[Ossec-list] ossec-list Digest, Vol 7, Issue 7

[daniel.cid at gmail.com (Daniel Cid)]

Hi Sebastian,

Looks like the "bin" directory wasn't created for some reason... Can
you do the following:

-Remove /var/ossec (rm -rf /var/ossec)
-Start the installation process again (cd ossec-hids-0.8).
-Before running the install.sh script, create ./bin (mkdir ./bin).
-Run ./install.sh and see if it works.

*I don't have Solaris in here, so I can't help you much more than that.
Probably Ahmet (the Solaris guy :)) will be able to give you a better answer.

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 5/15/06, Sebastian Benner <sebastian.benner at fernuni-hagen.de> wrote:
>
> Hello,
>
> I tried to install ossec 0.8 on a Solaris 10 Zone. The install script
> worked so far, but some errors occured making it impossible to start
> ossec :-(
>
> .......................................................................
>   *** Making syscheckd ***
>
> gcc -Wall -I../ -I../headers  -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL
> -lsocket -lnsl -lresolv -DSOLARIS -DHIGHFIRST -include strings.h
> -DARGV0=\"ossec-syscheckd\" -DXML_VAR=\"var\" -DOSSECHIDS syscheck.c
> config.c create_db.c run_check.c ../config/*.c ../shared/lib_shared.a
> ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a
> ../os_crypto/os_crypto.a ../rootcheck/rootcheck_lib.a -o ossec-syscheckd
> cp -pr ossec-maild ../../bin
> cp -pr ossec-execd ../../bin
> cp -pr ossec-analysisd ../../bin
> cp -pr ossec-logcollector ../../bin
> cp -pr ossec-remoted ../../bin
> cp -pr ossec-agentd ../../bin
> cp -pr manage_agents ../../bin
> cp -pr manage_agents ../../bin
> cp -pr syscheck_update clear_stats ../../bin
> cp: Target ../../bin must be a directory
> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>         cp [-f] [-i] [-p] [-@] f1 ... fn d1
>         cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
> *** Error code 2
> make: Fatal error: Command failed for target `build'
> Current working directory /tmp/ossec-hids-0.8/src/util
>
> Error Making the binaries
> *** Error code 1
> The following command caused the error:
> /bin/sh ./Makeall build
> make: Fatal error: Command failed for target `build'
> chmod: WARNING: can't access /var/ossec
> chown: unknown user id: root:ossec
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/queue/alerts
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/queue/ossec
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/queue/fts
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/queue/syscheck
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/queue/rootcheck
> chown: unknown user id: ossecr:ossec
> chmod: WARNING: can't access /var/ossec/queue/agent-info
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/stats
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/logs
> touch: cannot create /var/ossec/logs/ossec.log: No such file or directory
> chown: unknown user id: ossec:ossec
> chmod: WARNING: can't access /var/ossec/logs/ossec.log
> cp: /var/ossec/rules/ not found
> chown: unknown user id: root:ossec
> chmod: WARNING: can't access /var/ossec/rules
> chmod: WARNING: can't access /var/ossec/etc
> chown: unknown user id: root:ossec
> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>         cp [-f] [-i] [-p] [-@] f1 ... fn d1
>         cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
> chmod: WARNING: can't access /var/ossec/var/run
> chown: unknown user id: root:ossec
> cp: ../bin/ossec*: Not a directory
> cp: ../bin/manage_agents: Not a directory
> cp: ../bin/syscheck_update: Not a directory
> cp: ../bin/clear_stats: Not a directory
> cp: cannot create /var/ossec/bin/ossec-control: No such file or directory
> cp: cannot create /var/ossec/etc/: No such file or directory
> cp: /var/ossec/etc/shared/ not found
> cp: /var/ossec/active-response/bin/ not found
> chmod: WARNING: can't access /var/ossec/active-response/bin/*
> Not overwritting /etc/ossec.conf.
>
>
>   - Unknown system. No init script added.
>
>   - Configuration finished properly.
>
>   - To start OSSEC HIDS:
>                  /var/ossec/bin/ossec-control start
>
>   - To stop OSSEC HIDS:
>                  /var/ossec/bin/ossec-control stop
>
>   - The configuration can be viewed or modified at
> /var/ossec/etc/ossec.conf
>
>
>      Thanks for using the OSSEC HIDS.
>      If you have any question, suggestion or if you find any bug,
>      contact us at contact at ossec.net or using our public maillist at
>      ossec-list at ossec.net
>      (http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).
>
>      More information can be found at http://www.ossec.net
>
>      ---  Press ENTER to finish (maybe more information bellow). ---
> ........................................................................
>
> I am using gnu tools and software installed as packages via blastwave.org
> (e.g. gcc3, wget...) needed to install and compile ossec.
>
>
> Regards,
>
> Sebastian
>
>
>
>
>
> On Fri, 12 May 2006, ossec-list-request at ossec.net wrote:
>
> > Send ossec-list mailing list submissions to
> >       ossec-list at ossec.net
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >       http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> > or, via email, send a message with subject or body 'help' to
> >       ossec-list-request at ossec.net
> >
> > You can reach the person managing the list at
> >       ossec-list-owner at ossec.net
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of ossec-list digest..."
> >
> >
> > Today's Topics:
> >
> >   1. Version 0.8 of OSSEC HIDS is now available! (Daniel Cid)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 11 May 2006 17:17:30 -0300
> > From: "Daniel Cid" <daniel.cid at gmail.com>
> > Subject: [Ossec-list] Version 0.8 of OSSEC HIDS is now available!
> > To: "OSSEC Users List" <ossec-list at ossec.net>
> > Message-ID:
> >       <b92e6f200605111317n58aa5bale194d4cb30b4583e at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > This is the first version offering native support to
> > Windows NT, XP, 2000 and 2003. It includes as well a new set
> > of log analysis rules for sendmail, web logs (Apache and
> > IIS), IDSs and Windows authentication events.
> >
> > The correlation rules for squid, mail logs, firewall events
> > and authentication systems have been improved, detecting
> > scans, brute-force attacks, worms and internal attacks.
> > In addition to that, the active-responses were refined, with
> > support to IPFW (FreeBSD) added.
> >
> > The installation process was re-organized, now including simpler
> > configuration options and translation on 6 different languages
> > (English, Portuguese, German, Turkish, Polish and Italian).
> >
> >
> > To download the Unix and Windows versions:
> > http://www.ossec.net/en/downloads.html
> >
> >
> > Use our mailling list if you have any question or comment:
> > http://www.ossec.net/en/mailing_lists.html
> >
> >
> > More information about the Windows support:
> > http://www.ossec.net/en/manual.html#windows
> >
> >
> >
> > Detailed changelog (new features added):
> >
> > - Active response for IPFW (Thanks Welkson de Medeiros
> >   and Rafael Capovilla for the help).
> >
> > - Improved rules for Squid (Thanks Ahmet and Marcus Maciel for the help).
> >
> > - Rules for Sendmail (thanks Ahmet Ozturk).
> >
> > - Improvements to the host-deny active response, with
> >   support to locking added (Thanks Kayvan A. Sylvan).
> >
> > - Improvements to the installation script and the
> >   manage_agents tool, making it much simpler to use
> >   (thanks Ahmet and Kayvan for the help).
> >
> > - Installation in Italian (thanks Alberto Furia).
> >
> > - Installation in Polish (thanks Dziankowski Krzysztof).
> >
> > - Rules for Windows authentication, success audit and failure
> >   audit events.
> >
> > - Correlation rules for web logs (Apache and IIS).
> >
> > - Support for variable file names (based on date) to be monitored.
> >
> > - Support for Windows (Agent only).
> >   http://www.ossec.net/en/manual.html#windows
> >
> > - Support for IIS.
> >   http://www.ossec.net/en/manual.html#iis
> >
> > - Clean up of the configuration options and documentation on
> >   the web site.
> >   http://www.ossec.net/en/manual.html
> >
> > - Lot of new small features and bug fixes.
> >
> >
> > For more information:
> > http://www.ossec.net/
> >
> >
> > To download the new version:
> > http://www.ossec.net/en/downloads.html
> >
> >
> > We want to thanks everyone who sent comments, suggestions
> > or just some nice words to us! We really appreciate the
> > feedback!
> >
> > Daniel B. Cid (in name of the OSSEC HIDS team).
> > http://www.ossec.net/en/about.html#dev-team
> > http://www.ossec.net/announcements/v08-2006-05-12.txt
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
> >
> > End of ossec-list Digest, Vol 7, Issue 7
> > ****************************************
> >
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>