On Tue, Nov 1, 2016 at 1:53 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Nov 1, 2016 at 1:49 PM, Eponymous - <the.e...@gmail.com> wrote: >>>> To a process chrooted to /usr/local/ossec-hids, /var/run and >>>> /usr/local/ossec-hids/var/run are the same thing. The process' root >>>> directory (/) is now /usr/local/ossec-hids. So >>>> /usr/local/ossec-hids/var/run >>>> looks like /var/run to that process. >> >> That is very true. >> >> Hmm, so why is it I get the error: ossec-agentd(1103): ERROR: Unable to open >> file '/var/run/.syscheck_run' >> when I run without any command line options but then the error disappears >> when I specify "-D /usr/local/ossec-hids"? The two instances should result >> in the same behaviour? >> > > No idea, I haven't looked at FreeBSD's port. Perhaps they have it > configured to chroot to a directory that doesn't contain var/run?
It's possible that this line (https://svnweb.freebsd.org/ports/head/security/ossec-hids-server/Makefile?revision=413754&view=markup#l87) @${ECHO} "DIR=\"${STAGEDIR}${PREFIX}/${PORTNAME}\"" > ${WRKSRC}/src/LOCATION in the port Makefile configures the chroot directory incorrectly. You can try `strings /var/ossec/bin/ossec-agentd | grep ossec` to see if it gives you any clues as to what directory is expected. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.