LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-20-2013, 01:55 AM   #16
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled

Dear Unspawn,
Thank you for this command. The issue now back to Ossec so what is your advice which path should I take now install from source or from the repo?
 
Old 01-21-2013, 06:18 AM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
Quote:
Originally Posted by newbie14 View Post
How about EPEL actually is also a third part repo which centos does not take responsibility?
Red Hat does the whole Quality Assurance thing on their Enterprise Linux packages and CentOS is binary compatible with RHEL. At http://wiki.centos.org/AdditionalResources/Repositories you can read CentOS' assessment of available 3rd party repositories like EPEL and RPMForge.


Quote:
Originally Posted by newbie14 View Post
I have run this code lsof -Pwln -a +D/var/lib/rpm and nothing comes out.
OK but remember that if it is a process that accesses the RPMDB at intervals it may not keep files open all the time.


Quote:
Originally Posted by newbie14 View Post
So back to my OSSEC what should I do now I am stuck where should I take it from original source or ART?
Install the inotify-tools package from EPEL, then try installing OSSEC HIDS from ART again?


Quote:
Originally Posted by newbie14 View Post
what is your advice which path should I take now install from source or from the repo?
I'll draw you a quick decision tree: if the original source contains known fixes or features you need the RPM doesn't provide (compare version number and Change log) then you could build an RPM from the original source or install from source, elif the original source is equal to the RPM then you could install the RPM or install from source. (Using RPMs means packages are tracked by the package management system you use so checking for and installing upgrades should be (usually and relatively) efficient and free of problems. Installing a package means bypassing the package management system and additionally (if you have no spare machine to compile on) having to install compilers, development libraries, etc, etc that should not exist on a production machine.) My approach is to use ready-made packages as much as possible and only create packages when fixes or features dictate necessity.
 
Old 01-21-2013, 11:01 AM   #18
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Ok I will look carefully into EPEL and RPMForge. So how confirm on this "process that accesses the RPMDB at intervals" ? I have tried to install the inotify-tools and below is the message. I went and install even with the warning.
Quote:
Downloading Packages:
inotify-tools-3.14-1.el6.x86_64.rpm | 46 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
Userid : EPEL (6) <epel@fedoraproject.org>
Package: epel-release-6-8.noarch (@/epel-release-6-8.noarch)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
I have google about this inotify-tool it say it does monitor for file add,update etc. So in my case what help does it do.

Regarding building an rpm in the case of say Ossec how difficult will it be. My worries about taking the packages from unknown source and breaking the os will be another nightmare right? Maybe to add on your decision tree take the rpm from known and reliable sources.
 
Old 01-25-2013, 10:02 PM   #19
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Any update with regards to my previous post as just to confirm things and I am on the right path. Thank you.
 
Old 02-05-2013, 04:52 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
Quote:
Originally Posted by newbie14 View Post
Any update with regards to my previous post as just to confirm things and I am on the right path. Thank you.
Let's see...


Quote:
Originally Posted by newbie14 View Post
So how confirm on this "process that accesses the RPMDB at intervals" ?
I'm not if favor of duplicate issues and you seem to have a thread already for that issue here: http://www.linuxquestions.org/questi...um-4175444067/


Quote:
Originally Posted by newbie14 View Post
I have tried to install the inotify-tools and below is the message. I went and install even with the warning.
Disregarding warnings is a good way to fsck up, especially when installing software. Luckily this time it was only about the RPMDB missing the EPEL GPG key which it consequently retrieved.


Quote:
Originally Posted by newbie14 View Post
I have google about this inotify-tool it say it does monitor for file add,update etc. So in my case what help does it do.
Basically inotify allows you to watch directories and files.


Quote:
Originally Posted by newbie14 View Post
Regarding building an rpm in the case of say Ossec how difficult will it be.
To start answering that download the OSSEC .src.rpm from ART, unpack it, read the .spec file and then try 'rpmbuild -bb /path/to/ossec.spec'.


Quote:
Originally Posted by newbie14 View Post
My worries about taking the packages from unknown source and breaking the os will be another nightmare right?
Not really. ART may not be one of the core repos but seems stable and it has support so if something breaks you can ask them.
 
Old 02-06-2013, 03:04 AM   #21
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Say I install the Ossec from the Art repo and keep it into a low priority and how in future it I need to get its updates? I dont quite get you here "Disregarding warnings is a good way to fsck up, especially when installing software." Are you saying to disregard the warning? How will the inotify work and it will alert us? I will try to build the rpm and later install it via yum install ossec.rpm.
 
Old 02-06-2013, 05:05 AM   #22
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
Quote:
Originally Posted by newbie14 View Post
Say I install the Ossec from the Art repo and keep it into a low priority and how in future it I need to get its updates?
It is best if you keep related questions to the thread in question. You already got one about Yum and yum-priorities here: http://www.linuxquestions.org/questi...2/#post4883346


Quote:
Originally Posted by newbie14 View Post
I dont quite get you here "Disregarding warnings is a good way to fsck up, especially when installing software." Are you saying to disregard the warning?
No, you should investigate warnings. If you know what they mean then you can make an informed decision.


Quote:
Originally Posted by newbie14 View Post
How will the inotify work and it will alert us?
Inotify allows for real time monitoring of directories and files. OSSEC HIDS uses this to check items, see http://www.ossec.net/doc/manual/syscheck/index.html, and alert if necessary.


Quote:
Originally Posted by newbie14 View Post
I will try to build the rpm and later install it via yum install ossec.rpm.
Getting the RPM to build a package is meant as an exercise. I did not suggest you install it. That would be inefficient (ART already provides it), inconvenient (having to check for updates outside of Yum) and make you responsible for building the package for your system.
 
Old 02-06-2013, 06:44 AM   #23
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Ok I will keep the yum and yum-priority to the said thread. Thus inotify will be the input to Ossec to send out the alerts according can I say that correctly?
 
Old 02-06-2013, 06:56 AM   #24
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
Yes. OSSEC HIDS uses inotify. And as long as everything is installed and configured properly that's all.
 
Old 02-06-2013, 07:00 AM   #25
newbie14
Member
 
Registered: Sep 2011
Posts: 620

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Thank you for the confirmation and I have marked this solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Regding OSSEC vamsi_k Linux - Software 0 05-04-2012 04:38 AM
Future LinuxQuestions.org Code Update jeremy LQ Suggestions & Feedback 3 04-13-2012 11:48 AM
Is it possible for Update Manager to ignore future specific updates I've deselected Thane Ubuntu 4 12-08-2010 03:45 PM
Microsoft at a Crossroads: Future Trend-Setter or Future Pariah? acrossad General 6 02-27-2009 01:44 PM
OSSEC report - is this OKAy? Old_Fogie Linux - Security 7 10-23-2006 06:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration