[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [Ossec-list] installing ossec in a Zone (Solaris 10, SPARC)
From: sebastian.benner () FernUni-Hagen ! de (Sebastian Benner)
Date: 2006-05-16 13:35:21
Message-ID: 20060516132501.W74303 () hubbard ! fernuni-hagen ! de
[Download RAW message or body]
Hello Ahmet,
unfortunately I am not root on our zone server. This is what my co-worker
just send me a minute ago:
--------------------------------
# zonecfg -z ossec-server
zonecfg:ossec-server> info
zonepath: /zone1/ossec-server
autoboot: true
pool:
net:
address: 132.176.114.130
physical: bge0
zonecfg:ossec-server>
-------------------------------
She told me that there are no inherit-pkg-dir entries. Maybe she can allow
me to install ossec-hids on Solaris 10 outside a zone, but this will take
some time, because first we have to find a machine for testing.
Regards,
Sebastian Benner
On Tue, 16 May 2006, ahmet ozturk wrote:
> Hi Sebastian,
>
> First I should admit that I have no personal experience with Zone
> technology on Solaris. As far as I read about it, I guess it may be the
> cause of problem. However, I want to test it. Is it possible to send
> your Zone configuration(info), especially the "inherit-pkg-dir" entries
> if exists?
>
> Also, if you are the root of the main Solaris instance, is it possible
> for you to install ossec-hids on that instance -not on a zone- for test
> purposes?
>
> Regards,
>
> Ahmet Ozturk.
>
>
> Sebastian Benner wrote:
>> Hi Ahmet,
>>
>> here I have got some additional info about my system for you:
>>
>>
>> ----------------------------------------------------------------------------
>> bash-3.00# showrev -c make
>>
>> PATH is:
>> /opt/csw/bin:/opt/csw/gcc3/bin:/usr/ucb:/usr/ccs/bin:/usr/sbin:/usr/bin
>>
>> PWD is:
>> /tmp/ossec-hids-0.8
>>
>> LD_LIBRARY_PATH is not set in the current environment
>> ________________________________________________________________________
>>
>> File: /usr/ccs/bin/make
>> =======================
>> File type: ELF 32-bit MSB executable SPARC Version 1, dynamically linked,
>> stripped
>> Command version: RELEASE VERSION SunOS 5.10 Patch 118676-01 March 2005
>>
>> File mode: rwxr-xr-x
>> User owning file: root
>> Group owning file: bin
>> Library information:
>> libintl.so.1 => /lib/libintl.so.1
>> libnsl.so.1 => /lib/libnsl.so.1
>> libsocket.so.1 => /lib/libsocket.so.1
>> libw.so.1 => /lib/libw.so.1
>> libm.so.1 => /lib/libm.so.1
>> libc.so.1 => /lib/libc.so.1
>> libmp.so.2 => /lib/libmp.so.2
>> libmd5.so.1 => /lib/libmd5.so.1
>> libscf.so.1 => /lib/libscf.so.1
>> libdoor.so.1 => /lib/libdoor.so.1
>> libuutil.so.1 => /lib/libuutil.so.1
>> libm.so.2 => /lib/libm.so.2
>> /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
>> /platform/SUNW,Sun-Fire-V240/lib/libmd5_psr.so.1
>> Sum: 58362
>>
>> ----------------------------------------------------------------------------
>>
>> I tested mkdir -p ../bin and it works.
>>
>> Regards,
>>
>> Sebastian Benner
>>
>>
>>
>>> Hi Sebastian,
>>>
>>> In addition to Daniel's suggestions, is it possible to verify that
>>> "mkdir -p ../bin" creates the directory on your system.
>>> Btw, I'm using Solaris 10 on x86 and GNU make v3.80 without any
>>> problem. Is it possible to tell us which version of make you're using,
>>> and is your system Solaris 10 on Sparc or x86?
>>>
>>> Regards,
>>>
>>> Ahmet Ozturk.
