#1  
Old 20th February 2007, 19:10
Jorem Jorem is offline
Senior Member
 
Join Date: Oct 2005
Posts: 139
Thanks: 5
Thanked 4 Times in 4 Posts
Default Remove OSSEC-HIDS

I have a problem with OSSEC-HIDS. User ID is in the ISPConfig range.

Can I maybe change the user ID of ossec to 2000 something?

If this is not possible, how can I remove ossec-hids form my system again? yum remove ossec or yum remove ossec-hids didn't work.

Thanks for the help.

Last edited by Jorem; 20th February 2007 at 19:13.
Reply With Quote
Sponsored Links
  #2  
Old 21st February 2007, 03:13
Jorem Jorem is offline
Senior Member
 
Join Date: Oct 2005
Posts: 139
Thanks: 5
Thanked 4 Times in 4 Posts
Default

Have it working now.

Removed the folder by hand from the server. Installed it again. Did not start it and changed all the id's of the group and after that the users and the group first (10050 to 20050 for group ossec and user 10050 to 20050 with group ossec for example).

After that I changed the ID of the folders and files in /var/ossec .

When I started the Ossec after the changes it worked great without any errors.

It is now running and installed on a server with ISPConfig server. In may case easier than changing the ID of all the ISPConfig users and config op ISPConfig .
Reply With Quote
  #3  
Old 21st February 2007, 03:33
iverson0881 iverson0881 is offline
Junior Member
 
Join Date: Jan 2007
Posts: 22
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Would you be willing to go in detail about the commands you used to change the folders and which folders you changed permissions of?
Reply With Quote
  #4  
Old 21st February 2007, 11:14
Jorem Jorem is offline
Senior Member
 
Join Date: Oct 2005
Posts: 139
Thanks: 5
Thanked 4 Times in 4 Posts
Default

I used Webmin for it .

First I installed using the guide: Securing Your Server With A Host-based Intrusion Detection System

After that I switched to Webmin and went to system --> users & groups. Here you can click on the group and change the ID. I just made of the first 1 a 2 to keep it simple . After that you click on each ossec user (4 total) and change the user id and add the new group ossec as primairy group (ignore the postfix errors).

Than I went to /var/ossec and change witch the File Manager in Webmin all the files the user and or group. Only when it wasn't ossec allready but 10050 I changed it to 20050 for example (click on the file and then click the info button of the file manager). You have to do this with all the folders, subfolders and files. (don't forget the id of the ossec folder itself)

After you have changed all the files you can start OSSEC by command or by Webmin (system --> startup & shutdown --> ossec --> start now).

It started perfectly in my case. And after a few seconds I received the first ossec email that ossec started .
Reply With Quote
  #5  
Old 15th March 2007, 08:41
iverson0881 iverson0881 is offline
Junior Member
 
Join Date: Jan 2007
Posts: 22
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

Thank you very much. This worked for me after a few tries. Cheers!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ispconfig & Ossec akaiser Installation/Configuration 7 5th November 2013 10:52
If I remove a user how do i remove the email dhonnoll78 Installation/Configuration 2 17th January 2007 05:15
Ossec - How to view the stats? tom Server Operation 1 9th November 2006 17:18
Securing Your Server With A Host-based Intrusion Detection System - OSSEC HIDS bruma HOWTO-Related Questions 1 29th September 2006 15:29
Possible to remove manuals... ? TobiasTM Installation/Configuration 1 26th July 2006 10:02


All times are GMT +2. The time now is 14:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.