OSSEC 3.3.0 Install CentOS 8

61 views
Skip to first unread message

Natassia M Stelmaszek

unread,
Dec 2, 2019, 3:07:23 PM12/2/19
to ossec-list
Bad Installation Package???

I'm trying to build a new machine that includes OSSEC 3.3.0.  When I run the install.sh, use default responses for a local installation, it gives me the following error.

sudo ./install.sh

 

- Running the Makefile

cc  -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DZLIB_SYSTEM -I./external/pcre2-10.32//install/include/ -DPCRE2_STATIC -DUSE_PCRE2_JIT -DLIBOPENSSL_ENABLED -DLOCAL -Wall -Wextra -I./ -I./headers/ -c external/cJSON/cJSON.c -o external/cJSON/cJSON.o

ar -crs libcJSON.a external/cJSON/cJSON.o

ranlib libcJSON.a

cd external/pcre2-10.32/ && \

./configure \

        --prefix=/home/stelmn/ossec-hids-3.3.0/src/external/pcre2-10.32//install \

        --enable-jit \

        --disable-shared \

        --enable-static && \

make install-libLTLIBRARIES install-nodist_includeHEADERS

/bin/sh: line 0: cd: external/pcre2-10.32/: No such file or directory

make: *** [Makefile:770: external/pcre2-10.32//install/lib/libpcre2-8.a] Error 1

 

 Error 0x5.

 Building error. Unable to finish the installation.

 

I've verified that kernel-headers are installed, tried two different machines and even tried updating an OSSEC installation on a CentOS 7 machine but I keep getting the same failure.  It appears that the script is looking for pcre2 in the src directory but it doesn't exist.


$ pwd
/home/stelmn/Downloads/ossec-hids-3.3.0/src/external
$ ls
cJSON  lua  lua-5.2.3  zlib-1.2.11

Is something missing from the download file or am I overlooking something?

Natassia

dan (ddp)

unread,
Dec 2, 2019, 3:32:25 PM12/2/19
to ossec...@googlegroups.com
On Mon, Dec 2, 2019 at 3:07 PM Natassia M Stelmaszek <ste...@uw.edu> wrote:
Bad Installation Package???

I'm trying to build a new machine that includes OSSEC 3.3.0.  When I run the install.sh, use default responses for a local installation, it gives me the following error.

sudo ./install.sh

 

- Running the Makefile

cc  -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DZLIB_SYSTEM -I./external/pcre2-10.32//install/include/ -DPCRE2_STATIC -DUSE_PCRE2_JIT -DLIBOPENSSL_ENABLED -DLOCAL -Wall -Wextra -I./ -I./headers/ -c external/cJSON/cJSON.c -o external/cJSON/cJSON.o

ar -crs libcJSON.a external/cJSON/cJSON.o

ranlib libcJSON.a

cd external/pcre2-10.32/ && \

./configure \

        --prefix=/home/stelmn/ossec-hids-3.3.0/src/external/pcre2-10.32//install \

        --enable-jit \

        --disable-shared \

        --enable-static && \

make install-libLTLIBRARIES install-nodist_includeHEADERS

/bin/sh: line 0: cd: external/pcre2-10.32/: No such file or directory

make: *** [Makefile:770: external/pcre2-10.32//install/lib/libpcre2-8.a] Error 1

 


With that version of ossec you need to untar the pcre2 source in the above directory. Or you can install the devel package and set PCRE2_SYSTEM=y


 Error 0x5.

 Building error. Unable to finish the installation.

 

I've verified that kernel-headers are installed, tried two different machines and even tried updating an OSSEC installation on a CentOS 7 machine but I keep getting the same failure.  It appears that the script is looking for pcre2 in the src directory but it doesn't exist.


$ pwd
/home/stelmn/Downloads/ossec-hids-3.3.0/src/external
$ ls
cJSON  lua  lua-5.2.3  zlib-1.2.11

Is something missing from the download file or am I overlooking something?

Natassia

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/07cf4c14-2480-48a7-b19f-b698d9c66fd2%40googlegroups.com.

Natassia S

unread,
Dec 2, 2019, 3:56:20 PM12/2/19
to ossec...@googlegroups.com
Everything came out of 3.3.0.tar.gz

I compared the contents and the same directory for 2.8.3 also has no pcre2 but it has a Makefile.  On a whim I put a copy of the 2.8.3 Makefile in the 3.3.0 folder and got the same error.