>>>
>>> Daniel Cid wrote:
>>>
>>>> Hi Sebastian,
>>>>
>>>> Looks like the "bin" directory wasn't created for some reason... Can
>>>> you do the following:
>>>>
>>>> -Remove /var/ossec (rm -rf /var/ossec)
>>>> -Start the installation process again (cd ossec-hids-0.8).
>>>> -Before running the install.sh script, create ./bin (mkdir ./bin).
>>>> -Run ./install.sh and see if it works.
>>>>
>>>> *I don't have Solaris in here, so I can't help you much more than that.
>>>> Probably Ahmet (the Solaris guy :)) will be able to give you a better
>>>> answer.
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Daniel B. Cid
>>>> dcid @ ( at ) ossec.net
>>>>
>>>> On 5/15/06, Sebastian Benner <sebastian.benner at fernuni-hagen.de> wrote:
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> I tried to install ossec 0.8 on a Solaris 10 Zone. The install script
>>>>> worked so far, but some errors occured making it impossible to start
>>>>> ossec :-(
>>>>>
>>>>> .......................................................................
>>>>> *** Making syscheckd ***
>>>>>
>>>>> gcc -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL
>>>>> -lsocket -lnsl -lresolv -DSOLARIS -DHIGHFIRST -include strings.h
>>>>> -DARGV0=\"ossec-syscheckd\" -DXML_VAR=\"var\" -DOSSECHIDS syscheck.c
>>>>> config.c create_db.c run_check.c ../config/*.c ../shared/lib_shared.a
>>>>> ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a
>>>>> ../os_crypto/os_crypto.a ../rootcheck/rootcheck_lib.a -o ossec-syscheckd
>>>>> cp -pr ossec-maild ../../bin
>>>>> cp -pr ossec-execd ../../bin
>>>>> cp -pr ossec-analysisd ../../bin
>>>>> cp -pr ossec-logcollector ../../bin
>>>>> cp -pr ossec-remoted ../../bin
>>>>> cp -pr ossec-agentd ../../bin
>>>>> cp -pr manage_agents ../../bin
>>>>> cp -pr manage_agents ../../bin
>>>>> cp -pr syscheck_update clear_stats ../../bin
>>>>> cp: Target ../../bin must be a directory
>>>>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>>>>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>>>>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>>>>> *** Error code 2
>>>>> make: Fatal error: Command failed for target `build'
>>>>> Current working directory /tmp/ossec-hids-0.8/src/util
>>>>>
>>>>> Error Making the binaries
>>>>> *** Error code 1
>>>>> The following command caused the error:
>>>>> /bin/sh ./Makeall build
>>>>> make: Fatal error: Command failed for target `build'
>>>>> chmod: WARNING: can't access /var/ossec
>>>>> chown: unknown user id: root:ossec
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/alerts
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/ossec
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/fts
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/syscheck
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/rootcheck
>>>>> chown: unknown user id: ossecr:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/agent-info
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/stats
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/logs
>>>>> touch: cannot create /var/ossec/logs/ossec.log: No such file or
>>>>> directory
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/logs/ossec.log
>>>>> cp: /var/ossec/rules/ not found
>>>>> chown: unknown user id: root:ossec
>>>>> chmod: WARNING: can't access /var/ossec/rules
>>>>> chmod: WARNING: can't access /var/ossec/etc
>>>>> chown: unknown user id: root:ossec
>>>>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>>>>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>>>>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>>>>> chmod: WARNING: can't access /var/ossec/var/run
>>>>> chown: unknown user id: root:ossec
>>>>> cp: ../bin/ossec*: Not a directory
>>>>> cp: ../bin/manage_agents: Not a directory
>>>>> cp: ../bin/syscheck_update: Not a directory
>>>>> cp: ../bin/clear_stats: Not a directory
>>>>> cp: cannot create /var/ossec/bin/ossec-control: No such file or
>>>>> directory
>>>>> cp: cannot create /var/ossec/etc/: No such file or directory
>>>>> cp: /var/ossec/etc/shared/ not found
>>>>> cp: /var/ossec/active-response/bin/ not found
>>>>> chmod: WARNING: can't access /var/ossec/active-response/bin/*
>>>>> Not overwritting /etc/ossec.conf.
