So I tested installing OSSEC on CentOS 6 running with Parallels Plesk. There are some tutorials for this (even though the installation is straight forward using the Atomic repo which should be disabled afterwards).
Still after setting up the WUI I go this ‘unable to access directory’ error. Of course I added the user apache to the ossec group so that means there is a different problem. Checking the logfiles (located under each vhost by default and not under /var/logs/httpd) I found out that it’s a PHP configuration problem:
[Wed Jan 29 09:29:21 2014] [warn] [client 192.168.0.200] mod_fcgid: stderr: PHP Warning: opendir(/var/ossec): failed to open dir: Operation not permitted in /var/www/vhosts/mydomain.com/httpdocs/ossec-wui/lib/os_lib_handle.php on line 94
So that meant logging back into Parallels Plesk and modifying the PHP settings under your vhost – just add :/var/ossec if using the default install dir. But that still didn’t help. Manually checking the written vhost config file turned out that the new setting wasn’t to be found. So what is the problem? Well for some reason Parallels runs PHP not as an Apache Modul but with FastCGI and that basically ignores all PHP settings you do in the webinterface!
So go back to ‘Website Scripting and Security’ and chose to run PHP as Apache Module and voila, now your custom PHP settings are there and it works.