Package Details: ossec-hids-local 3.7.0-7

Git Clone URL: https://aur.archlinux.org/ossec-hids-local.git (read-only, click to copy)
Package Base: ossec-hids-local
Description: Open Source Host-based Intrusion Detection System - Standalone
Upstream URL: https://www.ossec.net/
Licenses: GPL2
Conflicts: ossec-hids-agent, ossec-hids-server
Provides: ossec-hids-server
Submitter: AlphaJack
Maintainer: AlphaJack
Last Packager: AlphaJack
Votes: 2
Popularity: 0.014608
First Submitted: 2023-08-21 18:16 (UTC)
Last Updated: 2023-08-29 18:08 (UTC)

Latest Comments

AlphaJack commented on 2023-08-29 18:10 (UTC)

I'm glad it works well now, I fixed these paths in revision 7!

pizzaman commented on 2023-08-29 03:41 (UTC)

@AlphaJack Thank you very much for maintaining this package. It installed great.

Minor correction in /etc/ossec.conf where it reads

    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>

should read instead

    <rootkit_files>/var/lib/ossec-hids/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/lib/ossec-hids/etc/shared/rootkit_trojans.txt</rootkit_trojans>

pizzaman commented on 2023-08-26 06:40 (UTC) (edited on 2023-08-26 06:41 (UTC) by pizzaman)

I'm having problems getting this package to work also tried it on chroot.

Building I get this error 

cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security         -fstack-clash-protection -fcf-protection -fcommon -I./external/compat -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/lib/ossec-hids\" -DUSER=\"ossec\" -DREMUSER=\"ossec\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossec\" -DLinux -DINOTIFY_ENABLED -DHAVE_SYSTEMD -DZLIB_SYSTEM -DUSE_PCRE2_JIT -DINOTIFY_ENABLED -DZEROMQ_OUTPUT_ENABLED -DLIBGEOIP_ENABLED -DSQLITE_ENABLED -DLIBOPENSSL_ENABLED -DLOCAL -Wall -Wextra -I./ -I./headers/ os_maild/config.o os_maild/mail_list.o os_maild/maild.o os_maild/os_maild_client.o os_maild/sendcustomemail.o os_maild/sendmail.o os_crypto.a config.a shared.a os_net.a os_regex.a os_xml.a -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -lm -lpthread -lsystemd -lpcre2-8 -lzmq -lczmq -lm -lGeoIP -lssl -lcrypto -lz  ./external/compat/imsg.c ./external/compat/imsg-buffer.c -o ossec-maild
/usr/bin/ld: cannot find -lGeoIP: No such file or directory
collect2: error: ld returned 1 exit status
make: *** [Makefile:929: ossec-maild] Error 1
==> ERROR: A failure occurred in build().
    Aborting...

Fixed by installing the missing dependency geoip

ossec-hids.sysusers is never installed, but there are still errors even if I try to run ossec-control as root.

$ sudo /var/lib/ossec-hids/bin/ossec-control start
Starting OSSEC HIDS v3.7.0...
ossec-analysisd: Configuration error. Exiting.

Or ossec-logtest

$ sudo /var/lib/ossec-hids/bin/ossec-logtest
2023/08/26 05:51:51 ossec-testrule: INFO: Reading local decoder file.
2023/08/26 05:51:51 ossec-testrule: INFO: Started (pid: 240780).
2023/08/26 05:51:51 ossec-testrule(1103): ERROR: Could not open file '/etc/internal_options.conf' due to [(13)-(Permission denied)].
2023/08/26 05:51:51 ossec-testrule(2301): ERROR: Definition not found for: 'analysisd.fts_list_size'.

Tried installing ossec manually from ossec.net and worked well.