Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear Unspawn,
Thank you for this command. The issue now back to Ossec so what is your advice which path should I take now install from source or from the repo?
How about EPEL actually is also a third part repo which centos does not take responsibility?
Red Hat does the whole Quality Assurance thing on their Enterprise Linux packages and CentOS is binary compatible with RHEL. At http://wiki.centos.org/AdditionalResources/Repositories you can read CentOS' assessment of available 3rd party repositories like EPEL and RPMForge.
Quote:
Originally Posted by newbie14
I have run this code lsof -Pwln -a +D/var/lib/rpm and nothing comes out.
OK but remember that if it is a process that accesses the RPMDB at intervals it may not keep files open all the time.
Quote:
Originally Posted by newbie14
So back to my OSSEC what should I do now I am stuck where should I take it from original source or ART?
Install the inotify-tools package from EPEL, then try installing OSSEC HIDS from ART again?
Quote:
Originally Posted by newbie14
what is your advice which path should I take now install from source or from the repo?
I'll draw you a quick decision tree: if the original source contains known fixes or features you need the RPM doesn't provide (compare version number and Change log) then you could build an RPM from the original source or install from source, elif the original source is equal to the RPM then you could install the RPM or install from source. (Using RPMs means packages are tracked by the package management system you use so checking for and installing upgrades should be (usually and relatively) efficient and free of problems. Installing a package means bypassing the package management system and additionally (if you have no spare machine to compile on) having to install compilers, development libraries, etc, etc that should not exist on a production machine.) My approach is to use ready-made packages as much as possible and only create packages when fixes or features dictate necessity.
Dear Unspawn,
Ok I will look carefully into EPEL and RPMForge. So how confirm on this "process that accesses the RPMDB at intervals" ? I have tried to install the inotify-tools and below is the message. I went and install even with the warning.
I have google about this inotify-tool it say it does monitor for file add,update etc. So in my case what help does it do.
Regarding building an rpm in the case of say Ossec how difficult will it be. My worries about taking the packages from unknown source and breaking the os will be another nightmare right? Maybe to add on your decision tree take the rpm from known and reliable sources.
I have tried to install the inotify-tools and below is the message. I went and install even with the warning.
Disregarding warnings is a good way to fsck up, especially when installing software. Luckily this time it was only about the RPMDB missing the EPEL GPG key which it consequently retrieved.
Quote:
Originally Posted by newbie14
I have google about this inotify-tool it say it does monitor for file add,update etc. So in my case what help does it do.
Basically inotify allows you to watch directories and files.
Quote:
Originally Posted by newbie14
Regarding building an rpm in the case of say Ossec how difficult will it be.
To start answering that download the OSSEC .src.rpm from ART, unpack it, read the .spec file and then try 'rpmbuild -bb /path/to/ossec.spec'.
Quote:
Originally Posted by newbie14
My worries about taking the packages from unknown source and breaking the os will be another nightmare right?
Not really. ART may not be one of the core repos but seems stable and it has support so if something breaks you can ask them.
Dear Unspawn,
Say I install the Ossec from the Art repo and keep it into a low priority and how in future it I need to get its updates? I dont quite get you here "Disregarding warnings is a good way to fsck up, especially when installing software." Are you saying to disregard the warning? How will the inotify work and it will alert us? I will try to build the rpm and later install it via yum install ossec.rpm.
I dont quite get you here "Disregarding warnings is a good way to fsck up, especially when installing software." Are you saying to disregard the warning?
No, you should investigate warnings. If you know what they mean then you can make an informed decision.
I will try to build the rpm and later install it via yum install ossec.rpm.
Getting the RPM to build a package is meant as an exercise. I did not suggest you install it. That would be inefficient (ART already provides it), inconvenient (having to check for updates outside of Yum) and make you responsible for building the package for your system.
Dear Unspawn,
Ok I will keep the yum and yum-priority to the said thread. Thus inotify will be the input to Ossec to send out the alerts according can I say that correctly?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.