ossec-docker's People
Forkers
madhuakula ibuystuff jpalmergithub coreypobrien esguardian venmoqa mr-brody ddpbsd twobombs jinoj aslammc mikesoule sathishmr payomagic marciopocebon herzogin-arathi zhangjunchao1937 rhythmictech adminrezo ichasco happysharegithub saikat-upstart bhoriuchi moritzbrodscholl junsecurity justifiably kim-softnotik edwardt xiaoruiguo jsha09 ketaminekid423 leopere luozhonghua dannysdable isabella232 resteex0 gellanyhassan0 reinaldoca i5hi developers81828182ossec-docker's Issues
Is this going to be the official ossec container?
Hello there! I'm the author/maintainer of the current de-facto OSSEC container (the Xetus OSS one that you referenced).
It's on our radar to update the image and perform some overdue maintenance in the next few weeks. If you're going to be maintaining an official ossec-docker container, we should discuss if it makes sense to retire ours and contribute here instead.
Mounting a custom ossec.conf fails
I tried to use a docker-compose file to install ossec-docker, but I ran into a problem of replacing the original ossec.conf with my own one:
version: '3.4'
services:
ossec:
container_name: ossec
image: atomicorp/ossec-docker
restart: alway
volumes:
- ./ossec.conf:/var/ossec/data/etc/ossec.conf
ports:
- "1514:1514/udp"
- "1515:1515/tcp"
It seems that the ossec-server.sh doesn't install anything in /var/ossec/data/etc
when the custom conf already sits in /var/ossec/data/etc
. Is there a way to use a custom ossec.conf?
Here's the log:
ossec | Installing rules <<=== missing Installing etc
ossec | Installing logs
ossec | Installing stats
ossec | Installing queue
ossec | Bulk load file: /var/ossec/default_agent
ossec | Opening: [/var/ossec/default_agent]
ossec | Agent information:
ossec | ID:001
ossec | Name:DEFAULT_LOCAL_AGENT
ossec | IP Address:127.0.0.1
ossec |
ossec | Agent added.
ossec | Starting OSSEC HIDS 2.9.2 (by Trend Micro Inc.)...
ossec | OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
ossec | 2018/02/05 06:23:35 ossec-authd: INFO: Started (pid: 21).
ossec | 2018/02/05 06:23:35 getaddrinfo: Name or service not known
ossec | 2018/02/05 06:23:35 ossec-authd: Unable to bind to port 1515
ossec | 2018/02/05 06:23:52 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XMLERR: File 'etc/decoder.xml' not found. (line 203).
ossec | 2018/02/05 06:23:52 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting.
Error during the setup
I got the following error during the docker setup.
Error log
Starting ossec-authd...
Starting OSSEC HIDS 3.6.0...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
2020/04/26 14:57:04 ossec-logcollector(1905): INFO: No file configured to monitor.
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
2020/04/26 14:57:04 ossec-analysisd: INFO: Ignoring file: '/var/ossec/active-response/ossec-hids-responses.log'
2020/04/26 14:57:04 ossec-analysisd: INFO: Started (pid: 51).
2020/04/26 14:57:04 ossec-analysisd: logstat: Unable to create stat queue: /stats/weekly-average
2020/04/26 14:57:05 ossec-monitord: INFO: Started (pid: 70).
2020/04/26 14:57:05 ossec-remoted(4111): INFO: Maximum number of agents allowed: '16384'.
2020/04/26 14:57:05 ossec-remoted(1410): INFO: Reading authentication keys file.
2020/04/26 14:57:05 ossec-remoted: INFO: No previous counter available for 'DEFAULT_LOCAL_AGENT'.
2020/04/26 14:57:05 ossec-remoted: INFO: Assigning counter for agent DEFAULT_LOCAL_AGENT: '0:0'.
2020/04/26 14:57:05 ossec-remoted: INFO: No previous sender counter.
2020/04/26 14:57:05 ossec-remoted: INFO: Assigning sender counter: 0:0
2020/04/26 14:57:09 ossec-syscheckd: INFO: Started (pid: 67).
2020/04/26 14:57:09 ossec-rootcheck: INFO: Started (pid: 67).
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/active-response', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/agentless', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/lib64', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/tmp'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/queue'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/stats'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/var'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/etc/rules.d'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mnttab'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/grsec/learning.logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/utmpx'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/wtmpx'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/modsecurity.d/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/httpd/domlogs/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/vfilters/'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/bin/.process_list'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/etc/prelink.cache'
2020/04/26 14:57:09 ossec-syscheckd: INFO: ignoring: '/var/ossec/active-response/ossec-hids-responses.log'
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/etc'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/active-response'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/etc'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/agentless'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/bin'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/lib64'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/sbin'.
2020/04/26 14:57:09 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/bin'.
2020/04/26 14:57:10 ossec-logcollector: INFO: Started (pid: 56).
2020/04/26 14:57:32 ossec-authd: ERROR: SSL Error (-1)
2020/04/26 14:58:11 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2020/04/26 14:58:11 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
2020/04/26 14:58:11 ossec-syscheckd: INFO: Initializing real time file monitoring (not started).
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-newaliasesman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-newaliasesman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-mailqman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-mailqman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-aliasesman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-aliasesman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:58:33 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/mta-sendmailman' to '/var/ossec/queue/diff/local/etc/alternatives/mta-sendmailman/last-entry' due to [(2)-(No such file or directory)].
2020/04/26 14:59:04 ossec-maild: INFO: Max emails per hour reached.
2020/04/26 15:00:00 ossec-analysisd(1107): ERROR: Could not create directory '/stats/totals/2020/' due to [(2)-(No such file or directory)].
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.