>>>>>
>>>>>
>>>>> - Unknown system. No init script added.
>>>>>
>>>>> - Configuration finished properly.
>>>>>
>>>>> - To start OSSEC HIDS:
>>>>> /var/ossec/bin/ossec-control start
>>>>>
>>>>> - To stop OSSEC HIDS:
>>>>> /var/ossec/bin/ossec-control stop
>>>>>
>>>>> - The configuration can be viewed or modified at
>>>>> /var/ossec/etc/ossec.conf
>>>>>
>>>>>
>>>>> Thanks for using the OSSEC HIDS.
>>>>> If you have any question, suggestion or if you find any bug,
>>>>> contact us at contact at ossec.net or using our public maillist at
>>>>> ossec-list at ossec.net
>>>>> (http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).
>>>>>
>>>>> More information can be found at http://www.ossec.net
>>>>>
>>>>> --- Press ENTER to finish (maybe more information bellow). ---
>>>>> ........................................................................
>>>>>
>>>>> I am using gnu tools and software installed as packages via
>>>>> blastwave.org
>>>>> (e.g. gcc3, wget...) needed to install and compile ossec.
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Sebastian
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, 12 May 2006, ossec-list-request at ossec.net wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Send ossec-list mailing list submissions to
>>>>>> ossec-list at ossec.net
>>>>>>
>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>> ossec-list-request at ossec.net
>>>>>>
>>>>>> You can reach the person managing the list at
>>>>>> ossec-list-owner at ossec.net
>>>>>>
>>>>>> When replying, please edit your Subject line so it is more specific
>>>>>> than "Re: Contents of ossec-list digest..."
>>>>>>
>>>>>>
>>>>>> Today's Topics:
>>>>>>
>>>>>> 1. Version 0.8 of OSSEC HIDS is now available! (Daniel Cid)
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>> Message: 1
>>>>>> Date: Thu, 11 May 2006 17:17:30 -0300
>>>>>> From: "Daniel Cid" <daniel.cid at gmail.com>
>>>>>> Subject: [Ossec-list] Version 0.8 of OSSEC HIDS is now available!
>>>>>> To: "OSSEC Users List" <ossec-list at ossec.net>
>>>>>> Message-ID:
>>>>>> <b92e6f200605111317n58aa5bale194d4cb30b4583e at mail.gmail.com>
>>>>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>>>>
>>>>>> This is the first version offering native support to
>>>>>> Windows NT, XP, 2000 and 2003. It includes as well a new set
>>>>>> of log analysis rules for sendmail, web logs (Apache and
>>>>>> IIS), IDSs and Windows authentication events.
>>>>>>
>>>>>> The correlation rules for squid, mail logs, firewall events
>>>>>> and authentication systems have been improved, detecting
>>>>>> scans, brute-force attacks, worms and internal attacks.
>>>>>> In addition to that, the active-responses were refined, with
>>>>>> support to IPFW (FreeBSD) added.
>>>>>>
>>>>>> The installation process was re-organized, now including simpler
>>>>>> configuration options and translation on 6 different languages
>>>>>> (English, Portuguese, German, Turkish, Polish and Italian).
>>>>>>
>>>>>>
>>>>>> To download the Unix and Windows versions:
>>>>>> http://www.ossec.net/en/downloads.html
>>>>>>
>>>>>>
>>>>>> Use our mailling list if you have any question or comment:
>>>>>> http://www.ossec.net/en/mailing_lists.html
>>>>>>
>>>>>>
>>>>>> More information about the Windows support:
>>>>>> http://www.ossec.net/en/manual.html#windows
>>>>>>
>>>>>>
>>>>>>
>>>>>> Detailed changelog (new features added):
>>>>>>
>>>>>> - Active response for IPFW (Thanks Welkson de Medeiros
>>>>>> and Rafael Capovilla for the help).
