Bug 248656 - security/wazuh-agent: ossec-syscheckd fails to run due to missing directory: ERROR: Couldn't create SQLite database
Summary: security/wazuh-agent: ossec-syscheckd fails to run due to missing directory: ...
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords: needs-patch, needs-qa
Depends on:
Blocks:
 
Reported: 2020-08-14 13:24 UTC by Felipe Zipitria
Modified: 2020-08-26 10:01 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (m.muenz)
koobs: merge-quarterly?


Attachments
fix folder (1.24 KB, patch)
2020-08-26 10:01 UTC, Michael Muenz
m.muenz: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Felipe Zipitria 2020-08-14 13:24:57 UTC
root@<myhost>:/var/ossec # tail logs/ossec.log 
2020/08/13 12:59:22 ossec-syscheckd: INFO: (6206): Ignore 'file' entry '/var/ossec/var'
2020/08/13 12:59:22 ossec-syscheckd: INFO: (6206): Ignore 'file' entry '/var/ossec/tmp'
2020/08/13 12:59:22 ossec-syscheckd: INFO: (6206): Ignore 'file' entry '/var/ossec/stats'
2020/08/13 12:59:22 ossec-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$'
2020/08/13 12:59:22 ossec-syscheckd: ERROR: Couldn't create SQLite database '/var/ossec/queue/fim/db/fim.db': unable to open database file
2020/08/13 12:59:22 ossec-syscheckd: CRITICAL: (6698): Creating Data Structure: sqlite3 db. Exiting.
2020/08/13 12:59:51 ossec-agentd: INFO: Agent is restarting due to shared configuration changes.
2020/08/13 12:59:52 ossec-agentd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2020/08/13 12:59:52 ossec-execd: INFO: (1314): Shutdown received. Deleting responses.
2020/08/13 12:59:52 ossec-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...

Creating the directory solves this problem:

mkdir -p /var/ossec/queue/fim/db
chown -R ossec:ossec /var/ossec/queue/fim

So I guess this could be done by the package itself. Will send a patch.
Comment 1 Michael Muenz 2020-08-22 13:46:05 UTC
Dear Felipe,

Thanks for your report, I was on vacation.
Do you plan to send a patch or shall I fix this in Makefile?

Best,
Michael
Comment 2 Michael Muenz 2020-08-26 10:01:41 UTC
Created attachment 217535 [details]
fix folder

Enclosed a patch for the reported error