Black CryptoKnight wrote:
I think when the smoothwall and IPCop guys are doing their mods, many do
their builds on a Redhat system with similar kernel etc. to the
Smoothwall or IPCop systems (on which these distros are based) then
transfer the binaries to the smoothwall or IPCop environment. Maybe that
could work with OSSEC as well I think. There is a procedure for doing
"binary installs" of OSSEC detailed on the wiki -
http://www.ossec.net/wiki/index.php/Know_How:Binary_Install
If you could get RedHat system setup with similar kernel version to that
of the IPCop system then you could give that approach a shot.
Thanks for the response. I actually first tried to compile it on my
Ubuntu Edgy system and copy over the /var/ossec directory. I had
problems with GLIBC being too recent on Edgy, so I figured I'd try a
direct compile.
I agree that not compiling on a production system is a best-practice,
however I believe the risk to be low, particularly if the build
environment is removed afterwards. I didn't even know about the binary
install option. From the link you provided, I found all kinds of good
stuff on the Wiki which I had missed before. Perhaps there should be
direct links from the front page.
I suppose a CentOS III machine might work. It has a similar Kernel
version and older binaries. There should be a VMWare image out there.
I'll give that a shot.