>>>>>>
>>>>>> - Improved rules for Squid (Thanks Ahmet and Marcus Maciel for the
>>>>>> help).
>>>>>>
>>>>>> - Rules for Sendmail (thanks Ahmet Ozturk).
>>>>>>
>>>>>> - Improvements to the host-deny active response, with
>>>>>> support to locking added (Thanks Kayvan A. Sylvan).
>>>>>>
>>>>>> - Improvements to the installation script and the
>>>>>> manage_agents tool, making it much simpler to use
>>>>>> (thanks Ahmet and Kayvan for the help).
>>>>>>
>>>>>> - Installation in Italian (thanks Alberto Furia).
>>>>>>
>>>>>> - Installation in Polish (thanks Dziankowski Krzysztof).
>>>>>>
>>>>>> - Rules for Windows authentication, success audit and failure
>>>>>> audit events.
>>>>>>
>>>>>> - Correlation rules for web logs (Apache and IIS).
>>>>>>
>>>>>> - Support for variable file names (based on date) to be monitored.
>>>>>>
>>>>>> - Support for Windows (Agent only).
>>>>>> http://www.ossec.net/en/manual.html#windows
>>>>>>
>>>>>> - Support for IIS.
>>>>>> http://www.ossec.net/en/manual.html#iis
>>>>>>
>>>>>> - Clean up of the configuration options and documentation on
>>>>>> the web site.
>>>>>> http://www.ossec.net/en/manual.html
>>>>>>
>>>>>> - Lot of new small features and bug fixes.
>>>>>>
>>>>>>
>>>>>> For more information:
>>>>>> http://www.ossec.net/
>>>>>>
>>>>>>
>>>>>> To download the new version:
>>>>>> http://www.ossec.net/en/downloads.html
>>>>>>
>>>>>>
>>>>>> We want to thanks everyone who sent comments, suggestions
>>>>>> or just some nice words to us! We really appreciate the
>>>>>> feedback!
>>>>>>
>>>>>> Daniel B. Cid (in name of the OSSEC HIDS team).
>>>>>> http://www.ossec.net/en/about.html#dev-team
>>>>>> http://www.ossec.net/announcements/v08-2006-05-12.txt
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> ossec-list mailing list
>>>>>> ossec-list at ossec.net
>>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>>
>>>>>>
>>>>>> End of ossec-list Digest, Vol 7, Issue 7
>>>>>> ****************************************
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> ossec-list mailing list
>>>>> ossec-list at ossec.net
>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>
>>>>
>>>> _______________________________________________
>>>> ossec-list mailing list
>>>> ossec-list at ossec.net
>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Tue, 16 May 2006 09:01:25 +0200 (CEST)
>>> From: Sebastian Benner <sebastian.benner at FernUni-Hagen.de>
>>> Subject: Re: [Ossec-list] ossec-list Digest, Vol 7, Issue 9
>>> To: ossec-list at ossec.net
>>> Message-ID: <20060516082704.C1119 at hubbard.fernuni-hagen.de>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>>
>>>
>>> Hello,
>>>
>>> thank's for the help. I just checked my installation directory:
>>>
>>> ..............................................................
