What is the proper way to install with database support?
I tried back in January when I submitted “OSSEC 3.3 - OSSEC not compiled
with support for 'mysql' ” and now while I was updating to version 3.6 but
it still won’t compile with database support.
The normal installation method never asks if a database is to be used. It
should.
I tried updating but it looks like 3.6 won’t ignore the missing database
support the way that 3.3 did so it failed to start. I tried doing an
installation over the top of the current one, that gave me the same results.
I tried:
# make DATABASE=mysql TARGET=server settings
# ./install.sh
But the install script overwrote the make settings resulting in:
Mysql settings:
includes:
libs:
I tried:
# make DATABASE=mysql TARGET=server settings
# make install
Which failed to run.
Also
# env DATABASE=mysql TARGET=server ./install.sh
That appeared to work at first
Mysql settings:
includes: -I/usr/include/mysql -I/usr/include/mysql/mysql
libs: -L/usr/lib64/ -lmariadb -lz -ldl -lm -lpthread -lssl
-lcrypto
But afterward
# /var/ossec/bin/ossec-dbd -V
Gave me
** Compiled without any database support
I’ve attached a printout of the full text of my last attempt. What’s next?
Natassia
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/7390d3e9-659d-4652-ac07-11ed9aa7c781n%40googlegroups.com.
[root@LLC-OSSEC ossec-hids-3.6.0]# env DATABASE=mysql TARGET=server ./install.sh
which: no host in (/sbin:/bin:/usr/sbin:/usr/bin)
** Para instalação em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** A Magyar nyelvű telepítéshez válassza [hu].
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalować w języku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türkçe kurulum için seçin [tr].
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:
which: no host in (/sbin:/bin:/usr/sbin:/usr/bin)
OSSEC HIDS v3.6.0 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
- System: Linux LLC-OSSEC.localdomain 4.18.0-193.19.1.el8_2.x86_64
- User: root
- Host: LLC-OSSEC.localdomain
-- Press ENTER to continue or Ctrl-C to abort. --
- You already have OSSEC installed. Do you want to update it? (y/n): n
1- What kind of installation do you want (server, agent, local, hybrid or
help)? server
- Server installation chosen.
2- Setting up the installation environment.
- Choose where to install the OSSEC HIDS [/var/ossec]:
- Installation will be made at /var/ossec .
- The installation directory already exists. Should I delete it? (y/n) [y]:
3- Configuring the OSSEC HIDS.
3.1- Do you want e-mail notification? (y/n) [y]:
- What's your e-mail address? [email protected]
- What's your SMTP server ip/host? jadzia.llc.washington.edu
3.2- Do you want to run the integrity check daemon? (y/n) [y]:
- Running syscheck (integrity check daemon).
3.3- Do you want to run the rootkit detection engine? (y/n) [y]:
- Running rootcheck (rootkit detection).
3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response
- Do you want to enable active response? (y/n) [y]:
- Active response enabled.
- By default, we can enable the host-deny and the
firewall-drop responses. The first one will add
a host to the /etc/hosts.deny and the second one
will block the host on iptables (if linux) or on
ipfilter (if Solaris, FreeBSD or NetBSD).
- They can be used to stop SSHD brute force scans,
portscans and some other forms of attacks. You can
also add them to block on snort events, for example.
- Do you want to enable the firewall-drop response? (y/n) [y]:
- firewall-drop enabled (local) for levels >= 6
-
- 128.95.120.1
- 128.95.112.1
- Do you want to add more IPs to the white list? (y/n)? [n]: y
- IPs (space separated): 10.155.57.18
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: n
--- Remote syslog disabled.
3.6- Setting the configuration to analyze the following logs:
-- /var/log/messages
-- /var/log/secure
-- /var/log/maillog
- If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .
--- Press ENTER to continue ---
5- Installing the system
- Running the Makefile
make settings
make[1]: Entering directory '/home/stelmn/ossec-hids-3.6.0/src'
General settings:
TARGET: server
V:
DEBUG:
DEBUGAD:
PREFIX: /var/ossec
MAXAGENTS: 2048
REUSE_ID: no
DATABASE: mysql
ONEWAY: no
CLEANFULL: no
User settings:
OSSEC_GROUP: ossec
OSSEC_USER: ossec
OSSEC_USER_MAIL: ossecm
OSSEC_USER_REM: ossecr
ZLIB settings:
ZLIB_SYSTEM: yes
ZLIB_INCLUDE:
ZLIB_LIB: os_zlib.a
PCRE2 settings:
PCRE2_SYSTEM: yes
PCRE2_INCLUDE:
Lua settings:
LUA_PLAT: posix
LUA_ENABLE: no
USE settings:
USE_ZEROMQ: no
USE_GEOIP: no
USE_PRELUDE: no
USE_OPENSSL: auto
USE_INOTIFY: no
USE_SQLITE:
USE_PCRE2_JIT: yes
Mysql settings:
includes: -I/usr/include/mysql -I/usr/include/mysql/mysql
libs: -L/usr/lib64/ -lmariadb -lz -ldl -lm -lpthread -lssl
-lcrypto
Pgsql settings:
includes:
libs:
Defines:
-DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec"
-DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux
-DINOTIFY_ENABLED -DZLIB_SYSTEM -DUSE_PCRE2_JIT -DMYSQL_DATABASE_ENABLED
-DLIBOPENSSL_ENABLED
Compiler:
CFLAGS -I./external/compat -DMAX_AGENTS=2048 -DOSSECHIDS
-DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr"
-DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -DINOTIFY_ENABLED
-DZLIB_SYSTEM -DUSE_PCRE2_JIT -DMYSQL_DATABASE_ENABLED -DLIBOPENSSL_ENABLED
-Wall -Wextra -I./ -I./headers/
LDFLAGS -lm -lpthread -lpcre2-8 -L/usr/lib64/ -lmariadb -lz -ldl
-lm -lpthread -lssl -lcrypto -lssl -lcrypto -lz
CC cc
MAKE make
make[1]: Leaving directory '/home/stelmn/ossec-hids-3.6.0/src'
Done building server
make settings
make[1]: Entering directory '/home/stelmn/ossec-hids-3.6.0/src'
General settings:
TARGET: server
V:
DEBUG:
DEBUGAD:
PREFIX: /var/ossec
MAXAGENTS: 2048
REUSE_ID: no
DATABASE: mysql
ONEWAY: no
CLEANFULL: no
User settings:
OSSEC_GROUP: ossec
OSSEC_USER: ossec
OSSEC_USER_MAIL: ossecm
OSSEC_USER_REM: ossecr
ZLIB settings:
ZLIB_SYSTEM: yes
ZLIB_INCLUDE:
ZLIB_LIB: os_zlib.a
PCRE2 settings:
PCRE2_SYSTEM: yes
PCRE2_INCLUDE:
Lua settings:
LUA_PLAT: posix
LUA_ENABLE: no
USE settings:
USE_ZEROMQ: no
USE_GEOIP: no
USE_PRELUDE: no
USE_OPENSSL: auto
USE_INOTIFY: no
USE_SQLITE:
USE_PCRE2_JIT: yes
Mysql settings:
includes: -I/usr/include/mysql -I/usr/include/mysql/mysql
libs: -L/usr/lib64/ -lmariadb -lz -ldl -lm -lpthread -lssl
-lcrypto
Pgsql settings:
includes:
libs:
Defines:
-DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec"
-DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux
-DINOTIFY_ENABLED -DZLIB_SYSTEM -DUSE_PCRE2_JIT -DMYSQL_DATABASE_ENABLED
-DLIBOPENSSL_ENABLED
Compiler:
CFLAGS -I./external/compat -DMAX_AGENTS=2048 -DOSSECHIDS
-DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr"
-DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -DINOTIFY_ENABLED
-DZLIB_SYSTEM -DUSE_PCRE2_JIT -DMYSQL_DATABASE_ENABLED -DLIBOPENSSL_ENABLED
-Wall -Wextra -I./ -I./headers/
LDFLAGS -lm -lpthread -lpcre2-8 -L/usr/lib64/ -lmariadb -lz -ldl
-lm -lpthread -lssl -lcrypto -lssl -lcrypto -lz
CC cc
MAKE make
make[1]: Leaving directory '/home/stelmn/ossec-hids-3.6.0/src'
Done building server
./init/adduser.sh ossec ossecm ossecr ossec /var/ossec
Wait for success...
