Release schedule

[mark van de giessen]

Dear,

Is there like a schedule as to when new versions are released of Ossec?

How does this process work?

I'm debating whether it is worth compiling my own agent from source (which probably takes me quite some time, as i've never done this) versus waiting for a newer version.

Any help is appreciated.

Sincerely,

Mark

[SternData]

The compile, on my system, is about 4 minutes.

After you untar the file, it's simply a matter of

sudo ./install.sh

--
-- Steve

[mark van de giessen]

Welp, perhaps my system is misconfigured, i dont know.

But.. when trying to compile following Ossec's /docs/manual/installation/compile-ossec-mingw.html i'm getting all sorts of errors (yes, i'm trying to compile for windows)

 

[dan (ddp)]

I don't think there were any changes to the Windows side of things in
the latest releases.
Knowing what errors you're getting could help.

>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[mark van de giessen]

Hi Dan,

Perhaps i can elaborate.

So we're trying to further our implementation, but cannot apply our desired "client-server" model where the config is managed in a centralized place (I.E the server) due to issue #1207.

I have confirmed this is in fact the issue (no idea why this wasn't included in 2.9.2, but oke.)

Therefore, i want to apply the patch manually, and compile it myself. 

This is where the heart of my question was.

To answer yours.

When compiling the 2.9.2 source with the winagent target i'm getting an error in randombytes.c, speficically:

shared/randombytes.c: In function 'randombytes':

shared/randombytes.c:17: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'prov'

shared/randombytes.c:17: error: 'prov' undeclared (first use in this function)

shared/randombytes.c:17: error: (Each undeclared identifier is reported only once

shared/randombytes.c:17: error: for each function it appears in.)

shared/randombytes.c:19: warning: implicit declaration of function 'CryptAcquireContext'

shared/randombytes.c:19: error: 'PROV_RSA_FULL' undeclared (first use in this function)

shared/randombytes.c:23: warning: implicit declaration of function 'CryptGenRandom'

make[1]: *** [shared/randombytes.o] Error 1

make[1]: Leaving directory `/myhomedir/ossec-hids-2.9.2/src'

make: *** [winagent] Error 2

I haven't messed around in the source code, other than adding the binary parameter to the fopen function. I dont think there lies the cause of this error.

Perhaps you could provide some insights, any help is appreciated ofcourse.

Kind Regards,

Mark

Op donderdag 9 november 2017 14:46:31 UTC+1 schreef dan (ddpbsd):

[dan (ddp)]

On Fri, Nov 10, 2017 at 2:09 AM, mark van de giessen
<mgie...@gmail.com> wrote:
> Hi Dan,
>
> Perhaps i can elaborate.
> So we're trying to further our implementation, but cannot apply our desired
> "client-server" model where the config is managed in a centralized place
> (I.E the server) due to issue #1207.
> I have confirmed this is in fact the issue (no idea why this wasn't included
> in 2.9.2, but oke.)
>

It got missed, and nobody who uses Windows agents noticed.
It's a serious problem that I need to work on.

What distribution are you compiling this on? I was able to compile
MASTER on an Ubuntu 16.04 container without any issues.
2.9.2 just finished compiling as well, Here is a list of packages I installed:
ddp@win32:~$ dpkg --list | grep -i ming
ii binutils-mingw-w64-i686 2.26-3ubuntu1+6.6
amd64 Cross-binutils for Win32 (x86) using MinGW-w64
ii binutils-mingw-w64-x86-64 2.26-3ubuntu1+6.6
amd64 Cross-binutils for Win64 (x64) using MinGW-w64
ii g++-mingw-w64 5.3.1-8ubuntu3+17
all GNU C++ compiler for MinGW-w64
ii g++-mingw-w64-i686 5.3.1-8ubuntu3+17
amd64 GNU C++ compiler for MinGW-w64 targeting Win32
ii g++-mingw-w64-x86-64 5.3.1-8ubuntu3+17
amd64 GNU C++ compiler for MinGW-w64 targeting Win64
ii gcc-mingw-w64 5.3.1-8ubuntu3+17
all GNU C compiler for MinGW-w64
ii gcc-mingw-w64-base 5.3.1-8ubuntu3+17
amd64 GNU Compiler Collection for MinGW-w64 (base
package)
ii gcc-mingw-w64-i686 5.3.1-8ubuntu3+17
amd64 GNU C compiler for MinGW-w64 targeting Win32
ii gcc-mingw-w64-x86-64 5.3.1-8ubuntu3+17
amd64 GNU C compiler for MinGW-w64 targeting Win64
ii gfortran-mingw-w64 5.3.1-8ubuntu3+17
all GNU Fortran compiler for MinGW-w64
ii gfortran-mingw-w64-i686 5.3.1-8ubuntu3+17
amd64 GNU Fortran compiler for MinGW-w64 targeting
Win32
ii gfortran-mingw-w64-x86-64 5.3.1-8ubuntu3+17
amd64 GNU Fortran compiler for MinGW-w64 targeting
Win64
ii gnat-mingw-w64 5.3.1-3ubuntu1+16
all GNU Ada compiler for MinGW-w64
ii gnat-mingw-w64-base 5.3.1-3ubuntu1+16
amd64 GNU Ada compiler for MinGW-w64 (base package)
ii gnat-mingw-w64-i686 5.3.1-3ubuntu1+16
amd64 GNU Ada compiler for MinGW-w64 targeting Win32
ii gnat-mingw-w64-x86-64 5.3.1-3ubuntu1+16
amd64 GNU Ada compiler for MinGW-w64 targeting Win64
ii mingw-w64 4.0.4-2
all Development environment targeting 32- and 64-bit
Windows
ii mingw-w64-common 4.0.4-2
all Common files for Mingw-w64
ii mingw-w64-i686-dev 4.0.4-2
all Development files for MinGW-w64 targeting Win32
ii mingw-w64-tools 4.0.4-2
amd64 Development tools for 32- and 64-bit Windows
ii mingw-w64-x86-64-dev 4.0.4-2
all Development files for MinGW-w64 targeting Win64

I tried weeding out some of the ones you obviously don't need, but
there are a few still in there (fortran).
I also installed make, build-essential, and libssl-dev.

[mark van de giessen]

Hi Dan, 

Thank you for your assistance.

I was trying to compile on a somewhat locked down Red Hat distribution, seemingly missing some of the dependencies.

I spun up a Ubuntu 16.04 machine and was able to compile MASTER (Why 2.9.2 when i can have all the improvements.. Right.) without too much effort after installing the libs you've mentioned.

Again, thank you for your help!

Sincerely,

Mark