>>> bash-3.00# cd bin
>>> bash: cd: bin: Not a directory
>>> bash-3.00# more bin
>>> ELF?4??4 (?44?????,?88?/usr/lib/ld.so.1
>>>
>>> ?!#$&(),0246789:;<>@BDFIJLMNOQRSTVXZ[\]^_`acefhiklpqrtwxyz{|}
>>> bash-3.00#
>>> bash-3.00# ls -alF
>>> total 200
>>> drwxr-xr-x 6 1000 1005 May 15 11:13 ./
>>> drwxrwxrwt 3 root 377 May 16 03:30 ../
>>> -rw-r--r-- 1 1000 3132 Feb 8 21:04 BUGS
>>> -rw-r--r-- 1 1000 18638 May 10 01:40 CHANGELOG
>>> -rw-r--r-- 1 1000 365 Apr 12 22:42 CONFIG
>>> -rw-r--r-- 1 1000 1240 May 4 21:29 CONTRIB
>>> -rw-r--r-- 1 1000 1926 Apr 12 22:42 INSTALL
>>> -rw-r--r-- 1 1000 1887 Mar 22 22:01 INSTALL.br
>>> -rw-r--r-- 1 1000 234 May 10 01:40 README
>>> -rw-r--r-- 1 1000 236 Feb 8 16:35 TODO
>>> drwxr-xr-x 3 1000 400 May 10 16:35 active-response/
>>> -rwxr-xr-x 1 root 42256 May 16 08:19 bin*
>>> drwxr-xr-x 3 1000 745 May 10 16:35 doc/
>>> drwxr-xr-x 4 1000 665 May 15 10:42 etc/
>>> -rwxr-xr-x 1 1000 19007 May 10 01:40 install.sh*
>>> drwxr-xr-x 23 1000 2015 May 15 10:43 src/
>>> ..............................................................
>>>
>>> bin is created, but it's a regular file and not a directory ...
>>> I removed bin and followed your hint (creating ./bin by hand). It's still
>>> not working ...
>>>
>>> ------------------------------------------------------------
>>> cp -pr ossec-maild ../../bin
>>> cp -pr ossec-execd ../../bin
>>> cp -pr ossec-analysisd ../../bin
>>> cp -pr ossec-logcollector ../../bin
>>> cp -pr ossec-remoted ../../bin
>>> cp -pr ossec-agentd ../../bin
>>> cp -pr manage_agents ../../bin
>>> cp -pr manage_agents ../../bin
>>> cp -pr syscheck_update clear_stats ../../bin
>>> cp -pr ossec-syscheckd ../../bin
>>> chmod: WARNING: can't access /var/ossec
>>> chown: unknown user id: root:ossec
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/alerts
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/ossec
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/fts
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/syscheck
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/rootcheck
>>> chown: unknown user id: ossecr:ossec
>>> chmod: WARNING: can't access /var/ossec/queue/agent-info
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/stats
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/logs
>>> touch: cannot create /var/ossec/logs/ossec.log: No such file or directory
>>> chown: unknown user id: ossec:ossec
>>> chmod: WARNING: can't access /var/ossec/logs/ossec.log
>>> cp: /var/ossec/rules/ not found
>>> chown: unknown user id: root:ossec
>>> chmod: WARNING: can't access /var/ossec/rules
>>> chmod: WARNING: can't access /var/ossec/etc
>>> chown: unknown user id: root:ossec
>>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>>> chmod: WARNING: can't access /var/ossec/var/run
>>> chown: unknown user id: root:ossec
>>> cp: /var/ossec/bin/ not found
>>> cp: cannot create /var/ossec/bin/: No such file or directory
>>> cp: cannot create /var/ossec/bin/: No such file or directory
>>> cp: cannot create /var/ossec/bin/: No such file or directory
>>> cp: cannot create /var/ossec/bin/ossec-control: No such file or directory
>>> cp: cannot create /var/ossec/etc/: No such file or directory
>>> cp: /var/ossec/etc/shared/ not found
>>> cp: /var/ossec/active-response/bin/ not found
>>> chmod: WARNING: can't access /var/ossec/active-response/bin/*
>>> Not overwritting /etc/ossec.conf.
