[SOLVED] Future update of Ossec

newbie14 · 01-18-2013, 07:55 PM

I have centos machine 6.3 and I have followed this link http://www.ossec.net/doc/manual/installation/index.html to isntall ossec. So now my worry in future when there is an update how am I going update my current ossec as yum update will not work for this.

unSpawn · 01-18-2013, 08:52 PM

Installing from source equals updating from source.
Package management equals efficiency.
ART (Atomic Corp repo) may have OSSEC HIDS packages IIGC.

newbie14 · 01-19-2013, 04:23 AM

Dear Unspawn,
I tried using this link http://www.ossec.net/?page_id=19 and there is instruction as below

Quote:

# wget -q -O – https://www.atomicorp.com/installers/atomic |sh
# yum install ossec-hids ossec-hids-server (or ossec-hids-client for the agent)

I did not work there work I install from the source. What could I do now? Leave it or uninstall it ?

unSpawn · 01-19-2013, 07:37 AM

Quote:

Originally Posted by newbie14

I did not work

Saying that doesn't give us clues what doesn't work or why it wouldn't work. Output from running the script could help.

Quote:

Originally Posted by newbie14

What could I do now? Leave it or uninstall it ?

That's not my decision to make. If you don't mind having to upgrade from source then leave it be. If you want to be able to efficiently upgrade when an upgrade becomes available then the logical choice would be to diagnose and fix the repo problems first, remove the installed software and install them from the repo.

newbie14 · 01-19-2013, 08:50 AM

Dear Unspawn,
Below is the output when I the command yum install ossec-hids ossec-hids-server. So based on the error I tried to install. What are the other options I got should I follow the other two --skip-broken or rpm -Va --nofiles --nodigest. IS this repo a reliable one interms of its source? How can I uninstall my current installed ossec?

Quote:

yum install inotify-tools
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* atomic: www4.atomicorp.com
* base: mirrors.sin3.sg.voxel.net
* extras: mirrors.sin3.sg.voxel.net
* updates: centos.ipserverone.com
Setting up Install Process
No package inotify-tools available.
Error: Nothing to do

Quote:

Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package ossec-hids-server.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: libmysqlclient.so.18(libmysqlclient_16)(64bit) for package: ossec-hids-server-2.7-20.el6.art.x86_64
--> Processing Dependency: libmysqlclient.so.18()(64bit) for package: ossec-hids-server-2.7-20.el6.art.x86_64
--> Running transaction check
---> Package mysql-libs.x86_64 0:5.1.66-2.el6_3 will be updated
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: redland-1.0.7-11.el6.x86_64
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: perl-DBD-MySQL-4.013-3.el6.x86_64
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: php-mysql-5.3.3-14.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: mysql-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: mysql-server-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16()(64bit) for package: 2

ostfix-2.6.6-2.2.el6_1.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: redland-1.0.7-11.el6.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: perl-DBD-MySQL-4.013-3.el6.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: mysql-server-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: mysql-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: php-mysql-5.3.3-14.el6_3.x86_64
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16)(64bit) for package: 2

