[Pkg-ossec-devel] [ossec-hids-server] List of files created by ossec-server's installation (complete functionality + default values)
Jose Antonio Quevedo Muñoz
joseantonio.quevedo at gmail.com
Wed Aug 10 11:26:26 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
New update comparing the first analysis results against the last analysis:
Users created:
/etc/passwd
ossec:x:1001:1001::/var/ossec:/bin/false
ossecm:x:1002:1001::/var/ossec:/bin/false
ossecr:x:1003:1001::/var/ossec:/bin/false
Three users created in server and local installation instead of the two
reported in the first analysis.
Best regards,
On 10/08/11 11:58, Jose Antonio Quevedo wrote:
> Great!
>
> Now the next is additional information that wasn't provided in the last
> resume:
>
> *Files modified*:
> /etc/group: the only group added to the system.
> +ossec:x:1001:
>
> /etc/init.d/.depend.stop
> /etc/init.d/.depend.start
> /etc/init.d/.depend.boot
>
> Attached are the 3 diff files generated after comparing original
> /etc/init.d/.depend.* files with the same files after installing Ossec
> as a server.
>
> *New files*:
> /var/lib/update-rc.d/ossec
>
> Attached are the results of the last file analysis. Just for log as the
> conclusions have been already exposed in this email.
>
> Best regards,
>
> El 30 de julio de 2011 23:27, Javier Fernández-Sanguino Peña
> <jfs at computer.org <mailto:jfs at computer.org>> escribió:
>
> On Wed, Jul 27, 2011 at 01:55:11AM +0200, Jose Antonio Quevedo Mu?oz
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Hi there,
> >
> > we, Santiago Vila & me, run the upstream installation shell script
> > (install.sh) inside a squeeze chroot taking a snapshot of the
> md5sum of
> > each file before the installation. After running install.sh script
> using
> > all the features for a server installation implemented by upstream
> using
> > the default values (for $USER_DIR=/var/ossec for example), md5sums
> were
> > compared and next was the result.
>
> The latest version in git should compile and build a package with
> all those
> contents (the user changes are done in preinst) but modified:
>
> - binaries are in /usr/lib/ossec instead of in /var/ossec/bin
> - configuration files are in /etc/ossec instead of in /var/ossec/etc
>
> Symlinks make sure that the programs will still find them in their
> original
> location, however.
>
> Regards
>
> Javier
>
>
> _______________________________________________
> Pkg-ossec-devel mailing list
> Pkg-ossec-devel at lists.alioth.debian.org
> <mailto:Pkg-ossec-devel at lists.alioth.debian.org>
> http://lists.alioth.debian.org/mailman/listinfo/pkg-ossec-devel
>
>
>
>
> --
> Jose Antonio Quevedo Muñoz
> Key fingerprint: C88A AAFA CF91 F556 E1D5 52FC C3D7 3C5D 8224 5822
> --
> Ever tried. Ever failed. No matter.
> Try again. Fail again. Fail better.
> ~ Samuel Beckett ~
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOQmriAAoJEMPXPF2CJFgi++cP+wQEi/MFk1nWuBPQaucbsS2j
mQZgrmVv3WcMe8oLW84ntWFljVx4eoP/KD6sv3bVcQgdOsAOLk4Luv0SQExfC3qR
CsBi7vPHK7NFYsZhYmPxTGGcXeBfEB+mptLbyizJE/zRLqyY0IFtFU3MF7Nw/i8x
SuTOgaAUedUPL6lIK7EUsBoz4VxWzp4dAGHRxxnITfr5hJ5YX1voJfyhDhHtMe8+
gAQ9eb1EQmq/ZZq6vLhdvzx9L1Y5pX0zbaC1b+0QwvqRtCdqlPeQURJrDkxl81G9
y8pC0CwoO6+IwCtA2Y10/FFR2idLgYAUFF4aD9WIeGH/Bu0vJictIwST/uvFoK6P
7/tL4lhvQLHy2/hz+5LpgjwyXeZsw02eZOM9tgLvFMrm7KPrIHRsRCneDXrgwrZX
lv4XwGzKZvCkWuQ1IuaSGlYmdNXMkBYBmMzGXGKAgnrJCRo/dZclKAITi0hmqyaY
iOLLLxVqcqMoL2J3X3tl+ETYzNznZuWYbRIcyWJPncN+rrsKuvGZWcf0VZupexbl
q8zqypg4+INFKvDK3OaH+fdHMn2cizWpWgucJ1zrwppbnam+Btrk4jCGkn5M1sYq
IDz1c8TjyZ+xFQdBMsSjr83j2OQfnLjNGHKEs5TAJejDi6M+F7PRdgMb67+eo9ro
lS7geE7nVzi4ypRpPGW3
=UjLY
-----END PGP SIGNATURE-----
More information about the Pkg-ossec-devel
mailing list