When I did an install on the same servers as you, I did the install with a binary install. The problem that I ran into is I couldn't do active response as they do not allow you to block traffic with a host firewall. Just create a vm with the same OS and follow the build instructions in the Wiki.
On Fri, Aug 24, 2012 at 3:09 PM, dan (ddp) <[email protected]> wrote: > On Fri, Aug 24, 2012 at 3:06 PM, Christopher Werby <[email protected]> > wrote: >> I'm giving a bump to this issue. I'm dead in the water on getting OSSEC >> install on this server. >> >> Any ideas? >> > > Are you sure you can write to this dir? Does UID 500 exist? What > happens if you chown it to root? > > Shots in the dark: > Make sure selinux or anything like that isn't messing this up. > Make sure the mount options aren't causing issues. > > >> >>> Hi Dan, >>> >>> Here's the "Error 127" that I get when I execute `make plugins`. I also >>> show the PATH on my system and the permissions on compiled_rules/ (775). >>> >>>> root@xxx:/tmp/ossec-hids-2.6/src/analysisd/compiled_rules# echo $PATH >>>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin >>>> root@xxx:/tmp/ossec-hids-2.6/src/analysisd# stat compiled_rules/ >>>> File: `compiled_rules/' >>>> Size: 140 Blocks: 0 IO Block: 4096 directory >>>> Device: 35h/53d Inode: 1928226602 Links: 2 >>>> Access: (0775/drwxrwxr-x) Uid: ( 500/ UNKNOWN) Gid: ( 500/ UNKNOWN) >>>> Access: 2012-08-23 08:35:04.630335120 -0700 >>>> Modify: 2012-08-22 21:04:28.287611426 -0700 >>>> Change: 2012-08-22 21:04:28.287611426 -0700 >>>> root@xxx:/tmp/ossec-hids-2.6/src/analysisd# cd compiled_rules/ >>>> root@xxx:/tmp/ossec-hids-2.6/src/analysisd/compiled_rules# make plugins >>>> ./register_rule.sh build >>>> make: execvp: ./register_rule.sh: Permission denied >>>> make: *** [plugins] Error 127 >>> >>> >>> Best, >>> ----------------------- >>> Christopher Werby >>> Pipsqueak Productions, LLC >>> http://www.Pipsqueak.com >>> >>> On Aug 23, 2012, at 6:33 AM, dan (ddp) wrote: >>> >>>> On Thu, Aug 23, 2012 at 12:05 AM, Christopher Werby >>>> <[email protected]> wrote: >>>>> Hi Ryan, >>>>> >>>>> Sure! >>>>> >>>>>> root@XXX:/tmp/ossec-hids-2.6/src/analysisd/compiled_rules# /bin/sh -x >>>>>> register_rule.sh build >>>>>> + CHF=compiled_rules.h >>>>>> + ls -la register_rule.sh >>>>>> + '[' '!' 0 = 0 ']' >>>>>> + '[' xbuild = x -o xbuild = xhelp -o xbuild = x-h ']' >>>>>> + '[' xbuild = xlist ']' >>>>>> + '[' xbuild = xsave ']' >>>>>> + '[' xbuild = xrestore ']' >>>>>> + '[' xbuild = xbuild ']' >>>>>> + ls -la .function_list >>>>>> + '[' '!' 0 = 0 ']' >>>>>> + echo '/* This file is auto generated by register_rule.sh. Do not touch >>>>>> it. */' >>>>>> + echo '' >>>>>> + echo '/* Adding the function definitions. */' >>>>>> ++ cat .function_list >>>>>> ++ sort >>>>>> ++ uniq >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo 'void *check_id_size(Eventinfo *lf);' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo 'void *comp_mswin_targetuser_calleruser_diff(Eventinfo *lf);' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo 'void *comp_srcuser_dstuser(Eventinfo *lf);' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo 'void *is_simple_http_request(Eventinfo *lf);' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo 'void *is_valid_crawler(Eventinfo *lf);' >>>>>> + echo '' >>>>>> + echo '/* Adding the rules list. */' >>>>>> + echo 'void *(compiled_rules_list[]) = ' >>>>>> + echo '{' >>>>>> ++ cat .function_list >>>>>> ++ sort >>>>>> ++ uniq >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo ' check_id_size,' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo ' comp_mswin_targetuser_calleruser_diff,' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo ' comp_srcuser_dstuser,' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo ' is_simple_http_request,' >>>>>> + for i in '`cat .function_list | sort| uniq`' >>>>>> + echo ' is_valid_crawler,' >>>>>> + echo ' NULL' >>>>>> + echo '};' >>>>>> + echo '' >>>>>> + echo '/* Adding the rules list names. */' >>>>>> + echo 'char *(compiled_rules_name[]) = ' >>>>>> + echo '{' >>>>>> ++ cat .function_list >>>>>> ++ sort >>>>>> ++ uniq >>>>>> + for i in '`cat .function_list |sort | uniq`' >>>>>> + echo ' "check_id_size",' >>>>>> + for i in '`cat .function_list |sort | uniq`' >>>>>> + echo ' "comp_mswin_targetuser_calleruser_diff",' >>>>>> + for i in '`cat .function_list |sort | uniq`' >>>>>> + echo ' "comp_srcuser_dstuser",' >>>>>> + for i in '`cat .function_list |sort | uniq`' >>>>>> + echo ' "is_simple_http_request",' >>>>>> + for i in '`cat .function_list |sort | uniq`' >>>>>> + echo ' "is_valid_crawler",' >>>>>> + echo ' NULL' >>>>>> + echo '};' >>>>>> + echo '' >>>>>> + echo '/* EOF */' >>>>>> + echo '*Build completed.' >>>>>> *Build completed. >>>>> >>>>> ----------------------- >>>>> Christopher Werby >>>>> Pipsqueak Productions, LLC >>>>> http://www.Pipsqueak.com >>>>> >>>>> On Aug 22, 2012, at 8:44 PM, Ryan Schulze wrote: >>>>> >>>>>> /bin/sh -x register_rule.sh build >>>>> >>>> >>>> Ok, that seems to have worked. The only other thing it does is tries >>>> to compile. Try running `make plugins` in that directory. >>>> I guess you could also check the permissions of the directory itself. >>>> I've never seen issues with this before. >>> -- Registered Linux User # 379282
