Dear Unspawn,
Thank you for this command. The issue now back to Ossec so what is your advice which path should I take now install from source or from the repo?

Red Hat does the whole Quality Assurance thing on their Enterprise Linux packages and CentOS is binary compatible with RHEL. At http://wiki.centos.org/AdditionalResources/Repositories you can read CentOS' assessment of available 3rd party repositories like EPEL and RPMForge.


OK but remember that if it is a process that accesses the RPMDB at intervals it may not keep files open all the time.


Install the inotify-tools package from EPEL, then try installing OSSEC HIDS from ART again?


I'll draw you a quick decision tree: if the original source contains known fixes or features you need the RPM doesn't provide (compare version number and Change log) then you could build an RPM from the original source or install from source, elif the original source is equal to the RPM then you could install the RPM or install from source. (Using RPMs means packages are tracked by the package management system you use so checking for and installing upgrades should be (usually and relatively) efficient and free of problems. Installing a package means bypassing the package management system and additionally (if you have no spare machine to compile on) having to install compilers, development libraries, etc, etc that should not exist on a production machine.) My approach is to use ready-made packages as much as possible and only create packages when fixes or features dictate necessity.

Dear Unspawn,
Ok I will look carefully into EPEL and RPMForge. So how confirm on this "process that accesses the RPMDB at intervals" ? I have tried to install the inotify-tools and below is the message. I went and install even with the warning.
I have google about this inotify-tool it say it does monitor for file add,update etc. So in my case what help does it do.

Regarding building an rpm in the case of say Ossec how difficult will it be. My worries about taking the packages from unknown source and breaking the os will be another nightmare right? Maybe to add on your decision tree take the rpm from known and reliable sources.

Dear Unspawn,
Any update with regards to my previous post as just to confirm things and I am on the right path. Thank you.

Let's see...


I'm not if favor of duplicate issues and you seem to have a thread already for that issue here: http://www.linuxquestions.org/questi...um-4175444067/


Disregarding warnings is a good way to fsck up, especially when installing software. Luckily this time it was only about the RPMDB missing the EPEL GPG key which it consequently retrieved.


Basically inotify allows you to watch directories and files.


To start answering that download the OSSEC .src.rpm from ART, unpack it, read the .spec file and then try 'rpmbuild -bb /path/to/ossec.spec'.


Not really. ART may not be one of the core repos but seems stable and it has support so if something breaks you can ask them.

Dear Unspawn,
Say I install the Ossec from the Art repo and keep it into a low priority and how in future it I need to get its updates? I dont quite get you here "Disregarding warnings is a good way to fsck up, especially when installing software." Are you saying to disregard the warning? How will the inotify work and it will alert us? I will try to build the rpm and later install it via yum install ossec.rpm.

It is best if you keep related questions to the thread in question. You already got one about Yum and yum-priorities here: http://www.linuxquestions.org/questi...2/#post4883346


No, you should investigate warnings. If you know what they mean then you can make an informed decision.


Inotify allows for real time monitoring of directories and files. OSSEC HIDS uses this to check items, see http://www.ossec.net/doc/manual/syscheck/index.html, and alert if necessary.


Getting the RPM to build a package is meant as an exercise. I did not suggest you install it. That would be inefficient (ART already provides it), inconvenient (having to check for updates outside of Yum) and make you responsible for building the package for your system.

Dear Unspawn,
Ok I will keep the yum and yum-priority to the said thread. Thus inotify will be the input to Ossec to send out the alerts according can I say that correctly?

Yes. OSSEC HIDS uses inotify. And as long as everything is installed and configured properly that's all.

Dear Unspawn,
Thank you for the confirmation and I have marked this solved.