Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ossec-hids-authd not starting #1368

Open
shivam99aa opened this issue Feb 21, 2018 · 10 comments
Open

ossec-hids-authd not starting #1368

shivam99aa opened this issue Feb 21, 2018 · 10 comments
Labels
package Issues with OSSEC packages

Comments

@shivam99aa
Copy link

shivam99aa commented Feb 21, 2018
edited

I am trying to start ossec-hids-authd using systemctl but it is not starting. It just hangs when I try to run

sudo /etc/init.d/ossec-hids-authd start
Starting ossec-hids-authd (via systemctl):

When I try to show status after killing the above command it shows this

sudo /etc/init.d/ossec-hids-authd status
● ossec-hids-authd.service - LSB: Authentication Daemon for OSSEC-HIDS.
Loaded: loaded (/etc/rc.d/init.d/ossec-hids-authd; bad; vendor preset: disabled)
Active: activating (start) since Wed 2018-02-21 14:57:38 UTC; 4min 53s ago
Docs: man:systemd-sysv-generator(8)
CGroup: /system.slice/ossec-hids-authd.service
└─7966 /var/ossec/bin/ossec-authd -p 1515

Feb 21 14:57:38 ip-10-0-196-113.ec2.internal systemd[1]: Starting LSB: Authentication Daemon for OSSEC-HIDS....
Feb 21 14:57:38 ip-10-0-196-113.ec2.internal ossec-hids-authd[7960]: [39B blob data]
Feb 21 14:57:38 ip-10-0-196-113.ec2.internal systemd[1]: PID file /var/run/ossec-authd.pid not readable (yet?) after start.
Feb 21 14:57:38 ip-10-0-196-113.ec2.internal ossec-hids-authd[7960]: 2018/02/21 14:57:38 ossec-authd: INFO: Started (pid: 7966).
@ddpbsd
Copy link
Member

ddpbsd commented Feb 21, 2018

And it's not running after that? Nothing listening on port 1515?
Which version of OSSEC?

@shivam99aa
Copy link
Author

ossec 2.9.3.
When I do ps -ef|grep ossec then I can see ossec running but systemctl keep on failing which is an issue. So my ansible scripts are dying due to this.

@ddpbsd
Copy link
Member

ddpbsd commented Feb 21, 2018

I'll have to try and figure out how systemctl is trying to run authd. It's not really built to be a long-running daemon or anything.

@shivam99aa
Copy link
Author

But if I want to register agents automatically without user involvement then I suppose authd is the solution.

@shivam99aa
Copy link
Author

So if I understand correctly ossec-authd is getting started correctly but it is not generating any pid file due to which systemd is failing as it cannot find any pid file.

@shivam99aa
Copy link
Author

From more debugging I understand that ossec-authd is creating pid file in /var/ossec/var/run/ while systemctl is searching for it in /var/run thus failing.

@shivam99aa
Copy link
Author

@ddpbsd This line present in the init script for ossec-hids-authd is causing the issue
# pidfile: /var/run/ossec-authd.pid

This makes systemd to think that pid file is present here, please remove this in your next release. After removing this line I was able to run ossec-hids-auth perfectly from init script.

@the6thBook
Copy link

I had add:
PIDFILE=ossec-authd.pid

to get it to work.

@steowens
Copy link

none of these solutions works for me. How hard is it to write a SystemD service file anyhow?

@steowens
Copy link

Solved.
Edit the init.d script as follows:

Change: # pidfile: /var/ossec/var/run/ossec-authd.pid
To: #### pidfile: /var/ossec/var/run/ossec-authd.pid

Add: PIDFILE=/var/ossec/var/run/ossec-authd.pid
below: PIDDIR=/var/ossec/var/run

@ddpbsd ddpbsd added the package Issues with OSSEC packages label Nov 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
package Issues with OSSEC packages
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@steowens @shivam99aa @ddpbsd @the6thBook