I’m trying to set up OSSEC on a CemtOS 6.5 server. This is to be installed as an agent, not a server or local instance. The package successfully installed and I created the clients.key file, but when I try to start the daemon I receive the error
error: queue not accessible (/var/ossec/etc/queue/ossec) connection refused
The log file is of no help. I’ve never worked with OSSEC and unfortunately the documentation seems weak.
After googling this for a bit, most of the people with this issue have some permissions incorrectly set. I don’t think that’s the case for me though because I 777’d everything in the OSSEC directory structure and made sure all files and dirs were owned by the ossec user.
In my research, some times the problem is caused by errors in the rules file. To my knowledge, I don’t have a rules file. Maybe that’s the issue?
I also opened UDP ports 514 and 1514 for both inbound and outbound traffic. I didn’t know to do this at first, but in reading the documentation I think this is necessary in order to communicate with the OSSEC server.
Any help is greatly appreciated.
a technology that can detect and prevent computer systems from
intrusions in real time. Learn about the different types of IPSs,
how they work,
and why they are better than traditional firewalls. This article discusses Snort, OSSEC, and
Suricata, three popular
free or open-source IPSs.