP internal error (missing file)." > > > > > > > > > > Portion of the log(s): > > > > > > > > > > [Fri Jul 20 12:05:50 2012] [error] [client 10.14.64.18] PHP Warning: > > > > > fopen(/var/ossec/queue/syscheck/(SRV008) > > > 10.12.198.133->syscheck-registry): > > > > > failed to open stream: Permission denied in > > > > > > > > Does this file exist? What are the permissions? > > > > > > > > > /var/www/html/lib/os_lib_syscheck.php on line 165, referer: > > > > > http://srvap280.rccf.ru/ > > > > > > > > > > > > > > > > > > > > --END OF NOTIFICATION > > > > > > > > > > > > > > > What about it and how I solve this issue? > > > > > > > > > > Thenks for help!
