libc6-dev is already installed and when i try to upgrade, i get the error:
5- Installing the system
- Running the Makefile
INFO: Little endian set.
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
make[1]: Entering directory `/root/ossec-hids-2.8.1/src/external'
cd zlib-1.2.8/; ./configure; make libz.a;
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.8 with gcc.
Checking for off64_t... No.
Checking for fseeko... No.
Checking for strerror... No.
Checking for unistd.h... No.
Checking for stdarg.h... Yes.
Checking whether to use vs[n]printf() or s[n]printf()... using s[n]printf().
Checking for snprintf() in stdio.h... No.
WARNING: snprintf() not found, falling back to sprintf(). zlib
can build but will be open to possible buffer-overflow security
vulnerabilities.
Checking for return value of sprintf()... No.
WARNING: apparently sprintf() does not return a value. zlib
can build but will be open to possible string-format security
vulnerabilities.
Checking for attribute(visibility) support... Yes.
make[2]: Entering directory `/root/ossec-hids-2.8.1/src/external/zlib-1.2.8'
gcc -O3 -DNO_FSEEKO -DNO_STRERROR -DNO_snprintf -DHAS_sprintf_void
-DHAVE_HIDDE
N -c -o adler32.o adler32.c
In file included from /usr/include/limits.h:25:0,
from
/usr/lib/gcc/x86_64-linux-gnu/4.8/include-fixed/limits.h:1
68,
from
/usr/lib/gcc/x86_64-linux-gnu/4.8/include-fixed/syslimits.
h:7,
from
/usr/lib/gcc/x86_64-linux-gnu/4.8/include-fixed/limits.h:3
4,
from zconf.h:395,
from zlib.h:34,
from zutil.h:22,
from adler32.c:8:
/usr/include/features.h:374:25: fatal error: sys/cdefs.h: No such file or
direct
ory
# include <sys/cdefs.h>
^
compilation terminated.
make[2]: *** [adler32.o] Error 1
make[2]: Leaving directory `/root/ossec-hids-2.8.1/src/external/zlib-1.2.8'
make[1]: *** [libz.a] Error 2
make[1]: Leaving directory `/root/ossec-hids-2.8.1/src/external'
Error Making zlib
make: *** [all] Error 1
Error 0x5.
Building error. Unable to finish the installation.
On Tuesday, February 24, 2015 at 6:58:31 PM UTC-5, dan (ddpbsd) wrote:
>
>
> On Feb 24, 2015 6:48 PM, "'C0nfus1i0n' via ossec-list" <
> [email protected] <javascript:>> wrote:
> >
> > ossec.log only shows that one set of errors (posted in my previous
> reply).
> >
> > Output of `/var/ossec/bin/ossec-logtest -t`:
> >
> > 2015/02/24 18:39:06 ossec-testrule: INFO: Reading local decoder file.
> >
>
> Try an upgrade installation.
>
> > On Tuesday, February 24, 2015 at 4:12:57 PM UTC-5, dan (ddpbsd) wrote:
> >>
> >>
> >> On Feb 24, 2015 4:06 PM, "'C0nfus1i0n' via ossec-list" <
> [email protected]> wrote:
> >> >
> >> > The current error is:
> >> >
> >> > 2015/02/24 15:50:18 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:18 ossec-rootcheck(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:24 ossec-logcollector(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:24 ossec-logcollector(1211): ERROR: Unable to access
> queue: '/var/ossec/queue/ossec/queue'. Giving up..
> >> > 2015/02/24 15:50:26 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:26 ossec-rootcheck(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:39 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >> > 2015/02/24 15:50:39 ossec-rootcheck(1211): ERROR: Unable to access
> queue: '/var/ossec/queue/ossec/queue'. Giving up..
> >> >
> >> > The permissions of /var/ossec/queue/ossec/queue are:
> >> >
> >> > root@server:~# ls -al /var/ossec/queue/ossec/queue
> >> > total 8
> >> > drwxr-x--- 2 ossec ossec 4096 Feb 23 22:23 .
> >> > drwxrwx--- 3 ossec ossec 4096 Feb 23 22:23 ..
> >> >
> >> > The output of /var/ossec/bin/ossec-control status is:
> >> >
> >> > ossec-monitord not running...
> >> > ossec-logcollector: Process 59577 not used by ossec, removing ..
> >> > ossec-logcollector not running...
> >> > ossec-remoted not running...
> >> > ossec-syscheckd not running...
> >> > ossec-analysisd: Process 59573 not used by ossec, removing ..
> >> > ossec-analysisd not running...
> >> > ossec-maild not running...
> >> > ossec-execd is running...
> >> >
> >>
> >> Ok, so it looks like your processes aren't starting up properly. Did
> you check the ossec.log?
> >> Run: `/var/ossec/bin/ossec-logtest -t`
> >>
> >> >
> >> > On Tuesday, February 24, 2015 at 8:39:58 AM UTC-5, dan (ddpbsd) wrote:
> >> >>
> >> >> On Mon, Feb 23, 2015 at 11:13 PM, 'C0nfus1i0n' via ossec-list
> >> >> <[email protected]> wrote:
> >> >> > I managed to get rid of the other error messages. Now only the
> first few
> >> >> > remain. Here's my ossec.log:
> >> >> >
> >> >>
> >> >> You've posted a couple of messages with errors, which ones are
> giving
> >> >> you issues now?
