I will get the current changes tested on Windows this weekend.... On Friday, October 9, 2015 at 7:35:37 AM UTC-4, dan (ddpbsd) wrote: > > All right, here's my plan if it still seems to be working on the Windows > hosts: > 1. I need to test on linux. > a. Test upgrades from 2.8.2 > b. Test server installs > c. Test agent installs > d. Test hybrid > 2. I need to write up some release notes > 3. Tag and pull request > 4. Coordinate an actual release with the powers that be. > a. PGP signing > b. Website updates > c. Announcements > > Anyone see anything I've forgotten? > > Here's a zip of the source for anyone who wants to do any testing > (Solaris/OS X testers would be great!): > https://github.com/ddpbsd/ossec-hids/archive/283.zip > > > On Tue, Oct 6, 2015 at 8:15 AM, dan (ddp) <[email protected] <javascript:>> > wrote: > > I don't think it would hurt to do it. > > > > On Fri, Oct 2, 2015 at 2:02 PM, DefensiveDepth <[email protected] > <javascript:>> wrote: > >> Looks like the client is still stable this morning. > >> > >> Do you want me to re-build and test the new changes you made, or wait? > >> > >> -Josh > >> > >> On Friday, October 2, 2015 at 8:45:18 AM UTC-4, dan (ddpbsd) wrote: > >>> > >>> I've also made a couple of smaller changes to the branch. It still > >>> compiles for win32 and now compiles for *nix as well. > >>> I still need to make sure the hybrid fix is in, and do some more > >>> testing. After that it's document the changes and submit them. I still > >>> have to figure out the whole git tagging thing, to make sure I don't > >>> clobber anything important. > >>> > >>> On Fri, Oct 2, 2015 at 7:29 AM, dan (ddp) <[email protected]> wrote: > >>> > On Thu, Oct 1, 2015 at 4:34 PM, DefensiveDepth <[email protected]> > >>> > wrote: > >>> >> Built great. (Thanks!) > >>> >> > >>> >> Installed and running on 2008 R2 right now. Appears to be working > >>> >> correctly. > >>> >> Getting a massive number of the following errors in the client log: > >>> >> > >>> >> ===================== > >>> >> > >>> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() > >>> >> temporary > >>> >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for > >>> >> (Microsoft-Windows-Sysmon/Operational) > >>> >> > >>> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary > file > >>> >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned > (3) > >>> >> > >>> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() > >>> >> temporary > >>> >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for > >>> >> (Microsoft-Windows-Sysmon/Operational) > >>> >> > >>> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary > file > >>> >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned > (3) > >>> >> ================== > >>> >> > >>> > > >>> > I'll try to look at these this weekend to try and figure out if > >>> > they're a big deal or not. > >>> > > >>> >> Will check in the morning to make sure everything is still working > >>> >> right > >>> >> > >>> >> -Josh > >>> >> > >>> >> On Thursday, October 1, 2015 at 9:01:57 AM UTC-4, dan (ddpbsd) > wrote: > >>> >>> > >>> >>> (Hint: I did, but I'll deal with that fallout later :-P) > >>> >>> > >>> >>> On Oct 1, 2015 8:55 AM, "dan (ddp)" <[email protected]> wrote: > >>> >>>> > >>> >>>> I've updated the branch again. I managed to compile a binary, but > >>> >>>> can't test it at the moment. > >>> >>>> I'm running a *nix build or two in the mean time to make sure I > >>> >>>> didn't > >>> >>>> mess anything up there. > >>> >>>> > >>> >>>> On Thu, Oct 1, 2015 at 5:16 AM, DefensiveDepth < > [email protected]> > >>> >>>> wrote: > >>> >>>> > When in doubt, caffeinate! > >>> >>>> > > >>> >>>> > Is the mkstemp error possibly related to the version of mingw32 > we > >>> >>>> > are > >>> >>>> > running? > >>> >>>> > > >>> >>>> > > >>> >>>> > On Wednesday, September 30, 2015 at 10:52:51 PM UTC-4, dan > (ddpbsd) > >>> >>>> > wrote: > >>> >>>> >> > >>> >>>> >> On Wed, Sep 30, 2015 at 10:31 PM, dan (ddp) <[email protected]> > > >>> >>>> >> wrote: > >>> >>>> >> > On Wed, Sep 30, 2015 at 8:22 PM, SoulAuctioneer > >>> >>>> >> > <[email protected]> wrote: > >>> >>>> >> >> Might just need to add this line into error_messages.h in > Dan's > >>> >>>> >> >> branch: > >>> >>>> >> >> > >>> >>>> >> >> > >>> >>>> >> >> > >>> >>>> >> >> > >>> >>>> >> >> > https://github.com/awiddersheim/ossec-hids/blob/master/src/error_messages/error_messages.h#L44 > > >>> >>>> >> >> > >>> >>>> >> > > >>> >>>> >> > There's definitely more than that. Adding that line I still > get: > >>> >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xcdb): > >>> >>>> >> > undefined > >>> >>>> >> > reference to `mkstemp_ex' > >>> >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xe19): > >>> >>>> >> > undefined > >>> >>>> >> > reference to `rename_ex' > >>> >>>> >> > /usr/bin/i686-w64-mingw32-ld: /tmp/ccw4cOwc.o: bad reloc > address > >>> >>>> >> > 0xd84 > >>> >>>> >> > in section `.rdata' > >>> >>>> >> > collect2: error: ld returned 1 exit status > >>> >>>> >> > > >>> >>>> >> > Unfortunately, google doesn't help with mkstemp_ex or > rename_ex. > >>> >>>> >> > > >>> >>>> >> > >>> >>>> >> Derp, found those. I probably shouldn't have settled for > decaf. > >>> >>>> >> > >>> >>>> >> > > >>> >>>> >> >> -- > >>> >>>> >> >> > >>> >>>> >> >> --- > >>> >>>> >> >> You received this message because you are subscribed to the > >>> >>>> >> >> Google > >>> >>>> >> >> Groups > >>> >>>> >> >> "ossec-list" group. > >>> >>>> >> >> To unsubscribe from this group and stop receiving emails > from > >>> >>>> >> >> it, > >>> >>>> >> >> send > >>> >>>> >> >> an > >>> >>>> >> >> email to [email protected]. > >>> >>>> >> >> For more options, visit https://groups.google.com/d/optout. > > >>> >>>> > > >>> >>>> > -- > >>> >>>> > > >>> >>>> > --- > >>> >>>> > You received this message because you are subscribed to the > Google > >>> >>>> > Groups > >>> >>>> > "ossec-list" group. > >>> >>>> > To unsubscribe from this group and stop receiving emails from > it, > >>> >>>> > send > >>> >>>> > an > >>> >>>> > email to [email protected]. > >>> >>>> > For more options, visit https://groups.google.com/d/optout. > >>> >> > >>> >> -- > >>> >> > >>> >> --- > >>> >> You received this message because you are subscribed to the Google > >>> >> Groups > >>> >> "ossec-list" group. > >>> >> To unsubscribe from this group and stop receiving emails from it, > send > >>> >> an > >>> >> email to [email protected]. > >>> >> For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