>>> ------------------------------------------------------------
>>>
>>> bash-3.00# showrev
>>> Hostname: ossec-server
>>> Hostid: 83566709
>>> Release: 5.10
>>> Kernel architecture: sun4u
>>> Application architecture: sparc
>>> Hardware provider: Sun_Microsystems
>>> Domain:
>>> Kernel version: SunOS 5.10 Generic_118822-25
>>>
>>>
>>> Regards,
>>>
>>> Sebastian
>>>
>>>
>>>
>>>
>>>> Today's Topics:
>>>>
>>>> 1. Re: ossec-list Digest, Vol 7, Issue 7 (Daniel Cid)
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>>
>>>> Message: 1
>>>> Date: Mon, 15 May 2006 11:10:59 -0300
>>>> From: "Daniel Cid" <daniel.cid at gmail.com>
>>>> Subject: Re: [Ossec-list] ossec-list Digest, Vol 7, Issue 7
>>>> To: "Sebastian Benner" <sebastian.benner at fernuni-hagen.de>
>>>> Cc: ossec-list at ossec.net
>>>> Message-ID:
>>>> <b92e6f200605150710g4947bdf0ie5401bfd463c5050 at mail.gmail.com>
>>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>>
>>>> Hi Sebastian,
>>>>
>>>> Looks like the "bin" directory wasn't created for some reason... Can
>>>> you do the following:
>>>>
>>>> -Remove /var/ossec (rm -rf /var/ossec)
>>>> -Start the installation process again (cd ossec-hids-0.8).
>>>> -Before running the install.sh script, create ./bin (mkdir ./bin).
>>>> -Run ./install.sh and see if it works.
>>>>
>>>> *I don't have Solaris in here, so I can't help you much more than that.
>>>> Probably Ahmet (the Solaris guy :)) will be able to give you a better
>>>> answer.
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Daniel B. Cid
>>>> dcid @ ( at ) ossec.net
>>>>
>>>> On 5/15/06, Sebastian Benner <sebastian.benner at fernuni-hagen.de> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I tried to install ossec 0.8 on a Solaris 10 Zone. The install script
>>>>> worked so far, but some errors occured making it impossible to start
>>>>> ossec :-(
>>>>>
>>>>> .......................................................................
>>>>> *** Making syscheckd ***
>>>>>
>>>>> gcc -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL
>>>>> -lsocket -lnsl -lresolv -DSOLARIS -DHIGHFIRST -include strings.h
>>>>> -DARGV0=\"ossec-syscheckd\" -DXML_VAR=\"var\" -DOSSECHIDS syscheck.c
>>>>> config.c create_db.c run_check.c ../config/*.c ../shared/lib_shared.a
>>>>> ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a
>>>>> ../os_crypto/os_crypto.a ../rootcheck/rootcheck_lib.a -o ossec-syscheckd
>>>>> cp -pr ossec-maild ../../bin
>>>>> cp -pr ossec-execd ../../bin
>>>>> cp -pr ossec-analysisd ../../bin
>>>>> cp -pr ossec-logcollector ../../bin
>>>>> cp -pr ossec-remoted ../../bin
>>>>> cp -pr ossec-agentd ../../bin
>>>>> cp -pr manage_agents ../../bin
>>>>> cp -pr manage_agents ../../bin
>>>>> cp -pr syscheck_update clear_stats ../../bin
>>>>> cp: Target ../../bin must be a directory
>>>>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>>>>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>>>>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>>>>> *** Error code 2
>>>>> make: Fatal error: Command failed for target `build'
>>>>> Current working directory /tmp/ossec-hids-0.8/src/util
>>>>>
>>>>> Error Making the binaries
>>>>> *** Error code 1
>>>>> The following command caused the error:
>>>>> /bin/sh ./Makeall build
>>>>> make: Fatal error: Command failed for target `build'
>>>>> chmod: WARNING: can't access /var/ossec
>>>>> chown: unknown user id: root:ossec
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/alerts
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/ossec
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/fts
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/syscheck
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/rootcheck
>>>>> chown: unknown user id: ossecr:ossec
>>>>> chmod: WARNING: can't access /var/ossec/queue/agent-info
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/stats
