I've recently installed OSSEC. I did not had any problems during installation. It also seems to be running. But... I'm having problem to edit ossec.conf file in /var/ossec/etc directory. The file is read-only and thus no changes allowed to be made, no matter with privileges I have while doing it. I've not tried to chmod the file (yet ) in order to alter access permissions and to make it writable since I have a feeling this would be a wrong way of doing things. To me it looks like a kind of hacking a good security system, something similar to logging in as root instead of using sudo in Ubuntu. Am i wrong here and removing read-only attribute is the only way to go? Or another OSSEC specific way does exists?
i would think the file would be owned by the root / wheel group so you need to be root user or SU to have access rights to edit that file
Here is output of ls -la: Code: vitorio@homedir:~$ sudo ls -la /var/ossec/etc/ossec.conf -r--r----- 1 root ossec 5928 2008-03-04 16:34 /var/ossec/etc/ossec.conf To make my previous post clearer... I certainly gained root privileges before attempting to edit the file. I actually did it different ways: Code: gksudo gedit/vim /var/ossec/etc/ossec.conf and Code: sudo -s root:# gedit/vim /var/ossec/etc/ossec.conf In gedit I just had Save button disabled, vim reported an error attempting to modify a read-only file and gave up. But this behavior is natural - file as you can see above is indeed read-only after installation. So, my question was, am I trying to invent the wheel and to change the file attributes to read/write is the way to go, or there is some specific OSSEC way to handle it?
Run Code: chmod 640 /var/ossec/etc/ossec.conf Then edit it, save your changes, and run Code: chmod 440 /var/ossec/etc/ossec.conf
"Run Code: chmod 640 /var/ossec/etc/ossec.conf Then edit it, save your changes, and run Code: chmod 440 /var/ossec/etc/ossec.conf" This does not work either. I am not allowed to save the configuration changes. I had to use gksudo leafpad /etc/nsm/ossec/ossec.conf