Solved Help with file permission

Hello,

I finally managed to get my ossec server running.
The last thing left is to get the ossec webui working.
At the moment when I got to my ossec URL, I get the folowing:
Code:
Unable to access ossec directory.
Here is my setup:
ossec server is in Host_ip: 192.168.1.185
ossec agent and webui is in Jail_ip: 192.168.1.125

As ossec webui reads data from server's /usr/local/ossec-hids directory on the host, I have to mounted it into my jail.
mount_nullfs -o rw /usr/local/ossec-hids /jails/webjail/usr/local/ossec-hids/ossecServer
I then changed the mountpoint ownership to www using chown www:www ossecServer

All the webui file are in /www/mydomain_com/ossec/ossec-wui-0.8 directory on the jail
I set chown -R www:www ossec-wui-0.8

On the FreeBSD jail and the FreeBSD host I also added the ossec user to the www group pw usermod ossec -G www

On the jail I also changed the /www/mydomain_com/ossec/ossec-wui-0.8/ossec_conf.php so that it uses the mount point:
Code:
/* Ossec directory */
$ossec_dir="/usr/local/ossec-hids/ossecServer";
cd /www/mydomain_com/ossec/ossec-wui-0.8
Code:
ls -la
total 298
drwxr-xr-x  8 www  www     20 Dec 30 11:44 .
drwxr-x---  3 www  www      3 Dec 29 09:37 ..
-rw-r--r--  1 www  www    147 Nov 13  2013 .hg_archival.txt
-rw-r--r--  1 www  www     46 Nov 13  2013 .hgtags
-rw-r--r--  1 www  www    302 Dec 30 10:57 .htaccess
-rw-r-----  1 www  www     43 Dec 29 11:51 .htpasswd
-rwxr-xr-x  1 www  www    317 Nov 13  2013 CONTRIB
-rw-r--r--  1 www  www  35745 Nov 13  2013 LICENSE
-rw-r--r--  1 www  www   1422 Nov 13  2013 README
-rw-r--r--  1 www  www    923 Nov 13  2013 README.search
drwxr-xr-x  3 www  www      5 Nov 13  2013 css
-rw-r--r--  1 www  www    218 Nov 13  2013 htaccess_def.txt
drwxr-xr-x  2 www  www     10 Nov 13  2013 img
-rwxr-xr-x  1 www  www   5177 Nov 13  2013 index.php
drwxr-xr-x  2 www  www      7 Nov 13  2013 js
drwxr-xr-x  3 www  www     14 Dec 29 10:04 lib
-rw-r--r--  1 www  www    484 Dec 30 10:59 ossec_conf.php
-rwxr-xr-x  1 www  www   2237 Nov 13  2013 setup.sh
drwxr-xr-x  2 www  www     12 Dec 29 10:04 site
drw-rw-rw-  2 www  www      3 Dec 29 10:04 tmp
cd /usr/local/ossec-hids/ossecServer
Code:
ls -la
total 163
dr-xr-x---  13 www    www    13 Dec 30 09:10 .
dr-xr-x---  11 root   ossec  11 Dec 30 10:48 ..
dr-xr-x---   2 root   ossec   2 Oct  7 14:59 .ssh
dr-xr-x---   3 root   ossec   3 Oct  7 14:59 active-response
dr-xr-x---   2 root   ossec  14 Oct  7 14:59 agentless
dr-xr-x---   2 root   ossec  30 Nov 28 16:45 bin
dr-xr-x---   3 root   ossec  10 Dec 30 09:50 etc
drwxr-x---   5 ossec  ossec   7 Dec 19 23:09 logs
dr-xr-x---  11 ossec  ossec  11 Oct  7 14:59 queue
dr-xr-x---   2 root   ossec  63 Oct  7 14:59 rules
drwxr-x---   5 ossec  ossec   5 Oct  7 14:59 stats
drwxrwx---   2 ossec  www     2 Oct  7 14:59 tmp
dr-xr-x---   3 root   ossec   3 Dec 29 21:41 var

I know that the error that I get is due to permission issue but I must be missing something here.

Here is the error in the web server log
Code:
193.128.224.45|Tue 30 Dec 2014 12:07:10 +0000|/www/mydomain_com/ossec/ossec-wui-0.8/index.php|PHP message: PHP Warning:  opendir(/usr/local/ossec-hids/ossecServer/): failed to open dir: Permission denied in /www/mydomain_com/ossec/ossec-wui-0.8/lib/os_lib_handle.php on line 94
Could someone help me spot the problem?

I don't know if this is relevant but I use /www/hiawatha web server
 
The problem, according to the error message, is obviously related to
/usr/local/ossec-hids/ossecServer/
. And according to the information above that directory is owned by the www user but doesn't have write permissions.

So that's where I'd start looking. It sounds a bit off to require such permissions, but even so...

Also, just to rule everything out; what are the permissions for /usr/local/ossec-hids on the host?

So far the permission bits.

When looking over the thread I also think the problem could be related to the place in which you mounted stuff. Look at the nullfs mount you mentioned:

Code:
 mount_nullfs -o rw /usr/local/ossec-hids /jails/webjail/usr/local/ossec-hids/ossecServer

Now, I don't know anything about this software, but wouldn't it make more sense to use the following: # mount_nullfs -o rw /usr/local/ossec-hids /jails/webjail/usr/local/ossec-hids?

Because it seems to me as if you're also changing default path locations by mounting the whole directory under a new subdirectory (the ossecServer server part) yet without mentioning that you also anticipated in the software for this new location (well, either that or I missed it).
 
Hi ShelLuser,
I know this was a very stupid mistake. Did a chmod 755 ossecServer and my problem is gone.:)

Just to answer your question, the /jails/webjail/usr/local/ossec-hids directory already exist and contain all the ossec agent files.
This is why I created a sub directory in that location.

The ossec webui requires direct access to the ossec installation which is really not very good but hey.

To have a bit more security I only mount the volume when I want to access the web interface and it is restricted by IP address.

Thank you for your help :)
 
Back
Top