I'm trying to update ossec machines setup as servers from 2.6 and 2.7 to 2.7.1.
I download the ossec-hids-2.7.1.tar.gz, extract it, and run the ./install.sh. It recognizes there's a previous version, asks me if I want to update, then asks me if I want to update the rules. I say yes to both and it compiles everything and appears to successfully update. The new version of ossec is created in this directory, but it isn't being written to /var/ossec. /var/ossec/bin/ossec-agentd -V still shows the old version.
This is working fine on ossec machines setup as agents. Seems fairly straightforward. I'm not sure what I'm doing wrong. Any ideas?
Its not working on Ubuntu 12.04 or CentOS 6.5
I'll dump in what I'm seeing here: (i deleted some compiling in the middle b/c i ran out of characters in the post)
root@domain:~/initial_install/ossec-hids-2.7.1# ./install.sh
** Para instalação em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** A Magyar nyelvű telepítéshez válassza [hu].
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalować w języku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türkçe kurulum için seçin [tr].
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:
OSSEC HIDS v2.7.1 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).
- System: Linux domain 3.5.0-44-generic
- User: root
- Host: domain
-- Press ENTER to continue or Ctrl-C to abort. --
- You already have OSSEC installed. Do you want to update it? (y/n): y
- Do you want to update the rules? (y/n): y
2- Setting up the installation environment.
- Installation will be made at /var/ossec .
5- Installing the system
- Running the Makefile
INFO: Little endian set.
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
gcc -c -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"zlib\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
ar cru libz.a *.o
ranlib libz.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
cp -pr zlib.h zconf.h ../../headers/
cp -pr libz.a ../
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/external/zlib-1.2.3'
*** Making os_xml ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_xml'
gcc -DXML_VAR=\"var\" -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_xml\" -DXML_VAR=\"var\" -DOSSECHIDS -c os_xml.c os_xml_access.c os_xml_node_access.c os_xml_variables.c os_xml_writer.c
os_xml_variables.c: In function ‘OS_ApplyVariables’:
os_xml_variables.c:119:33: warning: variable ‘final’ set but not used [-Wunused-but-set-variable]
ar cru os_xml.a os_xml.o os_xml_access.o os_xml_node_access.o os_xml_variables.o os_xml_writer.o
ranlib os_xml.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_xml'
*** Making os_regex ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_regex'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_regex\" -DXML_VAR=\"var\" -DOSSECHIDS -c *.c -Wall
ar cru os_regex.a *.o
ranlib os_regex.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_regex'
*** Making os_net ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_net'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"os_net\" -DXML_VAR=\"var\" -DOSSECHIDS -c os_net.c
ar cru os_net.a os_net.o
ranlib os_net.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_net'
*** Making os_crypto ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/blowfish'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"blowfish_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c bf_op.c bf_skey.c bf_enc.c
ar cru bf_op.a bf_op.o bf_skey.o bf_enc.o
ranlib bf_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/blowfish'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"md5_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c md5.c md5_op.c
ar cru md5_op.a md5_op.o md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/sha1'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"sha1_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c sha1_op.c
ar cru sha1_op.a sha1_op.o
ranlib sha1_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/sha1'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5_sha1'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"md5_sha1_op\" -DXML_VAR=\"var\" -DOSSECHIDS -c ../md5/md5.c md5_sha1_op.c
ar cru md5_op.a md5_sha1_op.o ../md5/md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/md5_sha1'
make[2]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/shared'
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"shared\" -DXML_VAR=\"var\" -DOSSECHIDS -c *.c
ar cru shared.a *.o
ranlib shared.a
make[2]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto/shared'
ar cru os_crypto.a blowfish/bf_op.o blowfish/bf_skey.o blowfish/bf_enc.o md5/md5_op.o md5/md5.o sha1/sha1_op.o md5_sha1/md5_sha1_op.o shared/*.o
ranlib os_crypto.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_crypto'
*** Making shared ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/shared'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"shared-libs\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
read-agents.c: In function ‘_do_print_rootcheck’:
read-agents.c:570:12: warning: variable ‘c_time’ set but not used [-Wunused-but-set-variable]
read-agents.c: In function ‘get_agent_info’:
read-agents.c:1280:10: warning: variable ‘tmp_file’ set but not used [-Wunused-but-set-variable]
ar cru lib_shared.a *.o
ranlib lib_shared.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/shared'
*** Making config ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/config'
gcc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-config\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
ar cru lib_config.a *.o
ranlib lib_config.a
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/config'
*** Making os_maild ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-maild\" -DXML_VAR=\"var\" -DOSSECHIDS maild.c config.c os_maild_client.c sendmail.c mail_list.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-maild
maild.c: In function ‘OS_Run’:
maild.c:198:9: warning: variable ‘today’ set but not used [-Wunused-but-set-variable]
sendmail.c: In function ‘OS_Sendmail’:
sendmail.c:288:10: warning: variable ‘additional_to’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
*** Making os_dbd ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
Compiling DB support with:
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-dbd\" -DXML_VAR=\"var\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-dbd
db_op.c: In function ‘none_osdb_connect’:
db_op.c:402:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_close’:
db_op.c:414:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_query_insert’:
db_op.c:422:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
db_op.c: In function ‘none_osdb_query_select’:
db_op.c:431:11: warning: variable ‘tmp’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
*** Making monitord ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DXML_VAR=\"var\" -DOSSECHIDS compress_log.c main.c manage_files.c monitor_agents.c monitord.c sign_log.c generate_reports.c ../os_maild/sendcustomemail.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-monitord
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DXML_VAR=\"var\" -DOSSECHIDS -UARGV0 -DARGV0=\"ossec-reportd\" report.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-reportd
report.c: In function ‘main’:
report.c:48:11: warning: variable ‘cfg’ set but not used [-Wunused-but-set-variable]
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
*** Making os_auth ***
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DXML_VAR=\"var\" -DOSSECHIDS main-server.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-authd
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DXML_VAR=\"var\" -DOSSECHIDS main-client.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o agent-auth
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
cp -pr ossec-maild ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_maild'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
cp -pr ossec-dbd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_dbd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_csyslogd'
cp -pr ossec-csyslogd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_csyslogd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/agentlessd'
cp -pr ossec-agentlessd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/agentlessd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_execd'
cp -pr ossec-execd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_execd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/analysisd'
cp -pr ossec-analysisd ../../bin
cp -pr ossec-logtest ../../bin
cp -pr ossec-makelists ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/analysisd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/logcollector'
cp -pr ossec-logcollector ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/logcollector'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/remoted'
cp -pr ossec-remoted ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/remoted'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/client-agent'
cp -pr ossec-agentd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/client-agent'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/addagent'
cp -pr manage_agents ../../bin
cp -pr manage_agents ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/addagent'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/util'
cp -pr syscheck_update clear_stats list_agents syscheck_control rootcheck_control agent_control verify-agent-conf ossec-regex ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/util'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/rootcheck'
make[1]: Nothing to be done for `build'.
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/rootcheck'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/syscheckd'
cp -pr ossec-syscheckd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/syscheckd'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
cp -pr ossec-monitord ../../bin
cp -pr ossec-reportd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/monitord'
make[1]: Entering directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
cp -pr ossec-authd ../../bin
cp -pr agent-auth ossec-authd ../../bin
make[1]: Leaving directory `/root/initial_install/ossec-hids-2.7.1/src/os_auth'
Killing ossec-monitord ..
Killing ossec-logcollector ..
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
Killing ossec-maild ..
Killing ossec-execd ..
OSSEC HIDS v2.7.1 Stopped
Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
- Configuration finished properly.
- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf
Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at contact@ossec.net or using our public maillist at
ossec-list@ossec.net
( http://www.ossec.net/main/support/ ).
More information can be found at http://www.ossec.net
--- Press ENTER to finish (maybe more information below). ---
- Update completed.
root@domain:~/initial_install/ossec-hids-2.7.1# /var/ossec/bin/ossec-agentd -V
OSSEC HIDS v2.7 - Trend Micro Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation. For more details, go to
http://www.ossec.net/main/license/
