我正在尝试将设置为服务器的 ossec 机器从 2.6 和 2.7 更新到 2.7.1。
我下载了 ossec-hids-2.7.1.tar.gz,解压并运行 ./install.sh。它识别出有一个旧版本,询问我是否要更新,然后询问我是否要更新规则。我对两个问题都回答是,它编译了所有内容并似乎成功更新。新版本的 ossec 已在此目录中创建,但未写入 /var/ossec。/var/ossec/bin/ossec-agentd -V 仍显示旧版本。
在设置为代理的 ossec 机器上,此方法运行良好。看起来相当简单。我不确定我做错了什么。有什么想法吗?
它不适用于 Ubuntu 12.04 或 CentOS 6.5
我会转储我在这里看到的内容:(我删除了中间的一些编译内容,因为帖子中的字符不够了)
root@domain:~/initial_install/ossec-hids-2.7.1# ./install.sh
** Para instalação em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** A Magyar nyelvű telepítéshez válassza [hu].
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalować w języku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türkçe kurulum için seçin [tr].
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:
OSSEC HIDS v2.7.1 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to [email protected] (or [email protected]).
- System: Linux domain 3.5.0-44-generic
- User: root
- Host: domain
-- Press ENTER to continue or Ctrl-C to abort. --
- You already have OSSEC installed. Do you want to update it? (y/n): y
- Do you want to update the rules? (y/n): y
2- Setting up the installation environment.
- Installation will be made at /var/ossec .
5- Installing the system
- Running the Makefile
INFO: Little endian set.
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
gcc -c -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"zlib\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
ar cru libz.a *.o
ranlib libz.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
cp -pr zlib.h zconf.h ../../headers/
cp -pr libz.a ../
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
*** Making os_xml ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_xml'
gcc -DXML_VAR=\"var\" -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_xml\" -DXML_VAR=\"var\" -DOSSECHIDS -c os_xml.c os_xml_access.c os_xml_node_access.c os_xml_variables.c os_xml_writer.c
os_xml_variables.c: In function ‘OS_ApplyVariables’:
os_xml_variables.c:119:33: warning: variable ‘final’ set but not used [-Wunused-but-set-variable]
ar cru os_xml.a os_xml.o os_xml_access.o os_xml_node_access.o os_xml_variables.o os_xml_writer.o
ranlib os_xml.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_xml'
*** Making os_regex ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_regex'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_regex\" -DXML_VAR=\"var\" -DOSSECHIDS -c *.c -Wall
ar cru os_regex.a *.o
ranlib os_regex.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_regex'
*** Making os_net ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_net'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_net\" -DXML_VAR=\"var\" -DOSSECHIDS -c os_net.c
ar cru os_net.a os_net.o
ranlib os_net.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_net'
*** Making os_crypto ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/blowfish'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"blowfish_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c bf_op.c bf_skey.c bf_enc.c
ar cru bf_op.a bf_op.o bf_skey.o bf_enc.o
ranlib bf_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/blowfish'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"md5_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c md5.c md5_op.c
ar cru md5_op.a md5_op.o md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/sha1'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"sha1_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c sha1_op.c
ar cru sha1_op.a sha1_op.o
ranlib sha1_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/sha1'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5_sha1'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"md5_sha1_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c ../md5/md5.c md5_sha1_op.c
ar cru md5_op.a md5_sha1_op.o ../md5/md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5_sha1'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/shared'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"shared\" -DXML_VAR=\"var\" -DOSSECHIDS -c *.c
ar cru shared.a *.o
ranlib shared.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/shared'
ar cru os_crypto.a blowfish/bf_op.o blowfish/bf_skey.o blowfish/bf_enc.o md5/md5_op.o md5/md5.o sha1/sha1_op.o md5_sha1/md5_sha1_op.o shared/*.o
ranlib os_crypto.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto'
*** Making shared ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/shared'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"shared-libs\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
read-agents.c: In function ‘_do_print_rootcheck’:
read-agents.c:570:12: warning: variable ‘c_time’ set but not used [-Wunused-but-set-variable]
read-agents.c: In function ‘get_agent_info’:
read-agents.c:1280:10: warning: variable ‘tmp_file’ set but not used [-Wunused-but-set-variable]
ar cru lib_shared.a *.o
ranlib lib_shared.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/shared'
*** Making config ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/config'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-config\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
ar cru lib_config.a *.o
