On Mon, Jun 24, 2013 at 11:10 AM, Rogue Bull <[email protected]> wrote: > Hello All, > > I noticed that we are creating the ossec user on the agent machines. > However, the process itself is launched and run as root. So why do we have > ossec user? And is it not possible to run the process as non-root? >
Which process are you worried about? I have 3 that run as root: [ddp@arrakis] :; ps auxww | grep ossec | grep root root 20984 0.0 0.0 568 784 ?? I 11:18AM 0:00.00 /var/ossec/bin/ossec-execd root 16204 0.0 0.0 572 996 ?? S 11:18AM 0:00.33 /var/ossec/bin/ossec-logcollector (ossec-logcollect) root 23166 0.0 0.1 828 1196 ?? I 11:18AM 0:15.48 /var/ossec/bin/ossec-syscheckd All 3 of these need root permissions. ossec-execd has to be able to add rules to firewalls or hosts.deny files, ossec-logcollector needs to be able to read log files (which are often only readable to root), an dossec-syscheckd has to be able to checksum any file on the system. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
