"os_dbd/main.c" line 257 should write the .pid file
257 if(CreatePID(ARGV0, getpid()) < 0)
The daemon should write a log of the following format in ossec.log when
starting:
"%s: INFO: Started (pid: %d).
If there was an error connecting to DB, the ossec-dbd will not function
properly.
On Sunday, June 30, 2013 4:09:07 AM UTC-7, Christian Beer wrote:
>
> Hi All,
>
> I installed the beta 1 of 2.7.1 on a new server and noticed that
> ossec-dbd is not shut down from ossec-control stop or restart.
>
> I compiled with mysql database support. Enabled the database
> (ossec-control enable database) and restarted ossec. I than had to make
> another change in the source, recompiled und updated again. At the end
> of install.sh I got the error:
>
> make[1]: Leaving directory `/root/ossec-hids-2.7.1-beta-1/src/os_auth'
> Killing ossec-monitord ..
> Killing ossec-logcollector ..
> Killing ossec-syscheckd ..
> Killing ossec-analysisd ..
> Killing ossec-maild ..
> Killing ossec-execd ..
> ossec-dbd not running ..
> OSSEC HIDS v2.7.1-beta-1 Stopped
> cp: reguläre Datei „/var/ossec/bin/ossec-dbd“ kann nicht angelegt
> werden: Das Programm kann nicht ausgeführt oder verändert werden (busy)
> Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)...
> Started ossec-dbd...
> Started ossec-maild...
> 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 60 (for
> #1)
> 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 120
> (for #2)
> 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 1440
> (for #3)
> Started ossec-execd...
> Started ossec-analysisd...
> Started ossec-logcollector...
> Started ossec-syscheckd...
> Started ossec-monitord...
> Completed.
>
> I than checked and found three ossec_dbd processes running. That's why
> the cp was not possible.
> I stopped ossec and killed the remaining ossec-dbd processes. I then
> cleaned my /var/ossec/bin/.process_list file to only contain
> DB_DAEMON=ossec-dbd and started ossec again. Here is what it says:
>
> root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/
> insgesamt 0
> root@server:~/ossec-hids-2.7.1-beta-1# /var/ossec/bin/ossec-control start
> Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)...
> Started ossec-dbd...
> Started ossec-maild...
> 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 60 (for
> #1)
> 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 120
> (for #2)
> 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 1440
> (for #3)
> Started ossec-execd...
> Started ossec-analysisd...
> Started ossec-logcollector...
> Started ossec-syscheckd...
> Started ossec-monitord...
> Completed.
> root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/
> insgesamt 24
> -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-analysisd-20823.pid
> -rw-r----- 1 root ossec 6 Jun 30 12:37 ossec-execd-20819.pid
> -rw-r----- 1 root root 6 Jun 30 12:37 ossec-logcollector-20827.pid
> -rw-r----- 1 ossecm ossec 6 Jun 30 12:37 ossec-maild-20814.pid
> -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-monitord-20834.pid
> -rw-r----- 1 root root 6 Jun 30 12:37 ossec-syscheckd-20831.pid
>
> root@server:~/ossec-hids-2.7.1-beta-1# ps aux | grep ossec
> root 20810 0.0 0.3 44700 1680 ? S 12:37 0:00 /var/ossec/bin/ossec-dbd
> ossecm 20814 0.0 0.1 12644 604 ? S 12:37 0:00 /var/ossec/bin/ossec-maild
> root 20819 0.0 0.0 12512 504 ? S 12:37 0:00 /var/ossec/bin/ossec-execd
> ossec 20823 0.1 0.4 14356 2428 ? S 12:37 0:00
> /var/ossec/bin/ossec-analysisd
> root 20827 0.0 0.1 4284 580 ? S 12:37 0:00
> /var/ossec/bin/ossec-logcollector
> root 20831 1.8 0.1 4556 724 ? S 12:37 0:02 /var/ossec/bin/ossec-syscheckd
> ossec 20834 0.0 0.1 12772 592 ? S 12:37 0:00 /var/ossec/bin/ossec-monitord
> root 20906 0.0 0.1 11724 916 pts/0 S+ 12:40 0:00 grep ossec
>
> ossec.log does not contain any further insight, only some of these (that
> I fix soon)
> ossec-dbd(5202): ERROR: Error connecting to database
> '127.0.0.1'(ossecdb): ERROR: Access denied for user 'ossec'@'localhost'
> to database 'ossecdb'.
>
> To me it seems that ossec-dbd forgets to place a pid file in var/run/. I
> did a quick search in the source code but couldn't find the right spot.
> I'm on Debian 7 64bit.
>
> Regards
> Christian
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
