how to save changes to ossec.conf file?

[vitorio]

I've recently installed OSSEC. I did not had any problems during installation. It also seems to be running. But... I'm having problem to edit ossec.conf file in /var/ossec/etc directory.

The file is read-only and thus no changes allowed to be made, no matter with privileges I have while doing it.

I've not tried to chmod the file (yet ) in order to alter access permissions and to make it writable since I have a feeling this would be a wrong way of doing things.

To me it looks like a kind of hacking a good security system, something similar to logging in as root instead of using sudo in Ubuntu.

Am i wrong here and removing read-only attribute is the only way to go? Or another OSSEC specific way does exists?

[o.meyer]

Hi vitorio,

please paste the output of

Code:

ls -la /var/ossec/etc/ossec.conf

Best regards,

Olli

[zcworld]

i would think the file would be owned by the root / wheel group
so you need to be root user or SU to have access rights to edit that file

[vitorio]

Here is output of ls -la:

Code:

vitorio@homedir:~$ sudo ls -la /var/ossec/etc/ossec.conf
-r--r----- 1 root ossec 5928 2008-03-04 16:34 /var/ossec/etc/ossec.conf

To make my previous post clearer... I certainly gained root privileges before attempting to edit the file. I actually did it different ways:

Code:

gksudo gedit/vim /var/ossec/etc/ossec.conf

and

Code:

sudo -s 
root:# gedit/vim /var/ossec/etc/ossec.conf

In gedit I just had Save button disabled, vim reported an error attempting to modify a read-only file and gave up.

But this behavior is natural - file as you can see above is indeed read-only after installation.

So, my question was, am I trying to invent the wheel and to change the file attributes to read/write is the way to go, or there is some specific OSSEC way to handle it?

[falko]

Run

Code:

chmod 640 /var/ossec/etc/ossec.conf

Then edit it, save your changes, and run

Code:

chmod 440 /var/ossec/etc/ossec.conf