On Mon, Nov 14, 2016 at 10:40 AM, Whit Blauvelt <w...@transpect.com> wrote: > On Sat, Nov 12, 2016 at 11:17:19AM -0800, Dave Stoddard wrote: >> If OSSEC is chrooting to /var/ossec, copy your /etc/services and >> /etc/hosts >> files to the /var/ossec/etc directory. Do not use a symlink or a >> hardlink >> -- copy them physically into the directory. It will find them without any >> issue and your problem should go away. Best, > > Thanks Dave. Only question is: why doesn't the installation routine either > just do this, or ask for permission to do so? >
IIRC the setting used to require an IP address,so this wasn't necessary. Since then either no one's cared, no one's noticed, or no one wants to change the default behavior (expecting admins to understand chroot). > Best, > Whit > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