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/logs
>>>>> touch: cannot create /var/ossec/logs/ossec.log: No such file or
>>>>> directory
>>>>> chown: unknown user id: ossec:ossec
>>>>> chmod: WARNING: can't access /var/ossec/logs/ossec.log
>>>>> cp: /var/ossec/rules/ not found
>>>>> chown: unknown user id: root:ossec
>>>>> chmod: WARNING: can't access /var/ossec/rules
>>>>> chmod: WARNING: can't access /var/ossec/etc
>>>>> chown: unknown user id: root:ossec
>>>>> Usage: cp [-f] [-i] [-p] [-@] f1 f2
>>>>> cp [-f] [-i] [-p] [-@] f1 ... fn d1
>>>>> cp -r|-R [-H|-L|-P] [-f] [-i] [-p] [-@] d1 ... dn-1 dn
>>>>> chmod: WARNING: can't access /var/ossec/var/run
>>>>> chown: unknown user id: root:ossec
>>>>> cp: ../bin/ossec*: Not a directory
>>>>> cp: ../bin/manage_agents: Not a directory
>>>>> cp: ../bin/syscheck_update: Not a directory
>>>>> cp: ../bin/clear_stats: Not a directory
>>>>> cp: cannot create /var/ossec/bin/ossec-control: No such file or
>>>>> directory
>>>>> cp: cannot create /var/ossec/etc/: No such file or directory
>>>>> cp: /var/ossec/etc/shared/ not found
>>>>> cp: /var/ossec/active-response/bin/ not found
>>>>> chmod: WARNING: can't access /var/ossec/active-response/bin/*
>>>>> Not overwritting /etc/ossec.conf.
>>>>>
>>>>>
>>>>> - Unknown system. No init script added.
>>>>>
>>>>> - Configuration finished properly.
>>>>>
>>>>> - To start OSSEC HIDS:
>>>>> /var/ossec/bin/ossec-control start
>>>>>
>>>>> - To stop OSSEC HIDS:
>>>>> /var/ossec/bin/ossec-control stop
>>>>>
>>>>> - The configuration can be viewed or modified at
>>>>> /var/ossec/etc/ossec.conf
>>>>>
>>>>>
>>>>> Thanks for using the OSSEC HIDS.
>>>>> If you have any question, suggestion or if you find any bug,
>>>>> contact us at contact at ossec.net or using our public maillist at
>>>>> ossec-list at ossec.net
>>>>> (http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).
>>>>>
>>>>> More information can be found at http://www.ossec.net
>>>>>
>>>>> --- Press ENTER to finish (maybe more information bellow). ---
>>>>> ........................................................................
>>>>>
>>>>> I am using gnu tools and software installed as packages via
>>>>> blastwave.org
>>>>> (e.g. gcc3, wget...) needed to install and compile ossec.
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Sebastian
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, 12 May 2006, ossec-list-request at ossec.net wrote:
>>>>>
>>>>>
>>>>>> Send ossec-list mailing list submissions to
>>>>>> ossec-list at ossec.net
>>>>>>
>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>> ossec-list-request at ossec.net
>>>>>>
>>>>>> You can reach the person managing the list at
>>>>>> ossec-list-owner at ossec.net
>>>>>>
>>>>>> When replying, please edit your Subject line so it is more specific
>>>>>> than "Re: Contents of ossec-list digest..."
>>>>>>
>>>>>>
>>>>>> Today's Topics:
>>>>>>
>>>>>> 1. Version 0.8 of OSSEC HIDS is now available! (Daniel Cid)
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>> Message: 1
>>>>>> Date: Thu, 11 May 2006 17:17:30 -0300
>>>>>> From: "Daniel Cid" <daniel.cid at gmail.com>
>>>>>> Subject: [Ossec-list] Version 0.8 of OSSEC HIDS is now available!
>>>>>> To: "OSSEC Users List" <ossec-list at ossec.net>
>>>>>> Message-ID:
>>>>>> <b92e6f200605111317n58aa5bale194d4cb30b4583e at mail.gmail.com>
>>>>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>>>>
>>>>>> This is the first version offering native support to
>>>>>> Windows NT, XP, 2000 and 2003. It includes as well a new set
>>>>>> of log analysis rules for sendmail, web logs (Apache and
>>>>>> IIS), IDSs and Windows authentication events.
>>>>>>
>>>>>> The correlation rules for squid, mail logs, firewall events
>>>>>> and authentication systems have been improved, detecting
>>>>>> scans, brute-force attacks, worms and internal attacks.