Natassia

To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMrX0oCpx%2BAJ7v5rLpV_YgrChWHBKqidrWqOjksoi3Zk4g%40mail.gmail.com.

dan (ddp)

unread,
Dec 2, 2019, 4:25:07 PM12/2/19
to ossec...@googlegroups.com
On Mon, Dec 2, 2019 at 3:56 PM Natassia S <ste...@uw.edu> wrote:
Everything came out of 3.3.0.tar.gz

I compared the contents and the same directory for 2.8.3 also has no pcre2 but it has a Makefile.  On a whim I put a copy of the 2.8.3 Makefile in the 3.3.0 folder and got the same error.

The 2.8.3 Makefile would probably add more issues.

Natassia S

unread,
Dec 2, 2019, 4:35:44 PM12/2/19
to ossec...@googlegroups.com
Yeah, I got rid of the copy that I made.

I was able to install 2.8.3 on my new CentOS 8 machine.  :)

Natassia


To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMp9u3bmCK-Z-YNcNsrpbSeGyJLYxhVqGuDa6uedBuBbjA%40mail.gmail.com.

dan (ddp)

unread,
Dec 23, 2019, 8:13:13 AM12/23/19
to ossec...@googlegroups.com
Just a heads up, but that's a very old version. And it's not one I
imagine a lot of people want to support at this point.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAFN5h2%2B_azc8zbwiRG%2B9Z4gYVtpScvHm-2-H2GNO6P7RYhN0nw%40mail.gmail.com.

Natassia M Stelmaszek

unread,
Dec 31, 2019, 2:16:05 PM12/31/19
to ossec-list
Dan,

I'm sorry that I didn't respond sooner but I had to devote time to other projects.

So it looks like I was right, this is a defective (or perhaps deficient would be more accurate) package.  In order to get it to compile I had to download the source code from pcre.org and expand it into the directory where the install.sh script expected it to be.


cp pcre2-10.32.tar.gz ~/ossec-hids-3.3.0/src/external/

cd ~/ossec-hids-3.3.0/src/external/

tar -xvf pcre2-10.32.tar.gz

It seems like someone should think about rebuilding the gzip file that is offered for download on the OSSEC web site.


Natassia

Natassia M Stelmaszek

unread,
Dec 31, 2019, 2:37:45 PM12/31/19
to ossec-list
Oh silly me!  I realize now that I foolishly assumed that the documentation linked from the ? official ? web site www.ossec.net would be accurate and current.  If any of you were unlucky enough to make the same mistake I refer you to:  https://ossec-documentation.readthedocs.io/en/latest/index.html

Natassia

dan (ddp)

unread,
Dec 31, 2019, 4:24:53 PM12/31/19
to ossec...@googlegroups.com
That was one of the 2 solutions I provided in my original email.



Natassia

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.

Natassia M Stelmaszek

unread,
Dec 31, 2019, 4:43:10 PM12/31/19
to ossec-list
I understand that, it's just that your original post was a little... concise.  As a non-developer/newbie it took me a little while to understand the where and the how.  I just fleshed it out for other non-ossec veterans.  If I sounded upset with you I apologize.  I was feeling misled by the "Documentation" link on ossec.net which took me to the 1.0 documentation which didn't mention anything about additional pre-requisites.

Thanks for your help!

Natassia

On Tuesday, December 31, 2019 at 1:24:53 PM UTC-8, dan (ddpbsd) wrote:
On Tue, Dec 31, 2019 at 2:16 PM Natassia M Stelmaszek <ste...@uw.edu> wrote:
Dan,

I'm sorry that I didn't respond sooner but I had to devote time to other projects.

So it looks like I was right, this is a defective (or perhaps deficient would be more accurate) package.  In order to get it to compile I had to download the source code from pcre.org and expand it into the directory where the install.sh script expected it to be.


cp pcre2-10.32.tar.gz ~/ossec-hids-3.3.0/src/external/

cd ~/ossec-hids-3.3.0/src/external/

tar -xvf pcre2-10.32.tar.gz

It seems like someone should think about rebuilding the gzip file that is offered for download on the OSSEC web site.


That was one of the 2 solutions I provided in my original email.



Natassia

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages