From OSSEC Wiki
[edit]
Compile once and multiple installs
It is a recommended practice to install bare minimum on production servers in order to minimize the vulnerability front. If you get hacked you want to provide minimal functionality. Compiling software on production servers should be avoided. I recommend compiling OSSEC on a virtual machine or a computer with the tools this purpose. After compiling on the offline server, copy the source to the production server and configure OSSEC sources to install without re-compiling.
uncomment USER_BINARYINSTALL in file etc/preloaded-vars.conf
# If USER_BINARYINSTALL is set, the installation # is not going to compile the code, but use the # binaries from ./bin/ USER_BINARYINSTALL="x"
run ./install.sh