I can verify the problem with Ubuntu 14.04.According to the syscheck docs libmagic is optionally used with report_changes (if found on the system). I haven't checked the source code yet to see what exactly the ramifications are, but according to the docs:
http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/ "Report Changes"If OSSEC has not been compiled with libmagic support, report_changes will copy any file designated, e.g. mp3, iso, executable, /chroot/dev/urandom (which would fill your hard drive). So unless libmagic is used, be very carefull
on which directory you enable report_changes.
On 7/21/2015 12:22 AM, theresa mic-snare wrote:
Hi James,I'm not the expert here, but I just had a quick look in the docs... I'm not sure if this is possible or even supported.I couldn't find any reference to libmagic Have you checked? http://ossec-docs.readthedocs.org/en/latest/development/build/makefile.htmlOut of curiosity, what whould OSSEC be capable of doing with ligmagic support other than recognizing file formats (which it usually does) ?!best, theresa Am Montag, 20. Juli 2015 21:27:30 UTC+2 schrieb James Edwards: Hi All, I'm trying to compile OSSEC on Ubuntu 14.04 with libmagic support and I keep running into the following error when compiling syscheck (same error running Makeall as well): [root@hostname]/tmp/ossec-hids-2.8.2/src/syscheckd# makecc -g -Wall -I../ -I../headers -DUSEINOTIFY -DUSE_MAGIC -DARGV0=\"ossec-syscheckd\" -DOSSECHIDS -lmagic syscheck.cconfig.c seechanges.c run_realtime.c create_db.c run_check.c ../config/lib_config.a ../rootcheck/rootcheck_lib.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-syscheckd /tmp/cc9nExX5.o: In function `init_magic': /tmp/ossec-hids-2.8.2/src/syscheckd/syscheck.c:43: undefined reference to `magic_open' /tmp/ossec-hids-2.8.2/src/syscheckd/syscheck.c:47: undefined reference to `magic_error' /tmp/ossec-hids-2.8.2/src/syscheckd/syscheck.c:50: undefined reference to `magic_load' /tmp/ossec-hids-2.8.2/src/syscheckd/syscheck.c:52: undefined reference to `magic_error' /tmp/ossec-hids-2.8.2/src/syscheckd/syscheck.c:54: undefined reference to `magic_close' /tmp/ccLsn7RT.o: In function `is_text': /tmp/ossec-hids-2.8.2/src/syscheckd/seechanges.c:24: undefined reference to `magic_buffer' /tmp/ossec-hids-2.8.2/src/syscheckd/seechanges.c:28: undefined reference to `magic_error' collect2: error: ld returned 1 exit status make: *** [syscheck] Error 1 libmagic-dev 5.14-2ubuntu3.3 is installed and I see the following magic.h header files: /usr/include/linux/magic.h /usr/include/magic.h Any advice on how to resolve this? Thanks, James -- ---You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com <mailto:ossec-list+unsubscr...@googlegroups.com>.For more options, visit https://groups.google.com/d/optout.
----- You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
