Latest ossec builds not building
Peter M Abraham
I've tried to install / upgrade the latest ossec builds (retrieved
using hg clone) on several CentOS agents with little success.
Making os_auth ***
make[1]: Entering directory `/usr/local/src/ossec-hids/src/os_auth'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DCLIENT -
DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DXML_VAR=\"var\"
-DOSSECHIDS main-server.c ssl.c ../addagent/validate.c ../config/
lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/
os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/
libz.a -lssl -lcrypto -o ossec-authd
/usr/bin/ld: cannot find -lssl
collect2: ld returned 1 exit status
make[1]: *** [auth1] Error 1
make[1]: Leaving directory `/usr/local/src/ossec-hids/src/os_auth'
Error Making os_auth
make: *** [all] Error 1
Error 0x5.
Building error. Unable to finish the installation.
How can I fix the above?
Thank you.
dan (ddp)
Install the openssl/libssl development package?
> /usr/bin/ld: cannot find -lssl
Peter M Abraham
Would just openssl-devel work?
If not, what contains libssl development?
Thank you.
dan (ddp)
I think some distros call it libssl-dev or something like that which
is why I mentioned it.
Peter M Abraham
The openssl-devel helped on several agents.
However, on one agent where that library was already installed, the
installation only gets as far as the below:
*** Making syscheckd ***
make[1]: Entering directory `/usr/local/src/ossec-hids/src/syscheckd'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DCLIENT -
DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-syscheckd\" -DXML_VAR=
\"var\" -DOSSECHIDS syscheck.c config.c seechanges.c run_realtime.c
create_db.c run_check.c ../config/lib_config.a ../rootcheck/
rootcheck_lib.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/
os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-
syscheckd
run_realtime.c:40:25: sys/inotify.h: No such file or directory
run_realtime.c: In function `realtime_start':
run_realtime.c:136: warning: implicit declaration of function
`inotify_init'
run_realtime.c: In function `realtime_adddir':
run_realtime.c:167: warning: implicit declaration of function
`inotify_add_watch'
run_realtime.c:169: error: `IN_MODIFY' undeclared (first use in this
function)
run_realtime.c:169: error: (Each undeclared identifier is reported
only once
run_realtime.c:169: error: for each function it appears in.)
run_realtime.c:169: error: `IN_ATTRIB' undeclared (first use in this
function)
run_realtime.c:169: error: `IN_MOVED_TO' undeclared (first use in this
function)
run_realtime.c:169: error: `IN_DELETE' undeclared (first use in this
function)
run_realtime.c:169: error: `IN_MOVED_FROM' undeclared (first use in
this function)
run_realtime.c: In function `realtime_process':
run_realtime.c:207: error: invalid application of `sizeof' to
incomplete type `inotify_event'
run_realtime.c:210: error: invalid application of `sizeof' to
incomplete type `inotify_event'
run_realtime.c:213: error: invalid application of `sizeof' to
incomplete type `inotify_event'
run_realtime.c:224: error: dereferencing pointer to incomplete type
run_realtime.c:232: error: dereferencing pointer to incomplete type
run_realtime.c:236: error: dereferencing pointer to incomplete type
run_realtime.c:240: error: invalid application of `sizeof' to
incomplete type `inotify_event'
run_realtime.c:240: error: dereferencing pointer to incomplete type
make[1]: *** [syscheck] Error 1
make[1]: Leaving directory `/usr/local/src/ossec-hids/src/syscheckd'
Error Making syscheckd
make: *** [all] Error 1
Error 0x5.
Building error. Unable to finish the installation.
How can I fix the above?
The agent is running CentOS 4.9.
Thank you.
dan (ddp)
<peter....@dynamicnet.net> wrote:
> Hi Dan:
>
> The openssl-devel helped on several agents.
>
> However, on one agent where that library was already installed, the
> installation only gets as far as the below:
>
>
> *** Making syscheckd ***
>
> make[1]: Entering directory `/usr/local/src/ossec-hids/src/syscheckd'
> gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DCLIENT -
> DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-syscheckd\" -DXML_VAR=
> \"var\" -DOSSECHIDS syscheck.c config.c seechanges.c run_realtime.c
> create_db.c run_check.c ../config/lib_config.a ../rootcheck/
> rootcheck_lib.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/
> os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-
> syscheckd
> run_realtime.c:40:25: sys/inotify.h: No such file or directory
Centos 4.9 might not have inotify support. You can definitely try to
install it though.
Andreas Piesk
> run_realtime.c:40:25: sys/inotify.h: No such file or directory
are the inotify header files installed on that machine?
regards,
-ap
Peter M Abraham
1. I thought the installer was self contained installing what it
needs. Am I incorrect/
2. How do I install inotify?
Thank you.
dan (ddp)
<peter....@dynamicnet.net> wrote:
> Good day:
>
> 1. I thought the installer was self contained installing what it
> needs. Am I incorrect/
>
No, you are not. There are a number of external dependencies that are
much too complex for OSSEC to install for you (like gcc and make).
> 2. How do I install inotify?
>
I asked around and CentOS 4.9 does not appear to support inotify. If
it did, you'd find it with yum. It's time to start digging around the
ossec install.sh script to figure out why it thought inotify support
was available. Testing will be difficult for most people since I don't
know anyone that keeps a CentOS that old around.
> Thank you.
Andreas Piesk
>
> 2. How do I install inotify?
>
on Centos5 the header files are in package kernel-headers:
# yum provides /usr/include/linux/inotify.h
kernel-headers-2.6.18-274.12.1.el5.x86_64 : Header files for the Linux kernel for use by glibc
Repo : installed
Matched from:
Other : Provides-match: /usr/include/linux/inotify.h
regards,
-ap