Issue
ossec-hids service doesn't start with the following errors in service status and logs:
ossec-analysisd(1127): ERROR: Could not chmod object 'queue/fts/fts-queue' due to [(1)-(Operation not permitted)].
...
ossec-testrule(1260): ERROR: Error initiating FTS list
Environment
- OSSEC-HIDS
- Plesk 18.0.38
- Imunify360 5.11.6
Solution
The owner of the contents of /var/ossec/queue/fts/ should be checked and, if necessary, changed:
# ls -la /var/ossec/queue/fts/
total 12
drwxr-x--- 2 ossec ossec 4096 Aug 17 12:12 .
dr-xr-x--- 11 root ossec 4096 Sep 27 09:57 ..
-rw-r----- 1 root psacln 265 Sep 6 11:37 fts-queue
-rw-r----- 1 root psacln 0 Aug 17 12:12 hostinfo
-rw-r----- 1 root psacln 0 Aug 17 12:12 ig-queue
# chown ossec:ossec /var/ossec/queue/fts/*
This will allow starting the service on the server.
# systemctl start ossec-hids
Solution 2
Apply SELinux Policies
Policies can be applied manually.
- For the directory with logs:
# checkmodule -M -m -o /var/imunify360/imunify360.mod /opt/imunify360/venv/share/imunify360/imunify360.te
# semodule_package -o /var/imunify360/imunify360.pp -m /var/imunify360/imunify360.mod
# semodule -i /var/imunify360/imunify360.pp
# semanage fcontext -a -t var_log_t '/var/ossec/logs(/.*)?'
# restorecon -Frvv /var/ossec/logs
- For the directory with bins:
# checkmodule -M -m -o /var/imunify360/imunify360.mod /opt/imunify360/venv/share/imunify360/imunify360.te
# semodule_package -o /var/imunify360/imunify360.pp -m /var/imunify360/imunify360.mod
# semodule -i /var/imunify360/imunify360.pp
# semanage fcontext -a -t bin_t "/var/ossec/bin/(.*)"
# restorecon -rv /var/ossec/bin
Please note that in older releases this template can be placed here, so please keep this in mind when executing the commands:
/opt/alt/python38/share/imunify360/imunify360.teAfter that, it only remains to restart OSSEC on the server:
# systemctl restart ossec-hids
And the service will work as usual.
Comments
0 comments
Please sign in to leave a comment.