ranlib lib_config.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/config'
*** Making os_maild ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-maild\" -DXML_VAR=\"var\" -DOSSECHIDS maild.c config.c os_maild_client.c sendmail.c mail_list.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-maild
maild.c: In function ‘OS_Run’:
maild.c:198:9: warning: variable ‘today’ set but not used [-Wunused-but-set-variable]
sendmail.c: In function ‘OS_Sendmail’:
sendmail.c:288:10: warning: variable ‘additional_to’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
*** Making os_dbd ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
Compiling DB support with:
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-dbd\" -DXML_VAR=\"var\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-dbd
db_op.c: In function ‘none_osdb_connect’:
db_op.c:402:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_close’:
db_op.c:414:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_query_insert’:
db_op.c:422:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_query_select’:
db_op.c:431:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
*** Making monitord ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DXML_VAR=\"var\" -DOSSECHIDS compress_log.c main.c manage_files.c monitor_agents.c monitord.c sign_log.c generate_reports.c ../os_maild/sendcustomemail.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-monitord
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DXML_VAR=\"var\" -DOSSECHIDS -UARGV0 -DARGV0=\"ossec-reportd\" report.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-reportd
report.c: In function ‘main’:
report.c:48:11: warning: variable ‘cfg’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
*** Making os_auth ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DXML_VAR=\"var\" -DOSSECHIDS main-server.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-authd
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DXML_VAR=\"var\" -DOSSECHIDS main-client.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o agent-auth
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
cp -pr ossec-maild ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
cp -pr ossec-dbd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_csyslogd'
cp -pr ossec-csyslogd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_csyslogd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/agentlessd'
cp -pr ossec-agentlessd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/agentlessd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_execd'
cp -pr ossec-execd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_execd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/analysisd'
cp -pr ossec-analysisd ../../bin
cp -pr ossec-logtest ../../bin
cp -pr ossec-makelists ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/analysisd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/logcollector'
cp -pr ossec-logcollector ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/logcollector'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/remoted'
cp -pr ossec-remoted ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/remoted'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/client-agent'
cp -pr ossec-agentd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/client-agent'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/addagent'
cp -pr manage_agents ../../bin
cp -pr manage_agents ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/addagent'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/util'
cp -pr syscheck_update clear_stats list_agents syscheck_control rootcheck_control agent_control verify-agent-conf ossec-regex ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/util'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/rootcheck'
make[1]: Nothing to be done for `build'.
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/rootcheck'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/syscheckd'
cp -pr ossec-syscheckd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/syscheckd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
cp -pr ossec-monitord ../../bin
cp -pr ossec-reportd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
cp -pr ossec-authd ../../bin
cp -pr agent-auth ossec-authd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
Killing ossec-monitord ..
Killing ossec-logcollector ..
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
Killing ossec-maild ..
Killing ossec-execd ..
OSSEC HIDS v2.7.1 Stopped
Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
- Configuration finished properly.
- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf
Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at [email protected] or using our public maillist at
[email protected]
( http://www.ossec.net/main/support/ ).
More information can be found at http://www.ossec.net
--- Press ENTER to finish (maybe more information below). ---
- Update completed.
root@domain:~/initial_install/ossec-hids-2.7.1# /var/ossec/bin/ossec-agentd -V
OSSEC HIDS v2.7 - Trend Micro Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation. For more details, go to
http://www.ossec.net/main/license/