HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Securing Your Server With A Host-based Intrusion Detection Compatibility Question (http://www.howtoforge.com/forums/showthread.php?t=32732)

giganet 23rd March 2009 06:01

Securing Your Server With A Host-based Intrusion Detection Compatibility Question
 
Hello Group..

I just wanted to validate to some degree the compatibility of the following Tutorial/Software installation with Ubuntu 7.10...

http://howtoforge.com/intrusion_dete...ith_ossec_hids
Securing Your Server With A Host-based Intrusion Detection System

Thank you

Best Regards

falko 24th March 2009 17:57

I haven't tested it on Ubuntu 7.10, but I don't see why it shouldn't work. :)

giganet 25th March 2009 23:20

Thank you Falko...

I have installed OSSEC successfully onto my Ubuntu 6.06 and all seems good.

This is the box that ISPConfig failed after running the ISPConfig upgrade VIA CLI, and now MySQL is not running/inaccessible.
OSSEC does send reports as follows which I feel is due to MySQL's status:

Code:

OSSEC HIDS Notification.
2009 Mar 25 14:09:17
 
Received From: giganetwireless->/var/log/auth.log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
 
Mar 25 14:09:17 giganetwireless getty[9043]: ttyS1: ioctl: Input/output error
 
 
 
 --END OF NOTIFICATION

Does my assumption seem to be on target considering the error above?Thank you FalkoBest Regards

giganet 25th March 2009 23:26

Thank you Falko...

I have installed OSSEC successfully onto my Ubuntu 6.06 and all seems good.

This is the box that ISPConfig failed after running the ISPConfig upgrade VIA CLI, and now MySQL is inaccessible.
OSSEC does send reports as follows which I feel is due to MySQL's status:

Code:

OSSEC HIDS Notification.
2009 Mar 25 14:09:17
 
Received From: giganetwireless->/var/log/auth.log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
 
Mar 25 14:09:17 giganetwireless getty[9043]: ttyS1: ioctl: Input/output error
 
 
 
 --END OF NOTIFICATION

Does my assumption seem to be on target considering the error above?Thank you FalkoBest Regards

falko 26th March 2009 19:14

I'm not sure what the error means. Have you tried to restart MySQL? Are there any MySQL errors in the syslog?

giganet 27th March 2009 06:44

Hi Falko

I can run '/etc/init.d/mysql restart' and no complaints are returned by the server.

However if I attempt to loginto MySQL I receive the following:
Code:

root@giganetwireless:/etc# mysql -u root -p
bash: mysql: command not found

As if MySQL is non-existent...

Likewise when I run 'tail -f /var/log/syslog' or even 'cat /var/lost/syslog'
there is no data populating 'syslog' what-so-ever :confused:

This particular server is tapped for drive space, as you pointed out to me after I ran an upgrade to ISPConfig VIA CLI earlier this week after which ISPConfig became inaccessible.

I am waiting on a 1TB drive for this server then I will start fresh.
The wierd thing is that everything that relys on MySQL such as E-Mail functions without a hitch.

Thanks Falko
Have a great day.

Best Regards

falko 28th March 2009 19:59

Did you install the MySQL client package?

giganet 30th March 2009 06:34

Hi Falko

I am sure that the mysql-client package was installed originally, but to be sure I ran 'apt-get install mysql-client'

system reply:
Code:

Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
  mysql-client: Depends: mysql-client-5.1 but it is not going to be installed
E: Broken packages

I accessed '/etc/mysql' and opened 'debian.cnf' it's contents do show client settings...

Code:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host    = localhost
user    = debian-sys-maint
password = Nhguuhdre35XXB
socket  = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host    = localhost
user    = debian-sys-maint
password = Nhguuhdre35XXB
socket  = /var/run/mysqld/mysqld.sock

I mangled the password just for safety in this post.

Thank you Falko

Best Regards

falko 30th March 2009 15:10

What's in /etc/apt/sources.list?

giganet 1st April 2009 07:46

Hi Falko, Thank you for the reply and sorry for the long delay of answer.

The contents of '/etc/apt/sources.list'

Code:

#
# deb cdrom:[Ubuntu-Server 6.06.1 _Dapper Drake_ - Release i386 (20060807.1)]/ dapper main restricted
# deb cdrom:[Ubuntu-Server 6.06.1 _Dapper Drake_ - Release i386 (20060807.1)]/ dapper main restricted
deb http://us.archive.ubuntu.com/ubuntu/ dapper main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ dapper main restricted

## MySQL Update links provided by Falko Timme HowToForge.com (projectfarm.org).
## Add to /etc/apt/sources.list, run apt-get update and then apt-get install mysql
deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ dapper-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ dapper-updates main restricted
## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://us.archive.ubuntu.com/ubuntu/ dapper universe
deb-src http://us.archive.ubuntu.com/ubuntu/ dapper universe
## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu dapper-security main restricted
deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted
deb http://security.ubuntu.com/ubuntu dapper-security universe
deb-src http://security.ubuntu.com/ubuntu dapper-security universe

Have a great day

Best Regards


All times are GMT +2. The time now is 12:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.