Coder Social home page Coder Social logo

ossec-docker's People

Contributors

atomicturtle avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

madhuakula ibuystuff jpalmergithub coreypobrien esguardian venmoqa mr-brody ddpbsd twobombs jinoj aslammc mikesoule sathishmr payomagic marciopocebon herzogin-arathi zhangjunchao1937 rhythmictech adminrezo ichasco happysharegithub saikat-upstart bhoriuchi moritzbrodscholl junsecurity justifiably kim-softnotik edwardt xiaoruiguo jsha09 ketaminekid423 leopere luozhonghua dannysdable isabella232 resteex0 gellanyhassan0 reinaldoca i5hi developers81828182

ossec-docker's Issues

Is this going to be the official ossec container?

Hello there! I'm the author/maintainer of the current de-facto OSSEC container (the Xetus OSS one that you referenced).

It's on our radar to update the image and perform some overdue maintenance in the next few weeks. If you're going to be maintaining an official ossec-docker container, we should discuss if it makes sense to retire ours and contribute here instead.

Mounting a custom ossec.conf fails

I tried to use a docker-compose file to install ossec-docker, but I ran into a problem of replacing the original ossec.conf with my own one:

version: '3.4'

services:
  ossec:
    container_name: ossec
    image: atomicorp/ossec-docker
    restart: alway
    volumes:
      - ./ossec.conf:/var/ossec/data/etc/ossec.conf
    ports:
      - "1514:1514/udp"
      - "1515:1515/tcp"

It seems that the ossec-server.sh doesn't install anything in /var/ossec/data/etc when the custom conf already sits in /var/ossec/data/etc . Is there a way to use a custom ossec.conf?

Here's the log:

ossec    | Installing rules <<=== missing Installing etc
ossec    | Installing logs
ossec    | Installing stats
ossec    | Installing queue
ossec    | Bulk load file: /var/ossec/default_agent
ossec    | Opening: [/var/ossec/default_agent]
ossec    | Agent information:
ossec    |    ID:001
ossec    |    Name:DEFAULT_LOCAL_AGENT
ossec    |    IP Address:127.0.0.1
ossec    | 
ossec    | Agent added.
ossec    | Starting OSSEC HIDS 2.9.2 (by Trend Micro Inc.)...
ossec    | OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
ossec    | 2018/02/05 06:23:35 ossec-authd: INFO: Started (pid: 21).
ossec    | 2018/02/05 06:23:35 getaddrinfo: Name or service not known
ossec    | 2018/02/05 06:23:35 ossec-authd: Unable to bind to port 1515
ossec    | 2018/02/05 06:23:52 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XMLERR: File 'etc/decoder.xml' not found. (line 203).
ossec    | 2018/02/05 06:23:52 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting.

Error during the setup

I got the following error during the docker setup.

Error log

Starting ossec-authd...
Starting OSSEC HIDS 3.6.0...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
2020/04/26 14:57:04 ossec-logcollector(1905): INFO: No file configured to monitor.
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
2020/04/26 14:57:04 ossec-analysisd: INFO: Ignoring file: '/var/ossec/active-response/ossec-hids-responses.log'
2020/04/26 14:57:04 ossec-analysisd: INFO: Started (pid: 51).
2020/04/26 14:57:04 ossec-analysisd: logstat: Unable to create stat queue: /stats/weekly-average
2020/04/26 14:57:05 ossec-monitord: INFO: Started (pid: 70).
2020/04/26 14:57:05 ossec-remoted(4111): INFO: Maximum number of agents allowed: '16384'.
2020/04/26 14:57:05 ossec-remoted(1410): INFO: Reading authentication keys file.
2020/04/26 14:57:05 ossec-remoted: INFO: No previous counter available for 'DEFAULT_LOCAL_AGENT'.
2020/04/26 14:57:05 ossec-remoted: INFO: Assigning counter for agent DEFAULT_LOCAL_AGENT: '0:0'.
2020/04/26 14:57:05 ossec-remoted: INFO: No previous sender counter.
2020/04/26 14:57:05 ossec-remoted: INFO: Assigning sender counter: 0:0
2020/04/26 14:57:09 ossec-syscheckd: INFO: Started (pid: 67).
2020/04/26 14:57:09 ossec-rootcheck: INFO: Started (pid: 67).
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/active-response', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/agentless', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/lib64', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/tmp'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/queue'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/stats'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/var'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/etc/rules.d'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mnttab'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/grsec/learning.logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/utmpx'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/wtmpx'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/modsecurity.d/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/domlogs/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/vfilters/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/bin/.process_list'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/prelink.cache'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/active-response/ossec-hids-responses.log'
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/etc'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/active-response'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/etc'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/agentless'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/bin'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/lib64'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/sbin'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/bin'.
2020/04/26 14:57:10 ossec-logcollector: INFO: Started (pid: 56).
2020/04/26 14:57:32 ossec-authd: ERROR: SSL Error (-1)
2020/04/26 14:58:11 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2020/04/26 14:58:11 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
2020/04/26 14:58:11 ossec-syscheckd: INFO: Initializing real time file monitoring (not started).
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-newaliasesman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-newaliasesman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-mailqman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-mailqman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-aliasesman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-aliasesman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-sendmailman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-sendmailman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:59:04 ossec-maild: INFO: Max emails per hour reached.
2020/04/26 15:00:00 ossec-analysisd(1107): ERROR: Could not create directory '/stats/totals/2020/' due to [(2)-(No such file or directory)].

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.