On Mon, 9 May 2011 13:49:40 -0300, Daniel Cid
wrote:
The issue here is that on the OSSEC code itself (on all daemons), we
do:
chroot + setuid + setgid.
Meaning that even if you are running OSSEC as the user "ossec", it
will still try to chroot, setuid, etc. All of those
will fail because only
The issue here is that on the OSSEC code itself (on all daemons), we do:
chroot + setuid + setgid.
Meaning that even if you are running OSSEC as the user "ossec", it
will still try to chroot, setuid, etc. All of those
will fail because only root can do that. Not doing the setuid should
be a simpl
On Fri, May 6, 2011 at 1:40 PM, dan (ddp) wrote:
> It can't switch because you're not root. Make sure "sudo -u ossec"
> changes the group as well (and/or try it with "-g ossec" as well).
> You may run into other problems running the daemon processes though.
> For those you'd have to break out a t
On Fri, May 6, 2011 at 2:26 PM, sempai wrote:
> On Apr 18, 11:12 am, Michael Starks
> wrote:
>
>> OSSEC can be administered with someone who has sudo access to
>> impersonate/become the ossec user account. I tried this several years
>> ago. I recall that there was one daemon that failed to sta
On Apr 18, 11:12 am, Michael Starks
wrote:
> OSSEC can be administered with someone who has sudo access to
> impersonate/become the ossec user account. I tried this several years
> ago. I recall that there was one daemon that failed to start because it
> started asrootand then dropped privile
