Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Make buildable again with new OS base image. #6

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

[WIP] Make buildable again with new OS base image. #6

wants to merge 1 commit into from

Conversation

Leopere
Copy link

@Leopere Leopere commented Feb 28, 2022

Requires Buildkit to reduce container layers.
export DOCKER_BUILDKIT=1 # or configure in daemon.json
export COMPOSE_DOCKER_CLI_BUILD=1

root@ossec2:~/ossec-docker|master⚡ ⇒  docker-compose up -d
Creating ossec-docker_ossec_1 ... done
root@ossec2:~/ossec-docker|master⚡ ⇒  docker-compose logs -f
Attaching to ossec-docker_ossec_1
ossec_1  | Installing etc
ossec_1  | Installing rules
ossec_1  | Installing logs
ossec_1  | Installing stats
ossec_1  | Installing queue
ossec_1  | Starting ossec-authd...
ossec_1  | Bulk load file: /var/ossec/default_agent
ossec_1  | Opening: [/var/ossec/default_agent]
ossec_1  | Agent information:
ossec_1  |    ID:001
ossec_1  |    Name:DEFAULT_LOCAL_AGENT
ossec_1  |    IP Address:127.0.0.1
ossec_1  |
ossec_1  | Agent added with ID 001.
ossec_1  | Starting OSSEC HIDS 3.6.0...
ossec_1  | Started ossec-maild...
ossec_1  | Started ossec-execd...
ossec_1  | Started ossec-analysisd...
ossec_1  | 2022/02/28 05:31:33 ossec-logcollector(1905): INFO: No file configured to monitor.
ossec_1  | Started ossec-logcollector...
ossec_1  | Started ossec-remoted...
ossec_1  | Started ossec-syscheckd...
ossec_1  | Started ossec-monitord...
ossec_1  | Completed.
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: INFO: Ignoring file: '/var/ossec/active-response/ossec-hids-responses.log'
ossec_1  | 2022/02/28 05:31:34 ERROR: Cannot unlink file /queue/ossec/queue: No such file or directory
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: INFO: Started (pid: 63).
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: logstat: Unable to create stat queue: /stats/weekly-average
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: ERROR: Cannot unlink file /logs/archives/archives.log: No such file or directory
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: ERROR: Cannot unlink file /logs/alerts/alerts.log: No such file or directory
ossec_1  | 2022/02/28 05:31:34 ossec-analysisd: ERROR: Cannot unlink file /logs/firewall/firewall.log: No such file or directory
ossec_1  | 2022/02/28 05:31:34 ossec-remoted(4111): INFO: Maximum number of agents allowed: '16384'.
ossec_1  | 2022/02/28 05:31:34 ossec-remoted(1410): INFO: Reading authentication keys file.
ossec_1  | 2022/02/28 05:31:34 ossec-monitord: INFO: Started (pid: 82).
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Started (pid: 78).
ossec_1  | 2022/02/28 05:31:38 ossec-rootcheck: INFO: Started (pid: 78).
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/active-response', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/etc', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/var/ossec/agentless', with options perm | size | owner | group | md5sum | sha1sum | realtime | report_changes.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/lib64', with options perm | size | owner | group | md5sum | sha1sum | realtime.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum | realtime.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/tmp'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/queue'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/logs'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/stats'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/var'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/etc/rules.d'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/mnttab'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/grsec/learning.logs'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/utmpx'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/wtmpx'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/httpd/modsecurity.d/'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs/'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/httpd/domlogs/'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/vfilters/'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/bin/.process_list'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/etc/prelink.cache'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: ignoring: '/var/ossec/active-response/ossec-hids-responses.log'
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/etc'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/active-response'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/etc'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/var/ossec/agentless'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/bin'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/lib64'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/sbin'.
ossec_1  | 2022/02/28 05:31:38 ossec-syscheckd: INFO: Directory set for real time monitoring: '/usr/bin'.
ossec_1  | 2022/02/28 05:31:39 ossec-logcollector: INFO: Started (pid: 68).
ossec_1  | 2022/02/28 05:32:40 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
ossec_1  | 2022/02/28 05:32:40 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
ossec_1  | 2022/02/28 05:32:40 ossec-syscheckd: INFO: Initializing real time file monitoring (not started).
ossec_1  | 2022/02/28 05:32:48 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/alternatives/unversioned-python-man' to '/var/ossec/queue/diff/local/etc/alternatives/unversioned-python-man/last-entry' due to [(2)-(No such file or directory)].
ossec_1  | 2022/02/28 05:33:01 ossec-syscheckd(1124): ERROR: Could not rename file '/etc/systemd/system/syslog.service' to '/var/ossec/queue/diff/local/etc/systemd/system/syslog.service/last-entry' due to [(2)-(No such file or directory)].

This is the current state of this build. I've never run OSSEC before I'm just looking to get a container based install without having to use a monolitic VM.

@Leopere
Make buildable again with new OS base image.
9c053f6 
Requires Buildkit to reduce container layers.
export DOCKER_BUILDKIT=1 # or configure in daemon.json
export COMPOSE_DOCKER_CLI_BUILD=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Leopere