Hello, OSSEC-listers; I'm new to OSSEC and so far I'm loving how simple and useful it is.
Now I have a handful of VMware ESX 3.5 servers which I would like to add to my network's OSSEC server... but I can't figure out how to get the agent installed. I have tried compiling from the source with the install.sh script, but ESX's limited gcc was unable to make sense of the code, and after printing out a few pages of warnings and errors, it quits with the message "Error 0x5. Building error. Unable to finish the installation." I also tried (perhaps against my better judgment) to find an RPM that would work, but kept running into dependency problems. It seems a build meant for RedHat EL 3 might work (http://rpm.pbone.net/ index.php3/stat/4/idpl/14104155/dir/redhat_el_3/com/ossec-hids- client-2.4.1-1.el3.pp.i386.rpm.html), but since the VMware folks sternly warn against installing RPMs willy-nilly, I still haven't dared do it. Or is it recommended to use agentless monitoring (http://www.ossec.net/ main/manual/manual-agentless-monitoring/)? If so, what kind of configuration should I be using (presumably 'ssh_integrity_check_linux' & 'ssh_generic_diff')? Thanks in advance-- ~ewall
