Re: [ossec-list] Release schedule
Hi Dan, Thank you for your assistance. I was trying to compile on a somewhat locked down Red Hat distribution, seemingly missing some of the dependencies. I spun up a Ubuntu 16.04 machine and was able to compile MASTER (Why 2.9.2 when i can have all the improvements.. Right.) without too much effort after installing the libs you've mentioned. Again, thank you for your help! Sincerely, Mark > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Release schedule
Hi Dan, Perhaps i can elaborate. So we're trying to further our implementation, but cannot apply our desired "client-server" model where the config is managed in a centralized place (I.E the server) due to issue #1207. I have confirmed this is in fact the issue (no idea why this wasn't included in 2.9.2, but oke.) Therefore, i want to apply the patch manually, and compile it myself. This is where the heart of my question was. To answer yours. When compiling the 2.9.2 source with the winagent target i'm getting an error in randombytes.c, speficically: shared/randombytes.c: In function 'randombytes': shared/randombytes.c:17: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'prov' shared/randombytes.c:17: error: 'prov' undeclared (first use in this function) shared/randombytes.c:17: error: (Each undeclared identifier is reported only once shared/randombytes.c:17: error: for each function it appears in.) shared/randombytes.c:19: warning: implicit declaration of function 'CryptAcquireContext' shared/randombytes.c:19: error: 'PROV_RSA_FULL' undeclared (first use in this function) shared/randombytes.c:23: warning: implicit declaration of function 'CryptGenRandom' make[1]: *** [shared/randombytes.o] Error 1 make[1]: Leaving directory `/myhomedir/ossec-hids-2.9.2/src' make: *** [winagent] Error 2 I haven't messed around in the source code, other than adding the binary parameter to the fopen function. I dont think there lies the cause of this error. Perhaps you could provide some insights, any help is appreciated ofcourse. Kind Regards, Mark Op donderdag 9 november 2017 14:46:31 UTC+1 schreef dan (ddpbsd): > > On Wed, Nov 8, 2017 at 3:50 AM, mark van de giessen <mgie...@gmail.com > > wrote: > >> Welp, perhaps my system is misconfigured, i dont know. > > > > But.. when trying to compile following Ossec's > > /docs/manual/installation/compile-ossec-mingw.html i'm getting all sorts > of > > errors (yes, i'm trying to compile for windows) > > > > I don't think there were any changes to the Windows side of things in > the latest releases. > Knowing what errors you're getting could help. > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Release schedule
> > Welp, perhaps my system is misconfigured, i dont know. But.. when trying to compile following Ossec's /docs/manual/installation/compile-ossec-mingw.html i'm getting all sorts of errors (yes, i'm trying to compile for windows) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Release schedule
> > Welp, perhaps my system is misconfigured. I dont know. But whem > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Release schedule
Dear, Is there like a schedule as to when new versions are released of Ossec? How does this process work? I'm debating whether it is worth compiling my own agent from source (which probably takes me quite some time, as i've never done this) versus waiting for a newer version. Any help is appreciated. Sincerely, Mark -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Centralized agent.conf
Hi Eddi Bento, I'm experiencing the same issue, i assume. In windows, there currently is a bug that prevents a 'client-server' model as the md5 checksum fails due to End-Of-Line conversion errors. See (https://github.com/ossec/ossec-hids/pull/1207) To resolve this, either wait for the fix mentioned in issue 1207, or compile it yourself with the fix included. Coincidentally, i myself am also waiting for a new release, mainly for this issue. Hopefully i've provided some help. Sincerely, Mark Op donderdag 2 november 2017 22:01:23 UTC+1 schreef Eddi Bento: > > Hello. > > I'm trying to set up a proof of concept for OSSEC. It's all set up and > monitoring a few computers, but I can't seem to get the agent.conf file to > push. Originally, I was told to copy the ossec.conf file on the Manager > and remove the Global entries on it. Since then, I've completely killed > the file and created an empty agent.conf that has the following: > > > > C:\OSSEC-Test\something.log > syslog > > > > This is only line as I want to get this one file monitored first before I > continue. I save this file and restart OSSEC. > > When I run: > > agent_control -i 002 > > (where 002 is the AgentID for agent01) > > ..it never updates the MD5 Checksum of this file next to Client Version: > OSSEC HIDS v2.9.2 > > Does anyone have an idea on what I'm doing wrong? Is there an place where > I can see in the log that the agent.conf push fails? > > Regards, > Eddi > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
