[ossec-list] Solaris Compilation - Visibility
Hi, We also have the agent compilation issue on the Solaris platform with the 2.8.3 version of code. How can we fix the "Checking for attribute(visibility) support... No"? For time being we updated the lua* conf updated to remove the warning message, however the below warning are still showing up. *** Making zlib (by Jean-loup Gailly and Mark Adler) *** cd zlib-1.2.8/; ./configure; make libz.a; Checking for shared library support... Building shared library libz.so.1.2.8 with /usr/sfw/bin/gcc. Checking for off64_t... Yes. Checking for fseeko... Yes. Checking for strerror... Yes. Checking for unistd.h... Yes. Checking for stdarg.h... Yes. Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf(). Checking for vsnprintf() in stdio.h... Yes. Checking for return value of vsnprintf()... Yes. Checking for attribute(visibility) support... No. *** Making monitord *** /usr/sfw/bin/gcc -g -Wall -I../ -I../headers -DCLIENT -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-monitord\" -DOSSECHIDS -lsocket -lnsl -lresolv compress_log.c main.c manage_files.c monitor_agents.c monitord.c sign_log.c generate_reports.c ../os_maild/sendcustomemail.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-monitord generate_reports.c: In function `generate_reports': generate_reports.c:59: warning: int format, pid_t arg (arg 4) /usr/sfw/bin/gcc -g -Wall -I../ -I../headers -DCLIENT -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-monitord\" -DOSSECHIDS -lsocket -lnsl -lresolv -UARGV0 -DARGV0=\"ossec-reportd\" report.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-reportd *** Making os_auth *** /usr/sfw/bin/gcc -g -Wall -I../ -I../headers -DCLIENT -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-authd\" -DOSSECHIDS -lsocket -lnsl -lresolv main-server.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o ossec-authd main-server.c: In function `ssl_error': main-server.c:53: warning: passing arg 1 of `SSL_get_error' discards qualifiers from pointer target type /usr/sfw/bin/gcc -g -Wall -I../ -I../headers -DCLIENT -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-authd\" -DOSSECHIDS -lsocket -lnsl -lresolv main-client.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o agent-auth If any one can shower some light on this, that will be great. Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Warning during compilations Server
Thanks Dan. Let me check with the new code and see. On 19 July 2016 at 23:27, dan (ddp) wrote: > On Tue, Jul 19, 2016 at 1:32 PM, Kumar Mg wrote: > > Hi > > > > We are getting these message during compilation and not sure if any code > > update is required for the rename_ex function in src/shared/file_op.c. > > > > I don't see any issues with it in the current source. I don't have > 2.8.3 handy to check that. > > > Compiling on CentOS 7 for OSSEC 2.8.3 version. > > > > > > *** Making shared *** > > > > > > > > make[1]: Entering directory `/OSSECSRC/src/shared' > > > > cc -c -g -Wall -I../ -I../headers -DUSE_OPENSSL -DUSEINOTIFY > > -DMAX_AGENTS=512 -DARGV0=\"shared-libs\" -DOSSECHIDS *.c > > > > file_op.c: In function 'rename_ex': > > > > file_op.c:660:9: warning: too many arguments for format > > [-Wformat-extra-args] > > > > ); > > > > ^ > > > > ar cru lib_shared.a *.o > > > > ranlib lib_shared.a > > > > make[1]: Leaving directory `/OSSECSRC/src/shared' > > > > > > > > Thanks > > Kumar > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Warning during compilations Server