ostfix-2.6.6-2.2.el6_1.x86_64
--> Processing Dependency: libmysqlclient_r.so.16()(64bit) for package: mysql-connector-odbc-5.1.5r1144-7.el6.x86_64
--> Processing Dependency: libmysqlclient_r.so.16()(64bit) for package: MySQL-python-1.2.3-0.3.c1.1.el6.x86_64
--> Processing Dependency: libmysqlclient_r.so.16()(64bit) for package: 1:qt-mysql-4.6.2-24.el6.x86_64
--> Processing Dependency: libmysqlclient_r.so.16()(64bit) for package: mysql-server-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient_r.so.16()(64bit) for package: mysql-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16)(64bit) for package: mysql-connector-odbc-5.1.5r1144-7.el6.x86_64
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16)(64bit) for package: mysql-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16)(64bit) for package: 1:qt-mysql-4.6.2-24.el6.x86_64
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16)(64bit) for package: mysql-server-5.1.66-2.el6_3.x86_64
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16)(64bit) for package: MySQL-python-1.2.3-0.3.c1.1.el6.x86_64
--> Processing Dependency: mysql-libs = 5.1.66-2.el6_3 for package: mysql-5.1.66-2.el6_3.x86_64
---> Package mysql-libs.x86_64 0:5.5.29-14.el6.art will be an update
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
--> Running transaction check
---> Package mysql.x86_64 0:5.1.66-2.el6_3 will be updated
---> Package mysql.x86_64 0:5.5.29-14.el6.art will be an update
---> Package mysql-server.x86_64 0:5.1.66-2.el6_3 will be updated
---> Package mysql-server.x86_64 0:5.5.29-14.el6.art will be an update
---> Package mysqlclient16.x86_64 0:5.1.59-2.el6.art will be installed
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package php-mysql.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-mysql.x86_64 0:5.3.20-13.el6.art will be an update
--> Processing Dependency: php-pdo(x86-64) = 5.3.20-13.el6.art for package: php-mysql-5.3.20-13.el6.art.x86_64
--> Running transaction check
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package php-pdo.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-pdo.x86_64 0:5.3.20-13.el6.art will be an update
--> Processing Dependency: php-common(x86-64) = 5.3.20-13.el6.art for package: php-pdo-5.3.20-13.el6.art.x86_64
--> Running transaction check
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package php-common.x86_64 0:5.3.3-14.el6_3 will be updated
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-mbstring-5.3.3-14.el6_3.x86_64
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-gd-5.3.3-14.el6_3.x86_64
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-5.3.3-14.el6_3.x86_64
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-xml-5.3.3-14.el6_3.x86_64
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-cli-5.3.3-14.el6_3.x86_64
---> Package php-common.x86_64 0:5.3.20-13.el6.art will be an update
--> Running transaction check
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package php.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php.x86_64 0:5.3.20-13.el6.art will be an update
---> Package php-cli.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-cli.x86_64 0:5.3.20-13.el6.art will be an update
---> Package php-gd.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-gd.x86_64 0:5.3.20-13.el6.art will be an update
--> Processing Dependency: libt1.so.5()(64bit) for package: php-gd-5.3.20-13.el6.art.x86_64
---> Package php-mbstring.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-mbstring.x86_64 0:5.3.20-13.el6.art will be an update
---> Package php-xml.x86_64 0:5.3.3-14.el6_3 will be updated
---> Package php-xml.x86_64 0:5.3.20-13.el6.art will be an update
--> Running transaction check
---> Package ossec-hids.x86_64 0:2.7-20.el6.art will be installed
--> Processing Dependency: inotify-tools for package: ossec-hids-2.7-20.el6.art.x86_64
---> Package t1lib.x86_64 0:5.1.2-6.el6_2.1 will be installed
--> Finished Dependency Resolution
Error: Package: ossec-hids-2.7-20.el6.art.x86_64 (atomic)
Requires: inotify-tools
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

unSpawn · 01-19-2013, 09:31 AM

First add the EPEL repository: http://dl.fedoraproject.org/pub/epel...6-8.noarch.rpm

newbie14 · 01-19-2013, 09:56 AM

Dear Unspawn,
I have yum install but I got a Warning: RPMDB altered outside of yum. is fine right.

Quote:

Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : epel-release-6-8.noarch 1/1
Verifying : epel-release-6-8.noarch 1/1

Installed:
epel-release.noarch 0:6-8

There after that I run yum update and below are the update proposed. So are those updates ok for centos because normally centos will maintain stable version and wont update to the latest version?

Quote:

