[ossec-list] Re: ossec 0.9

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Jonathan,

Copying the /var/ossec directory to multiple machines should work,
however there is
a better way to do it (more clean). Simple step-by-step on how to do it.

1- Go to the machine where you have a compiler (and the ossec package) and do:
cd ossec-hids-0.9
cd src
make all
make build

2- Leave the "src" directory and edit the file etc/preloaded-vars.conf .
cd ..
vi etc/preloaded-vars.conf

3- In this file, uncomment the USER_BINARYINSTALL option.

4- Leave the ossec directory and compress it under another name to be sent to
the other machines.

cd ../
tar -cvzf ossec-hids-0.9-binary.tar.gz ossec-hids-0.9

5- Use this new .tar.gz to install ossec on the machines without a compiler.


Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net


On 8/4/06, Miner, Jonathan W (CSC) (US SSA)
<jonathan.w.miner@xxxxxxxxxxxxxx> wrote:
> > 4. On Solaris, it may worth to include /var/adm/message to the
> >    default monitor list.
>
> I've been using it for about a week on two Solaris 9 machines.  One file that should be excluded is /etc/logadm.conf; the contents get rewritten with a datestamp every day.
>
> I'm also having problems on the server with ossec-analysisd getting a segfault and crashing.  Haven't spent much time looking into this; ideas welcome, but I'll break out gdb and start debugging either later today or next.
>
> > BTW, OSSEC is great. Easy to install and useful.
>
> Definitely easy to install.  Any way for me to pre-compile binaries so that I can deploy OSSEC on machines that don't have compilers?  Can I simply copy the /var/ossec directory from one machine to another, then update the client keys?
>
> THANKS!