Hi We are getting these message during compilation and not sure if any code update is required for the rename_ex function in src/shared/file_op.c. Compiling on CentOS 7 for OSSEC 2.8.3 version. *** Making shared *** make[1]: Entering directory `/OSSECSRC/src/shared' cc -c -g -Wall -I../ -I../headers -DUSE_OPENSSL -DUSEINOTIFY -DMAX_AGENTS=512 -DARGV0=\"shared-libs\" -DOSSECHIDS *.c file_op.c: In function 'rename_ex': file_op.c:660:9: warning: too many arguments for format [-Wformat-extra-args] ); ^ ar cru lib_shared.a *.o ranlib lib_shared.a make[1]: Leaving directory `/OSSECSRC/src/shared' Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] DB schema
Hi all, We have a requirement like increasing the description data type from varchar 255 to higher value. Is it advisable to do this change or we need to limit ourway description field with in 255 char? CREATE TABLE signature ( id SERIAL NOT NULL, rule_id INT8 NOT NULL UNIQUE, level INT4, description VARCHAR(255)NOT NULL, PRIMARY KEY (id) ); Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: inode changes for syscheck
Hi Dan, I am referring to have inode alerts similar way we have the MD5 alerts from syscheck. Thanks Kumar On Thursday, 30 June 2016, dan (ddp) wrote: > > On Jun 29, 2016 4:24 PM, "Kumar Mg" > wrote: > > > > Hi, > > > > Is there a way we can have Syscheck to alert the inode changes > separately. > > > > > > Is there a rule specifically for inode changes? If so, it should be easy > (depending on what you mean exactly). > > > Thanks > > Kumar > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com > > . > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com > > . > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] inode changes for syscheck
Hi, Is there a way we can have Syscheck to alert the inode changes separately. Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: OSSEC logfile file missing alert
Hi Jesus, We are getting all other messages being alerted via 1002. All WARN/ERROR/INFO messages from the agent being alerted at level 2 - like the syscheck files/directory not found. About 900 alerts were triggered in small time frame and 30 duplicates. Not sure if we messed the decoding and rules set. Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: OSSEC logfile file missing alert
Thanks Dan. We were abke to get the alert for error message, however this started alerting for all other messages under rule 1002 - Unknown problem somewhere in the system. On Tuesday, 31 May 2016, dan (ddp) wrote: > On Tue, May 31, 2016 at 9:02 AM, Kumar Mg > > wrote: > > Hi, > > > > > > We have some logfiles which do not exists in ossec agent machine. Is > there a > > way to receive alerts in such case? > > > > These are the missing information i see in agent ossec.log > > > > ./ossec/logs/ > > > > # grep ERROR ossec.log > > > > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file > > '/var/log/httpd/access_log'. > > > > 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file > > '/var/log/httpd/error_log'. > > > > You want alerts for OSSEC configurations that try to watch > non-existent log files? > Configure OSSEC to monitor ossec.log, and create rules to watch for > those log messages. > > > > > Thanks > > > > Kumar > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com . > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC logfile file missing alert
Hi, We have some logfiles which do not exists in ossec agent machine. Is there a way to receive alerts in such case? These are the missing information i see in agent ossec.log ./ossec/logs/ # grep ERROR ossec.log 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file '/var/log/httpd/access_log'. 2016/05/29 08:23:33 ossec-logcollector(1103): ERROR: Unable to open file '/var/log/httpd/error_log'. Thanks Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Windows Agent Compilation
Thank you Pedro. I have been looking at getting it worked on RHEL, however our local repo or packages provided by the vendor do not have the mingw 32/64. May be i am getting a wrong repo configured which don't fetch these. Let me give it a try again. Regards Kumar On Friday, 15 April 2016, Pedro S wrote: > Hi Kumar, > > Creating the windows installer from Linux SO is easy, I have been doing > that for months, try to take a look into this documentation: > http://documentation.wazuh.com/en/latest/ossec_installation_win.html in > *"Compiling > from sources"* section. > > You will need: > > CentOS: > $ yum install gcc-c++ gcc scons mingw32-gcc mingw64-gcc zlib-devel bzip2 > unzip > > Debian: > $ apt-get install gcc-mingw-w64 $ apt-get install nsis $ apt-get install > make > > Regards, > > Pedro S. > > > > On Thursday, April 14, 2016 at 3:06:16 PM UTC+2, Kumar Mg wrote: >> >> Thank you Victor. >> >> >> We tried with both 2.8.2 as well as the 2.8.3 version. But both were >> throwing error for make. >> >> The changes were made as suggested, however there were some errors and >> not sure if all the executables were created. >> >> These are the only exe files under src\win-pkg >> >> >> 04/14/2016 05:30 AM 139,059 add-localfile.exe >> >> 04/14/2016 05:30 AM 376,910 manage_agents.exe >> >> 04/14/2016 05:26 AM17,920 ossec-lua.exe >> >> 04/14/2016 05:26 AM 333,565 ossec-luac.exe >> >> 04/14/2016 05:30 AM 141,048 os_win32ui.exe >> >> 04/14/2016 05:30 AM 142,606 setup-iis.exe >> >> 04/14/2016 05:30 AM 159,043 setup-syscheck.exe >> >>7 File(s) 1,310,151 bytes >> >> >> These were the error we got while make. >> >> C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s >> >> rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-agent" -Wall >> -DARGV0=\"ossec-agent\ >> >> " -DCLIENT -DWIN32 -DOSSECHIDS icon.o os_regex/*.c os_net/*.c os_xml/*.c >> zlib-1. >> >> 2.8/*.c config/*.c shared/*.c os_execd/*.c os_crypto/blowfish/*.c >> os_crypto/md5/ >> >> *.c os_crypto/sha1/*.c os_crypto/md5_sha1/*.c os_crypto/shared/*.c >> rootcheck/*.c >> >> *.c -I. -Iheaders/ -lwsock32 >> >> rootcheck/win-common.c: In function '__os_winreg_querykey': >> >> rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but >> not us >> >> ed [-Wunused-but-set-variable] >> >> TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; >> >>^ >> >> In file included from run_realtime.c:45:0: >> >> headers/shared.h:181:0: warning: "os_calloc" redefined >> >> #define os_calloc(x,y,z) ((z = calloc(x,y)))?(void)1:ErrorExit(MEM_ERROR, >> ARGV0 >> >> ) >> >> ^ >> >> run_realtime.c:29:0: note: this is the location of the previous definition >> >> #define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, >> ARGV0) >> >> ^ >> >> In file included from run_realtime.c:45:0: >> >> headers/shared.h:183:0: warning: "os_strdup" redefined >> >> #define os_strdup(x,y) ((y = strdup(x)))?(void)1:ErrorExit(MEM_ERROR, >> ARGV0) >> >> ^ >> >> run_realtime.c:30:0: note: this is the location of the previous definition >> >> #define os_strdup(x,y) (y = strdup(x))?(void)1:ErrorExit(MEM_ERROR, ARGV0) >> >> ^ >> >> C:\Users\ADMINI~1\AppData\Local\Temp\cccRUZbH.o:file_op.c:(.text+0x9e6): >> undefin >> >> ed reference to `_imp__PathFindFileNameA@4' >> >> collect2.exe: error: ld returned 1 exit status >> >> >> >> >> C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s >> >> rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-rootcheck" -Wall >> -DARGV0=\"ossec-ro >> >> otcheck\" -DCLIENT -DWIN32 icon.o os_regex/*.c os_net/*.c os_xml/*.c >> config/*.c >> >> shared/*.c win_service.c rootcheck/*.c -Iheaders/ -I. -lwsock32 >> >> rootcheck/rootcheck-config.c: In function 'Read_Rootcheck_Config': >> >> rootcheck/rootcheck-config.c:69:18: warning: variable 'xml_time' set but >> not use >> >> d [-Wunused-but-set-variable] >> >> const char *(xml_time[])={xml_rootcheck, "frequency", NULL};
[ossec-list] Re: Windows Agent Compilation
Thank you Victor. We tried with both 2.8.2 as well as the 2.8.3 version. But both were throwing error for make. The changes were made as suggested, however there were some errors and not sure if all the executables were created. These are the only exe files under src\win-pkg 04/14/2016 05:30 AM 139,059 add-localfile.exe 04/14/2016 05:30 AM 376,910 manage_agents.exe 04/14/2016 05:26 AM17,920 ossec-lua.exe 04/14/2016 05:26 AM 333,565 ossec-luac.exe 04/14/2016 05:30 AM 141,048 os_win32ui.exe 04/14/2016 05:30 AM 142,606 setup-iis.exe 04/14/2016 05:30 AM 159,043 setup-syscheck.exe 7 File(s) 1,310,151 bytes These were the error we got while make. C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-agent" -Wall -DARGV0=\"ossec-agent\ " -DCLIENT -DWIN32 -DOSSECHIDS icon.o os_regex/*.c os_net/*.c os_xml/*.c zlib-1. 2.8/*.c config/*.c shared/*.c os_execd/*.c os_crypto/blowfish/*.c os_crypto/md5/ *.c os_crypto/sha1/*.c os_crypto/md5_sha1/*.c os_crypto/shared/*.c rootcheck/*.c *.c -I. -Iheaders/ -lwsock32 rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ In file included from run_realtime.c:45:0: headers/shared.h:181:0: warning: "os_calloc" redefined #define os_calloc(x,y,z) ((z = calloc(x,y)))?(void)1:ErrorExit(MEM_ERROR, ARGV0 ) ^ run_realtime.c:29:0: note: this is the location of the previous definition #define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ In file included from run_realtime.c:45:0: headers/shared.h:183:0: warning: "os_strdup" redefined #define os_strdup(x,y) ((y = strdup(x)))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ run_realtime.c:30:0: note: this is the location of the previous definition #define os_strdup(x,y) (y = strdup(x))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ C:\Users\ADMINI~1\AppData\Local\Temp\cccRUZbH.o:file_op.c:(.text+0x9e6): undefin ed reference to `_imp__PathFindFileNameA@4' collect2.exe: error: ld returned 1 exit status C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-rootcheck" -Wall -DARGV0=\"ossec-ro otcheck\" -DCLIENT -DWIN32 icon.o os_regex/*.c os_net/*.c os_xml/*.c config/*.c shared/*.c win_service.c rootcheck/*.c -Iheaders/ -I. -lwsock32 rootcheck/rootcheck-config.c: In function 'Read_Rootcheck_Config': rootcheck/rootcheck-config.c:69:18: warning: variable 'xml_time' set but not use d [-Wunused-but-set-variable] const char *(xml_time[])={xml_rootcheck, "frequency", NULL}; ^ rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ C:\Users\ADMINI~1\AppData\Local\Temp\ccFt34en.o:file_op.c:(.text+0x9e6): undefin ed reference to `_imp__PathFindFileNameA@4' collect2.exe: error: ld returned 1 exit status The lua file compilation has fixed the error at the time of creating executable, but failing now with it not finding ossec-agent-eventchannel.exe at line 149 in ossec-installer.nsi. We also tried out making the package from Linux server, seems like its not able to find out the required mingw gcc compilers on them. Checking going on. Regards Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Windows Agent Compilation
Thank you Victor. We tried with both 2.8.2 as well as the 2.8.3 version. But both were throwing error for make. The changes were made as suggested, however there were some errors and not sure if all the executables were created. These are the only exe files under src\win-pkg 04/14/2016 05:30 AM 139,059 add-localfile.exe 04/14/2016 05:30 AM 376,910 manage_agents.exe 04/14/2016 05:26 AM17,920 ossec-lua.exe 04/14/2016 05:26 AM 333,565 ossec-luac.exe 04/14/2016 05:30 AM 141,048 os_win32ui.exe 04/14/2016 05:30 AM 142,606 setup-iis.exe 04/14/2016 05:30 AM 159,043 setup-syscheck.exe 7 File(s) 1,310,151 bytes These were the error we got while make. C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-agent" -Wall -DARGV0=\"ossec-agent\ " -DCLIENT -DWIN32 -DOSSECHIDS icon.o os_regex/*.c os_net/*.c os_xml/*.c zlib-1. 2.8/*.c config/*.c shared/*.c os_execd/*.c os_crypto/blowfish/*.c os_crypto/md5/ *.c os_crypto/sha1/*.c os_crypto/md5_sha1/*.c os_crypto/shared/*.c rootcheck/*.c *.c -I. -Iheaders/ -lwsock32 rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ In file included from run_realtime.c:45:0: headers/shared.h:181:0: warning: "os_calloc" redefined #define os_calloc(x,y,z) ((z = calloc(x,y)))?(void)1:ErrorExit(MEM_ERROR, ARGV0 ) ^ run_realtime.c:29:0: note: this is the location of the previous definition #define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ In file included from run_realtime.c:45:0: headers/shared.h:183:0: warning: "os_strdup" redefined #define os_strdup(x,y) ((y = strdup(x)))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ run_realtime.c:30:0: note: this is the location of the previous definition #define os_strdup(x,y) (y = strdup(x))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ C:\Users\ADMINI~1\AppData\Local\Temp\cccRUZbH.o:file_op.c:(.text+0x9e6): undefin ed reference to `_imp__PathFindFileNameA@4' collect2.exe: error: ld returned 1 exit status C:\Users\Administrator\Desktop\ossec_compile\ossec-hids-2.8.3\ossec-hids-2.8.3\s rc\win-pkg>"C:\MinGW\bin\gcc.exe" -o "ossec-rootcheck" -Wall -DARGV0=\"ossec-ro otcheck\" -DCLIENT -DWIN32 icon.o os_regex/*.c os_net/*.c os_xml/*.c config/*.c shared/*.c win_service.c rootcheck/*.c -Iheaders/ -I. -lwsock32 rootcheck/rootcheck-config.c: In function 'Read_Rootcheck_Config': rootcheck/rootcheck-config.c:69:18: warning: variable 'xml_time' set but not use d [-Wunused-but-set-variable] const char *(xml_time[])={xml_rootcheck, "frequency", NULL}; ^ rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ C:\Users\ADMINI~1\AppData\Local\Temp\ccFt34en.o:file_op.c:(.text+0x9e6): undefin ed reference to `_imp__PathFindFileNameA@4' collect2.exe: error: ld returned 1 exit status The lua file compilation has fixed the error at the time of creating executable, but failing now with it not finding ossec-agent-eventchannel.exe at line 149 in ossec-installer.nsi. We also tried out making the package from Linux server, seems like its not able to find out the required mingw gcc compilers on them. Checking going on. Regards Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Windows Agent Compilation
Hi, We are in the process of getting the OSSEC agents compiled on different platforms (UNIX and Windows). To start with we were getting the Windows agent compilation and was trying it out in the Windows 7 as well as Windows 2008 versions. Followed the steps mentioned here - http://ossec-docs.readthedocs.org/en/latest/manual/installation/compile-ossec-on-windows.html. The win-pkg folders were created and it failed with following messages at the time of make.sh. C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>make.bat C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>echo Maki ng windows agent Making windows agent C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\windres.exe" -i icofile.rc -o icon.o C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o "ossec-agent" -Wall -DARGV0=\"ossec-agent\" -DCLIENT -DWIN32 - DOSSECHIDS icon.o os_regex/*.c os_net/*.c os_xml/*.c zlib-1.2.8/*.c config/*.c s hared/*.c os_execd/*.c os_crypto/blowfish/*.c os_crypto/md5/*.c os_crypto/sha1/* .c os_crypto/md5_sha1/*.c os_crypto/shared/*.c rootcheck/*.c *.c -I. -Iheaders/ -lwsock32 rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ In file included from run_realtime.c:45:0: headers/shared.h:181:0: warning: "os_calloc" redefined #define os_calloc(x,y,z) ((z = calloc(x,y)))?(void)1:ErrorExit(MEM_ERROR, ARGV0 ) ^ run_realtime.c:29:0: note: this is the location of the previous definition #define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ In file included from run_realtime.c:45:0: headers/shared.h:183:0: warning: "os_strdup" redefined #define os_strdup(x,y) ((y = strdup(x)))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ run_realtime.c:30:0: note: this is the location of the previous definition #define os_strdup(x,y) (y = strdup(x))?(void)1:ErrorExit(MEM_ERROR, ARGV0) ^ seechanges.c: In function 'seechanges_addfile': seechanges.c:347:5: warning: implicit declaration of function 'symlink' [-Wimpli cit-function-declaration] if (symlink(old_location, old_tmp) == -1) { ^ C:\Users\ossec\AppData\Local\Temp\cc4a5eCY.o:seechanges.c:(.text+0x6f5): undefin ed reference to `symlink' C:\Users\ossec\AppData\Local\Temp\cc4a5eCY.o:seechanges.c:(.text+0x75f): undefin ed reference to `symlink' C:\Users\ossec\AppData\Local\Temp\cc4a5eCY.o:seechanges.c:(.text+0x7c9): undefin ed reference to `symlink' collect2.exe: error: ld returned 1 exit status C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o "ossec-rootcheck" -Wall -DARGV0=\"ossec-rootcheck\" -DCLIENT - DWIN32 icon.o os_regex/*.c os_net/*.c os_xml/*.c config/*.c shared/*.c win_servi ce.c rootcheck/*.c -Iheaders/ -I. -lwsock32 rootcheck/rootcheck-config.c: In function 'Read_Rootcheck_Config': rootcheck/rootcheck-config.c:69:18: warning: variable 'xml_time' set but not use d [-Wunused-but-set-variable] const char *(xml_time[])={xml_rootcheck, "frequency", NULL}; ^ rootcheck/win-common.c: In function '__os_winreg_querykey': rootcheck/win-common.c:212:11: warning: variable 'sub_key_name_b' set but not us ed [-Wunused-but-set-variable] TCHAR sub_key_name_b[MAX_KEY_LENGTH +1]; ^ C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o "manage_agents" -Wall -DARGV0=\"manage-agents\" -DCLIENT -DWIN 32 -DMA os_regex/*.c zlib-1.2.8/*.c os_zlib.c shared/*.c os_crypto/blowfish/*.c os_crypto/md5/*.c os_crypto/shared/*.c addagent/*.c -Iheaders/ -I. -lwsock32 -ls hlwapi C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o setup-windows -Wall os_regex/*.c -DARGV0=\"setup-windows\" -DCL IENT -DWIN32 win_service.c shared/file_op.c shared/debug_op.c setup/setup-win.c setup/setup-shared.c -Iheaders/ -I. -lwsock32 C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o setup-syscheck -Wall os_regex/*.c os_xml/*.c setup/setup-sysche ck.c setup/setup-shared.c -I. -Iheaders/ C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o setup-iis -Wall os_regex/*.c setup/setup-iis.c -I. C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>"C:\MinGW \bin\gcc.exe" -o add-localfile -Wall os_regex/*.c setup/add-localfile.c -I. C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg>cd ui\ C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg\ui>make C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pkg\ui>echo M aking windows agent UI Making windows agent UI C:\Users\ossec\Downloads\ossec-hids-2.8.2\ossec-hids-2.8.2\src\win-pk
Re: [ossec-list] OSSEC agent.conf not getting updated for Linux
Thanks Dan. Yes, the write mode fixed. Worked for below permission set for shared/agent.conf # ls -lt agent* -rw-r- 1 ossec ossec 610 Mar 23 11:40 agent.conf If the file is owned by root for the same set of permission, the conf wasn't updating. -rw-r- 1 root ossec 516 Mar 23 11:35 agent.conf Thanks & Regards Kumar On Wednesday, 23 March 2016 20:39:50 UTC+5:30, dan (ddpbsd) wrote: > > On Wed, Mar 23, 2016 at 10:55 AM, Kumar Mg > > wrote: > > Hi, > > > > We have an OSSEC running at 2.8 on RHEL Linux, was looking at the > > centralized config control and was able to push the changes to the agent > > system. Did modification on the OSSEC server shared/agent.conf and the > file > > was pushed to the agent merged.mg file but not updating to the > agent.conf > > file. I have gone through the old posts and validated the permissions > for > > agent.conf on the server / agent side. Am I missing something here? > > > > OSSEC SERVER: > > # ls -ltr > > total 172 > > -r--r- 1 root ossec 4929 Jun 10 2015 win_malware_rcl.txt > > -r--r- 1 root ossec 3859 Jun 10 2015 win_audit_rcl.txt > > -r--r- 1 root ossec 4682 Jun 10 2015 win_applications_rcl.txt > > -r--r- 1 root ossec 4457 Jun 10 2015 system_audit_rcl.txt > > -r--r- 1 root ossec 5193 Jun 10 2015 rootkit_trojans.txt > > -r--r- 1 root ossec 14872 Jun 10 2015 rootkit_files.txt > > -r--r- 1 root ossec 14251 Jun 10 2015 cis_rhel_linux_rcl.txt > > -r--r- 1 root ossec 8192 Jun 10 2015 cis_rhel5_linux_rcl.txt > > -r--r- 1 root ossec 9501 Jun 10 2015 cis_debian_linux_rcl.txt > > -r--r- 1 root ossec 351 Mar 23 07:19 agent.conf > > -rw-r--r-- 1 ossecr ossec 70553 Mar 23 07:38 merged.mg > > -r--r- 1 root root 77 Mar 23 07:38 ar.conf > > > > AGENT: > > # ls -ltr > > total 164 > > -rwxrwx--- 1 root ossec 4929 Mar 23 07:39 win_malware_rcl.txt > > -rwxrwx--- 1 root ossec 3859 Mar 23 07:39 win_audit_rcl.txt > > -rwxrwx--- 1 root ossec 4682 Mar 23 07:39 win_applications_rcl.txt > > -rwxrwx--- 1 root ossec 4457 Mar 23 07:39 system_audit_rcl.txt > > -rwxrwx--- 1 root ossec 5193 Mar 23 07:39 rootkit_trojans.txt > > -rwxrwx--- 1 root ossec 14872 Mar 23 07:39 rootkit_files.txt > > -rw-r--r-- 1 ossec ossec 70553 Mar 23 07:39 merged.mg > > -rwxrwx--- 1 root ossec 14251 Mar 23 07:39 cis_rhel_linux_rcl.txt > > -rwxrwx--- 1 root ossec 8192 Mar 23 07:39 cis_rhel5_linux_rcl.txt > > -rwxrwx--- 1 root ossec 9501 Mar 23 07:39 cis_debian_linux_rcl.txt > > -r--r- 1 root ossec 0 Mar 23 08:59 agent.conf > > > > Does the situation improve if you make agent.conf writable? > > > I zeroed out the agent.conf and merge.mg files on agent side and > restarted > > the OSSEC server as well as the agent processes. The agent merged was > > updated and could see the updates from the OSSEC server, however this > did > > not update the agent.conf even after multiple agent restarts. I could > see > > from the agent ossec.log with following lines. > > > > # grep merge /var/ossec/logs/ossec.log* > > 2016/03/23 06:44:03 ossec-agentd: ERROR: Unable to unmerge file > > '/etc/shared/agent.conf'. > > 2016/03/23 06:55:19 ossec-agentd: ERROR: Unable to unmerge file > > '/etc/shared/agent.conf'. > > 2016/03/23 07:17:38 ossec-agentd: ERROR: Unable to unmerge file > > '/etc/shared/agent.conf'. > > 2016/03/23 07:22:16 ossec-agentd: ERROR: Unable to unmerge file > > '/etc/shared/agent.conf'. > > 2016/03/23 07:39:32 ossec-agentd: ERROR: Unable to unmerge file > > '/etc/shared/agent.conf'. > > > > > > Thanks & Regards > > Kumar > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC agent.conf not getting updated for Linux
Hi, We have an OSSEC running at 2.8 on RHEL Linux, was looking at the centralized config control and was able to push the changes to the agent system. Did modification on the OSSEC server shared/agent.conf and the file was pushed to the agent merged.mg file but not updating to the agent.conf file. I have gone through the old posts and validated the permissions for agent.conf on the server / agent side. Am I missing something here? OSSEC SERVER: # ls -ltr total 172 -r--r- 1 root ossec 4929 Jun 10 2015 win_malware_rcl.txt -r--r- 1 root ossec 3859 Jun 10 2015 win_audit_rcl.txt -r--r- 1 root ossec 4682 Jun 10 2015 win_applications_rcl.txt -r--r- 1 root ossec 4457 Jun 10 2015 system_audit_rcl.txt -r--r- 1 root ossec 5193 Jun 10 2015 rootkit_trojans.txt -r--r- 1 root ossec 14872 Jun 10 2015 rootkit_files.txt -r--r- 1 root ossec 14251 Jun 10 2015 cis_rhel_linux_rcl.txt -r--r- 1 root ossec 8192 Jun 10 2015 cis_rhel5_linux_rcl.txt -r--r- 1 root ossec 9501 Jun 10 2015 cis_debian_linux_rcl.txt -r--r- 1 root ossec 351 Mar 23 07:19 agent.conf -rw-r--r-- 1 ossecr ossec 70553 Mar 23 07:38 merged.mg -r--r- 1 root root 77 Mar 23 07:38 ar.conf AGENT: # ls -ltr total 164 -rwxrwx--- 1 root ossec 4929 Mar 23 07:39 win_malware_rcl.txt -rwxrwx--- 1 root ossec 3859 Mar 23 07:39 win_audit_rcl.txt -rwxrwx--- 1 root ossec 4682 Mar 23 07:39 win_applications_rcl.txt -rwxrwx--- 1 root ossec 4457 Mar 23 07:39 system_audit_rcl.txt -rwxrwx--- 1 root ossec 5193 Mar 23 07:39 rootkit_trojans.txt -rwxrwx--- 1 root ossec 14872 Mar 23 07:39 rootkit_files.txt -rw-r--r-- 1 ossec ossec 70553 Mar 23 07:39 merged.mg -rwxrwx--- 1 root ossec 14251 Mar 23 07:39 cis_rhel_linux_rcl.txt -rwxrwx--- 1 root ossec 8192 Mar 23 07:39 cis_rhel5_linux_rcl.txt -rwxrwx--- 1 root ossec 9501 Mar 23 07:39 cis_debian_linux_rcl.txt -r--r- 1 root ossec 0 Mar 23 08:59 agent.conf I zeroed out the agent.conf and merge.mg files on agent side and restarted the OSSEC server as well as the agent processes. The agent merged was updated and could see the updates from the OSSEC server, however this did not update the agent.conf even after multiple agent restarts. I could see from the agent ossec.log with following lines. # grep merge /var/ossec/logs/ossec.log* 2016/03/23 06:44:03 ossec-agentd: ERROR: Unable to unmerge file '/etc/shared/agent.conf'. 2016/03/23 06:55:19 ossec-agentd: ERROR: Unable to unmerge file '/etc/shared/agent.conf'. 2016/03/23 07:17:38 ossec-agentd: ERROR: Unable to unmerge file '/etc/shared/agent.conf'. 2016/03/23 07:22:16 ossec-agentd: ERROR: Unable to unmerge file '/etc/shared/agent.conf'. 2016/03/23 07:39:32 ossec-agentd: ERROR: Unable to unmerge file '/etc/shared/agent.conf'. Thanks & Regards Kumar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.