================================================================================
Package Arch Version Repository
Size
================================================================================
Updating:
libedit x86_64 3.0-2.20090923cvs.el6.art atomic 74 k
mysql x86_64 5.5.29-14.el6.art atomic 5.7 M
mysql-libs x86_64 5.5.29-14.el6.art atomic 766 k
mysql-server x86_64 5.5.29-14.el6.art atomic 10 M
perl-IO-Socket-INET6 noarch 2.67-1.el6.art atomic 18 k
perl-Module-Build noarch 1:0.3607-1.el6.art atomic 275 k
perl-Parse-CPAN-Meta noarch 1:1.4401-2.el6.art atomic 12 k
php x86_64 5.3.20-13.el6.art atomic 2.4 M
php-cli x86_64 5.3.20-13.el6.art atomic 2.3 M
php-common x86_64 5.3.20-13.el6.art atomic 899 k
php-gd x86_64 5.3.20-13.el6.art atomic 132 k
php-mbstring x86_64 5.3.20-13.el6.art atomic 895 k
php-mysql x86_64 5.3.20-13.el6.art atomic 80 k
php-pdo x86_64 5.3.20-13.el6.art atomic 108 k
php-xml x86_64 5.3.20-13.el6.art atomic 159 k
spamassassin x86_64 3.3.2-7.el6.art atomic 1.1 M
sqlite x86_64 3.7.9-1.el6.art atomic 348 k
Installing for dependencies:
mysqlclient16 x86_64 5.1.59-2.el6.art atomic 1.4 M
perl-CPAN-Meta-YAML noarch 0.004-1.el6.art atomic 19 k
perl-JSON-PP noarch 2.27200-2.el6.art atomic 53 k
perl-Mail-SPF noarch 2.007-1.el6.art atomic 135 k
t1lib x86_64 5.1.2-6.el6_2.1 base 160 k

Transaction Summary
================================================================================
Install 5 Package(s)
Upgrade 17 Package(s)

Total download size: 27 M

unSpawn · 01-19-2013, 10:29 AM

Unless you have reasons to do so you do not want to update the system from ART: you only want to get OSSEC HIDS installed. See the warning at Available Repositories for CentOS and first install and configure the Priorities yum plugin to protect your Base repositories.

unSpawn · 01-19-2013, 10:30 AM

Quote:

Originally Posted by newbie14

I got a Warning: RPMDB altered outside of yum. is fine right.

This BTW is probably due to running a service like "yumupdatesd" in the background. Stop that while you're working on getting OSSEC HIDS installed.

newbie14 · 01-19-2013, 10:45 AM

Dear Unspawn,
I notice that Art is quite a new repo and according to warning itself that Centos does take any responsibility for any breaks? I dont get you when you say this "first install and configure the Priorities yum plugin to protect your Base repositories.". I do not run any yum updatesd how to check on that ?

newbie14 · 01-19-2013, 11:08 AM

Dear Unspawn,
Ok I have google it and installed it via this link http://wiki.centos.org/PackageManagement/Yum/Priorities. But I dont see in the APT in this file /etc/yum.repos.d/CentOS-Base.repo ? Thank you.

unSpawn · 01-19-2013, 11:09 AM

Quote:

Originally Posted by newbie14

I notice that Art is quite a new repo and according to warning itself that Centos does take any responsibility for any breaks?

CentOS is not responsible for any b0rkage: you are.

Quote:

Originally Posted by newbie14

I dont get you when you say this "first install and configure the Priorities yum plugin to protect your Base repositories.".

See http://wiki.centos.org/PackageManagement/Yum/Priorities

Quote:

Originally Posted by newbie14

I do not run any yum updatesd how to check on that ?

It appears there no longer is yum-updatesd in CentOS 6 so I don't know what was accessing the RPMDB in the meanwhile. You could check which process (if any) has the RPMDB open with

Code:

lsof -Pwln -a +D/var/lib/rpm

newbie14 · 01-19-2013, 11:17 AM

Dear Unspawn,
Yes I have been to link you gave and installt it too and I am trying to set the priority but I cant find ART and even the EPEL. How about EPEL actually is also a third part repo which centos does not take responsibility? I have run this code lsof -Pwln -a +D/var/lib/rpm and nothing comes out. So back to my OSSEC what should I do now I am stuck where should I take it from original source or ART?

newbie14 · 01-19-2013, 11:26 AM

Dear Unspawn,
OK I have set the priority accordingly where the base and updates CentOS-Base.repo
I have set priority as 1 and atomic.repo I set as priority 60. Should set any other priorities?

unSpawn · 01-19-2013, 12:19 PM

If you don't use any other repos, no. BTW you can also select which repos to use when updating using the command line. For example

Code:

sudo /usr/bin/yum -d0 --disablerepo=\* --enablerepo=updates check-update

would run Yum without unnecessary output, disable all repos, enable only the CentOS "updates" repo and check for updates.