>>>>>> In addition to that, the active-responses were refined, with
>>>>>> support to IPFW (FreeBSD) added.
>>>>>>
>>>>>> The installation process was re-organized, now including simpler
>>>>>> configuration options and translation on 6 different languages
>>>>>> (English, Portuguese, German, Turkish, Polish and Italian).
>>>>>>
>>>>>>
>>>>>> To download the Unix and Windows versions:
>>>>>> http://www.ossec.net/en/downloads.html
>>>>>>
>>>>>>
>>>>>> Use our mailling list if you have any question or comment:
>>>>>> http://www.ossec.net/en/mailing_lists.html
>>>>>>
>>>>>>
>>>>>> More information about the Windows support:
>>>>>> http://www.ossec.net/en/manual.html#windows
>>>>>>
>>>>>>
>>>>>>
>>>>>> Detailed changelog (new features added):
>>>>>>
>>>>>> - Active response for IPFW (Thanks Welkson de Medeiros
>>>>>> and Rafael Capovilla for the help).
>>>>>>
>>>>>> - Improved rules for Squid (Thanks Ahmet and Marcus Maciel for the
>>>>>> help).
>>>>>>
>>>>>> - Rules for Sendmail (thanks Ahmet Ozturk).
>>>>>>
>>>>>> - Improvements to the host-deny active response, with
>>>>>> support to locking added (Thanks Kayvan A. Sylvan).
>>>>>>
>>>>>> - Improvements to the installation script and the
>>>>>> manage_agents tool, making it much simpler to use
>>>>>> (thanks Ahmet and Kayvan for the help).
>>>>>>
>>>>>> - Installation in Italian (thanks Alberto Furia).
>>>>>>
>>>>>> - Installation in Polish (thanks Dziankowski Krzysztof).
>>>>>>
>>>>>> - Rules for Windows authentication, success audit and failure
>>>>>> audit events.
>>>>>>
>>>>>> - Correlation rules for web logs (Apache and IIS).
>>>>>>
>>>>>> - Support for variable file names (based on date) to be monitored.
>>>>>>
>>>>>> - Support for Windows (Agent only).
>>>>>> http://www.ossec.net/en/manual.html#windows
>>>>>>
>>>>>> - Support for IIS.
>>>>>> http://www.ossec.net/en/manual.html#iis
>>>>>>
>>>>>> - Clean up of the configuration options and documentation on
>>>>>> the web site.
>>>>>> http://www.ossec.net/en/manual.html
>>>>>>
>>>>>> - Lot of new small features and bug fixes.
>>>>>>
>>>>>>
>>>>>> For more information:
>>>>>> http://www.ossec.net/
>>>>>>
>>>>>>
>>>>>> To download the new version:
>>>>>> http://www.ossec.net/en/downloads.html
>>>>>>
>>>>>>
>>>>>> We want to thanks everyone who sent comments, suggestions
>>>>>> or just some nice words to us! We really appreciate the
>>>>>> feedback!
>>>>>>
>>>>>> Daniel B. Cid (in name of the OSSEC HIDS team).
>>>>>> http://www.ossec.net/en/about.html#dev-team
>>>>>> http://www.ossec.net/announcements/v08-2006-05-12.txt
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> ossec-list mailing list
>>>>>> ossec-list at ossec.net
>>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>>
>>>>>>
>>>>>> End of ossec-list Digest, Vol 7, Issue 7
>>>>>> ****************************************
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> ossec-list mailing list
>>>>> ossec-list at ossec.net
>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> _______________________________________________
>>>> ossec-list mailing list
>>>> ossec-list at ossec.net
>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>
>>>>
>>>> End of ossec-list Digest, Vol 7, Issue 9
>>>> ****************************************
>>>>
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> ossec-list mailing list
>>> ossec-list at ossec.net
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>>
>>> End of ossec-list Digest, Vol 7, Issue 10
>>> *****************************************
>>>
>>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic