Skip to content

Mounting a custom ossec.conf fails #1

@laukaichung

Description

@laukaichung

I tried to use a docker-compose file to install ossec-docker, but I ran into a problem of replacing the original ossec.conf with my own one:

version: '3.4'

services:
  ossec:
    container_name: ossec
    image: atomicorp/ossec-docker
    restart: alway
    volumes:
      - ./ossec.conf:/var/ossec/data/etc/ossec.conf
    ports:
      - "1514:1514/udp"
      - "1515:1515/tcp"

It seems that the ossec-server.sh doesn't install anything in /var/ossec/data/etc when the custom conf already sits in /var/ossec/data/etc . Is there a way to use a custom ossec.conf?

Here's the log:

ossec    | Installing rules <<=== missing Installing etc
ossec    | Installing logs
ossec    | Installing stats
ossec    | Installing queue
ossec    | Bulk load file: /var/ossec/default_agent
ossec    | Opening: [/var/ossec/default_agent]
ossec    | Agent information:
ossec    |    ID:001
ossec    |    Name:DEFAULT_LOCAL_AGENT
ossec    |    IP Address:127.0.0.1
ossec    | 
ossec    | Agent added.
ossec    | Starting OSSEC HIDS 2.9.2 (by Trend Micro Inc.)...
ossec    | OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
ossec    | 2018/02/05 06:23:35 ossec-authd: INFO: Started (pid: 21).
ossec    | 2018/02/05 06:23:35 getaddrinfo: Name or service not known
ossec    | 2018/02/05 06:23:35 ossec-authd: Unable to bind to port 1515
ossec    | 2018/02/05 06:23:52 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XMLERR: File 'etc/decoder.xml' not found. (line 203).
ossec    | 2018/02/05 06:23:52 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions