how to save changes to ossec.conf file?

Discussion in 'HOWTO-Related Questions' started by vitorio, Mar 19, 2008.

  1. vitorio

    vitorio New Member

    I've recently installed OSSEC. I did not had any problems during installation. It also seems to be running. But... I'm having problem to edit ossec.conf file in /var/ossec/etc directory.

    The file is read-only and thus no changes allowed to be made, no matter with privileges I have while doing it.

    I've not tried to chmod the file (yet :)) in order to alter access permissions and to make it writable since I have a feeling this would be a wrong way of doing things.

    To me it looks like a kind of hacking a good security system, something similar to logging in as root instead of using sudo in Ubuntu.

    Am i wrong here and removing read-only attribute is the only way to go? Or another OSSEC specific way does exists?
  2. o.meyer

    o.meyer ISPConfig Developer ISPConfig Developer

    Hi vitorio,

    please paste the output of

    ls -la /var/ossec/etc/ossec.conf
    Best regards,

  3. zcworld

    zcworld New Member

    i would think the file would be owned by the root / wheel group
    so you need to be root user or SU to have access rights to edit that file
  4. vitorio

    vitorio New Member

    Here is output of ls -la:

    vitorio@homedir:~$ sudo ls -la /var/ossec/etc/ossec.conf
    -r--r----- 1 root ossec 5928 2008-03-04 16:34 /var/ossec/etc/ossec.conf
    To make my previous post clearer... I certainly gained root privileges before attempting to edit the file. I actually did it different ways:

    gksudo gedit/vim /var/ossec/etc/ossec.conf
    sudo -s 
    root:# gedit/vim /var/ossec/etc/ossec.conf
    In gedit I just had Save button disabled, vim reported an error attempting to modify a read-only file and gave up.

    But this behavior is natural - file as you can see above is indeed read-only after installation.

    So, my question was, am I trying to invent the wheel and to change the file attributes to read/write is the way to go, or there is some specific OSSEC way to handle it?
  5. falko

    falko Super Moderator ISPConfig Developer

    chmod 640 /var/ossec/etc/ossec.conf
    Then edit it, save your changes, and run
    chmod 440 /var/ossec/etc/ossec.conf

Share This Page