> >> >> What are the permissions of /var/ossec/queue/ossec/queue?
> >> >> If you run `/var/ossec/bin/ossec-control status` what is the output?
> >> >>
> >> >> > 2015/02/23 23:09:57 ossec-execd(1314): INFO: Shutdown received.
> Deleting
> >> >> > responses.
> >> >> > 2015/02/23 23:09:57 ossec-execd(1225): INFO: SIGNAL Received. Exit
> >> >> > Cleaning...
> >> >> > 2015/02/23 23:09:58 ossec-testrule: INFO: Reading local decoder
> file.
> >> >> > 2015/02/23 23:09:58 ossec-testrule: INFO: Started (pid: 15869).
> >> >> > 2015/02/23 23:09:58 ossec-execd: INFO: Started (pid: 15892).
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading local decoder
> file.
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'rules_config.xml'
> >> >> > 2015/02/23 23:09:58 ossec-remoted: INFO: Started (pid: 15904).
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'pam_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from:
> '127.0.0.1'
> >> >> > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from:
> >> >> > '192.95.30.10'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'sshd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'telnetd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'syslog_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'arpwatch_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'symantec-av_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'symantec-ws_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'pix_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'named_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'smbd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'vsftpd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'pure-ftpd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'proftpd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ms_ftpd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ftpd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'hordeimp_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'roundcube_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'wordpress_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'cimserver_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'vpopmail_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'vmpop3d_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'courier_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'web_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'web_appsec_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'apache_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'nginx_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'php_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'mysql_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'postgresql_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ids_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'squid_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'firewall_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'cisco-ios_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'netscreenfw_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'sonicwall_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'postfix_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'sendmail_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'imapd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'mailscanner_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'dovecot_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ms-exchange_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'racoon_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'vpn_concentrator_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'spamd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'msauth_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'mcafee_av_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'trend-osce_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ms-se_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'zeus_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'solaris_bsm_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'vmware_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ms_dhcp_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'asterisk_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'ossec_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'attack_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'openbsd_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'clam_av_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'dropbear_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file:
> >> >> > 'local_rules.xml'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Total rules enabled:
> '1310'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/mtab'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/mnttab'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/hosts.deny'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > '/etc/mail/statistics'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/random-seed'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/adjtime'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/httpd/logs'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/utmpx'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/wtmpx'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/cups/certs'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> '/etc/dumpdates'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > '/etc/svc/volatile'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/System32/LogFiles'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> 'C:\WINDOWS/Debug'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/WindowsUpdate.log'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/iis6.log'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/system32/wbem/Logs'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/system32/wbem/Repository'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/Prefetch'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/SoftwareDistribution'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> 'C:\WINDOWS/Temp'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/system32/config'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/system32/spool'
> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file:
> >> >> > 'C:\WINDOWS/system32/CatRoot'
> >> >> > 2015/02/23 23:10:01 ossec-syscheckd(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:01 ossec-rootcheck(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:07 ossec-logcollector(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:07 ossec-logcollector(1211): ERROR: Unable to
> access queue:
> >> >> > '/var/ossec/queue/ossec/queue'. Giving up..
> >> >> > 2015/02/23 23:10:09 ossec-syscheckd(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:09 ossec-rootcheck(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:22 ossec-syscheckd(1210): ERROR: Queue
> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection
> refused'.
> >> >> > 2015/02/23 23:10:22 ossec-rootcheck(1211): ERROR: Unable to access
> queue:
> >> >> > '/var/ossec/queue/ossec/queue'. Giving up..
> >> >> >
> >> >> > On Monday, February 23, 2015 at 9:48:45 PM UTC-5, C0nfus1i0n
> wrote:
> >> >> >>
> >> >> >> I restored from an even older backup and OSSEC is back, except i
> can't get
> >> >> >> it to start. Here's what happens when i restart its daemon:
> >> >> >>
> >> >> >> 2015/02/23 21:03:22 ossec-syscheckd(1210): ERROR: Queue
> >> >> >> '/var/ossec/queue/ossec/
> >> >> >> queue' not accessible: 'Queue not found'.
> >> >> >> 2015/02/23 21:03:37 ossec-rootcheck(1210): ERROR: Queue
> >> >> >> '/var/ossec/queue/ossec/
> >> >> >> queue' not accessible: 'No such file or directory'.
> >> >> >> 2015/02/23 21:03:48 ossec-syscheckd(1210): ERROR: Queue
> >> >> >> '/var/ossec/queue/ossec/
> >> >> >> queue' not accessible: 'Queue not found'.
> >> >> >> 2015/02/23 21:04:03 ossec-rootcheck(1210): ERROR: Queue
> >> >> >> '/var/ossec/queue/ossec/
> >> >> >> queue' not accessible: 'No such file or directory'.
> >> >> >>
> >> >> >> How do i fix that?
> >> >> >
> >> >> > --
> >> >> >
> >> >> > ---
> >> >> > You received this message because you are subscribed to the Google
> Groups
> >> >> > "ossec-list" group.
> >> >> > To unsubscribe from this group and stop receiving emails from it,
> send an
> >> >> > email to [email protected].
> >> >> > For more options, visit https://groups.google.com/d/optout.
> >> >
> >> > --
> >> >
> >> > ---
> >> > You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an email to [email protected].
> >> > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