success
install -m 0550 -o root -g ossec -d /var/ossec/
install -m 0750 -o ossec -g ossec -d /var/ossec/logs
install -m 0660 -o ossec -g ossec /dev/null /var/ossec/logs/ossec.log
install -m 0550 -o root -g 0 -d /var/ossec/bin
install -m 0550 -o root -g 0 ossec-logcollector /var/ossec/bin
install -m 0550 -o root -g 0 ossec-syscheckd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-execd /var/ossec/bin
install -m 0550 -o root -g 0 manage_agents /var/ossec/bin
install -m 0550 -o root -g 0 ../contrib/util.sh /var/ossec/bin/
install -m 0550 -o root -g 0 ./init/ossec-server.sh /var/ossec/bin/ossec-control
install -m 0550 -o root -g ossec -d /var/ossec/queue
install -m 0770 -o ossec -g ossec -d /var/ossec/queue/alerts
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/ossec
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/syscheck
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/diff
install -m 0550 -o root -g ossec -d /var/ossec/etc
install -m 0440 -o root -g ossec /etc/localtime /var/ossec/etc
install -m 0440 -o root -g ossec /etc/resolv.conf /var/ossec/etc
install -m 1550 -o root -g ossec -d /var/ossec/tmp
install -m 0640 -o root -g ossec -b ../etc/internal_options.conf /var/ossec/etc/
install -m 0770 -o root -g ossec -d /var/ossec/etc/shared
install -m 0640 -o ossec -g ossec rootcheck/db/*.txt /var/ossec/etc/shared/
install -m 0550 -o root -g ossec -d /var/ossec/active-response
install -m 0550 -o root -g ossec -d /var/ossec/active-response/bin
install -m 0550 -o root -g ossec -d /var/ossec/agentless
install -m 0550 -o root -g ossec agentlessd/scripts/* /var/ossec/agentless/
install -m 0700 -o root -g ossec -d /var/ossec/.ssh
install -m 0550 -o root -g ossec ../active-response/*.sh
/var/ossec/active-response/bin/
install -m 0550 -o root -g ossec ../active-response/firewalls/*.sh
/var/ossec/active-response/bin/
install -m 0550 -o root -g ossec -d /var/ossec/var
install -m 0770 -o root -g ossec -d /var/ossec/var/run
./init/fw-check.sh execute
install -m 0660 -o ossec -g ossec /dev/null /var/ossec/logs/active-responses.log
install -m 0750 -o ossec -g ossec -d /var/ossec/logs/archives
install -m 0750 -o ossec -g ossec -d /var/ossec/logs/alerts
install -m 0750 -o ossec -g ossec -d /var/ossec/logs/firewall
install -m 0550 -o root -g 0 ossec-agentlessd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-analysisd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-monitord /var/ossec/bin
install -m 0550 -o root -g 0 ossec-reportd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-maild /var/ossec/bin
install -m 0550 -o root -g 0 ossec-remoted /var/ossec/bin
install -m 0550 -o root -g 0 ossec-logtest /var/ossec/bin
install -m 0550 -o root -g 0 ossec-csyslogd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-authd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-dbd /var/ossec/bin
install -m 0550 -o root -g 0 ossec-makelists /var/ossec/bin
install -m 0550 -o root -g 0 verify-agent-conf /var/ossec/bin/
install -m 0550 -o root -g 0 clear_stats /var/ossec/bin/
install -m 0550 -o root -g 0 list_agents /var/ossec/bin/
install -m 0550 -o root -g 0 ossec-regex /var/ossec/bin/
install -m 0550 -o root -g 0 syscheck_update /var/ossec/bin/
install -m 0550 -o root -g 0 agent_control /var/ossec/bin/
install -m 0550 -o root -g 0 syscheck_control /var/ossec/bin/
install -m 0550 -o root -g 0 rootcheck_control /var/ossec/bin/
install -m 0750 -o ossec -g ossec -d /var/ossec/stats
install -m 0550 -o root -g ossec -d /var/ossec/rules
cp /var/ossec/rules/local_rules.xml
/var/ossec/rules/local_rules.xml.installbackup
install -m 0640 -o root -g ossec -b ../etc/rules/*.xml /var/ossec/rules
install -m 0640 -o root -g ossec /var/ossec/rules/local_rules.xml.installbackup
/var/ossec/rules/local_rules.xml
rm /var/ossec/rules/local_rules.xml.installbackup
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/fts
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/rootcheck
install -m 0750 -o ossecr -g ossec -d /var/ossec/queue/agent-info
install -m 0750 -o ossec -g ossec -d /var/ossec/queue/agentless
install -m 0750 -o ossecr -g ossec -d /var/ossec/queue/rids
install -m 0640 -o root -g ossec ../etc/decoder.xml /var/ossec/etc/
rm -f /var/ossec/etc/shared/merged.mg
- System is Redhat Linux.
- Init script modified to start OSSEC HIDS during boot.
- Configuration finished properly.
- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf
Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at https://github.com/ossec/ossec-hids or using
our public maillist at
https://groups.google.com/forum/#!forum/ossec-list
More information can be found at http://www.ossec.net
--- Press ENTER to finish (maybe more information below). ---
- In order to connect agent and server, you need to add each agent to the
server.
Run the 'manage_agents' to add or remove them:
/var/ossec/bin/manage_agents
More information at:
http://www.ossec.net/en/manual.html#ma
[root@LLC-OSSEC ossec-hids-3.6.0]# /var/ossec/bin/ossec-dbd -V
OSSEC HIDS v3.6.0 - OSSEC Foundation This program is free software; you can
redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation. For more details, go to
http://www.ossec.net/main/license/
** Compiled without any database support
