ossec-hids
ossec-hids copied to clipboard
ossec
Build fails because of missing pcre2-10.32
Fix: Extract pcre2-10.32.tar.gz to src/external.
Get it here: https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
Thanks. We haven't really updated the documentation past 3.2 yet. I'm hoping we can add an option to use a system installed pcre2 as well, but I haven't looked into it yet.
EDIT: Looks like there is a PCRE2_SYSTEM option already. Nice
Tried
export PCRE2_SYSTEM=yes
sudo ./install.sh
Still no joy. Did I miss something?
untarring the tarball from the link in the first post to .../src/external works.
@d4t4king Was there any output that might help track down the issue? What OS/distro are you trying this on? Were the PCRE2 packages installed? Are there dev/devel packages that need to be installed?
@d4t4king Was there any output that might help track down the issue? What OS/distro are you trying this on? Were the PCRE2 packages installed? Are there dev/devel packages that need to be installed?
I don't have a clear recollection of anything useful. I will try to replicate and note the details this time.
OK, a little more details. This is on Ubuntu 18.04.
I removed the local git repo and recloned from github. cd into the local directory and ran sudo ./install.sh. ossec-hids is already installed, so I opted to update it. This is the error:
cc -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DZLIB_SYSTEM -I./external/pcre2-10.32//install/include/ -DPCRE2_STATIC -DUSE_PCRE2_JIT -DLOCAL -Wall -Wextra -I./ -I./headers/ -c external/cJSON/cJSON.c -o external/cJSON/cJSON.o
ar -crs libcJSON.a external/cJSON/cJSON.o
ranlib libcJSON.a
cd external/pcre2-10.32/ && \
./configure \
--prefix=/home/charlie/Downloads/ossec-hids/src/external/pcre2-10.32//install \
--enable-jit \
--disable-shared \
--enable-static && \
make install-libLTLIBRARIES install-nodist_includeHEADERS
/bin/sh: 1: cd: can't cd to external/pcre2-10.32/
Makefile:766: recipe for target 'external/pcre2-10.32//install/lib/libpcre2-8.a' failed
make: *** [external/pcre2-10.32//install/lib/libpcre2-8.a] Error 2
Error 0x5.
Building error. Unable to finish the installation.
@d4t4king It looks like you're not using PCRE2_SYSTEM=y (and have the appropriate package installed), and you didn't download the pcre2 source.
wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
tar xzf pcre2-10.32.tar.gz -C src/external
@d4t4king It looks like you're not using
PCRE2_SYSTEM=y(and have the appropriate package installed), and you didn't download the pcre2 source.wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz tar xzf pcre2-10.32.tar.gz -C src/external
So ALL of the above is required? o_O The last bit worked for me before without exporting PCRE2_SYSTEM. pcre2 was installed, but not the -dev package.
I don't have access to that system at the moment. I will test it again exporting the environment variable, but pretty sure that didn't work before.
OK had a little time to poke at this.
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"
# dpkg --get-selections | grep pcre
libpcre2-16-0:amd64 install
libpcre2-32-0:amd64 install
libpcre2-8-0:amd64 install
libpcre2-dev:amd64 install
libpcre2-posix0:amd64 install
libpcre3:amd64 install
pcregrep install
# env | grep PCRE
PCRE_SYSTEM=y
5- Installing the system
- Running the Makefile
cd external/pcre2-10.32/ && \
./configure \
--prefix=/home/charlie/Downloads/ossec-hids/src/external/pcre2-10.32//install \
--enable-jit \
--disable-shared \
--enable-static && \
make install-libLTLIBRARIES install-nodist_includeHEADERS
/bin/sh: 1: cd: can't cd to external/pcre2-10.32/
Makefile:766: recipe for target 'external/pcre2-10.32//install/lib/libpcre2-8.a' failed
make: *** [external/pcre2-10.32//install/lib/libpcre2-8.a] Error 2
Error 0x5.
Building error. Unable to finish the installation.
I'm not that great at make syntax, but it looks like the environment variable isn't being pulled in for some reason.
You may need to install libpcre3-dev as well.
libpcre3-dev is the "old" (as in NOT PCRE2) PCRE library. It's a little counter-intuitive. I'll give it a try.
On Mon, 1 Apr 2019, dataking wrote:
You may need to install libpcre3-dev as well.
libpcre3-dev is the "old" (as in NOT PCRE2) PCRE library. It's a little counter-intuitive. I'll give it a try.
Understood but you did have both listed in your package list so it might matter. This worked for me on an Ubuntu and a Mint system. For some reason the Ubuntu system also required a manual ldconfig after installing libpcre2.
Antonio Querubin e-mail: [email protected]
ok, it worked with the legacy pcre library (libpcre3-dev) installed, but then failed zlib. installing the zlib -dev library fixed that and it installed fine.
So maybe PCRE2_SYSTEM should be changed to PCRE_SYSTEM since it seems to look for the legacy PCRE lib with this option? Minor detail....
Other modern install scripts install the necessary packages, why not do that here?
I'm able to build on OpenBSD without the pcre package installed. On an Ubuntu 18.04 container, I don't have libpcre3-dev installed, and it compiled just fine.
ddp@u18:~/src/ossec-hids/src$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"
ddp@u18:~/src/ossec-hids/src$ dpkg --list | grep pcre
ii libpcre2-16-0:amd64 10.31-2 amd64 New Perl Compatible Regular Expression Library - 16 bit runtime files
ii libpcre2-32-0:amd64 10.31-2 amd64 New Perl Compatible Regular Expression Library - 32 bit runtime files
ii libpcre2-8-0:amd64 10.31-2 amd64 New Perl Compatible Regular Expression Library- 8 bit runtime files
ii libpcre2-dev:amd64 10.31-2 amd64 New Perl Compatible Regular Expression Library - development files
ii libpcre2-posix0:amd64 10.31-2 amd64 New Perl Compatible Regular Expression Library - posix-compatible runtime files
ri libpcre3:amd64 2:8.39-9 amd64 Old Perl 5 Compatible Regular Expression Library - runtime files
ddp@u18:~/src/ossec-hids/src$ PCRE2_SYSTEM=y make TARGET=local
blah blah blah
Done building local
Do I need to install a full system to reproduce this?
ddp@u18:~/src/ossec-hids/src$ PCRE2_SYSTEM=y make TARGET=local blah blah blah Done building local
Do I need to install a full system to reproduce this?
I see you built using make directly in the source. Try using install.sh. Maybe the requirement is imposed by the script and not the actual source.
I did a local installation via install.sh. Worked fine.
root@u18:~/src/ossec-hids# env PCRE2_SYSTEM=y ./install.sh 2>&1 | tee /tmp/buildlog_install
blah blah blah
- System is Debian (Ubuntu or derivative).
- Init script modified to start OSSEC HIDS during boot.
- Configuration finished properly.
- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf
Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at [email protected] or using our public maillist at
[email protected]
( http://www.ossec.net/main/support/ ).
More information can be found at http://www.ossec.net
--- Press ENTER to finish (maybe more information below). ---
Hi all, I tried an install on a armhf server today, with the master branch, and I got the libpcre error seen here. I tried to install all libpcre packages I could find with no (good) result. I didn't try to change the Makefile or anything (PCRE/PCRE2_SYSTEM parameter).
After that, I dropped to 3.2.0 branch (after deleting the install directory). Then I got an error about zlib, then I installed zlib1g-dev on my system, and the compilation worked...
Thanks to this thread, I was able to update from ossec 2.9.x to 3.3.0 on ubuntu 18.04 -- the two new packages I had to install were libpcre2-dev and zlib1g-dev. Specifically, this is what worked for me:
sudo apt install libpcre2-dev zlib1g-dev
sudo PCRE2_SYSTEM=yes ./install.sh
Hi everybody! You should extract pcre2-10.32.tar.gz to src/external for better performances. This way, installation is working and PCRE2 is compiled using jit, and is way more faster...
Note that PCRE2 is used for all regex, even for the default rules...
On a fresh Ubuntu Server 18.04.2 , installing the current stable (3.3.0) work with the @justinludwig solution below (https://github.com/ossec/ossec-hids/issues/1663#issuecomment-487341751)
I was able to get this working with just the following things @bcapptain @ddpbsd
wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
tar xzf pcre2-10.32.tar.gz -C src/external
OK had a little time to poke at this.
# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"# dpkg --get-selections | grep pcre libpcre2-16-0:amd64 install libpcre2-32-0:amd64 install libpcre2-8-0:amd64 install libpcre2-dev:amd64 install libpcre2-posix0:amd64 install libpcre3:amd64 install pcregrep install# env | grep PCRE PCRE_SYSTEM=y5- Installing the system - Running the Makefile cd external/pcre2-10.32/ && \ ./configure \ --prefix=/home/charlie/Downloads/ossec-hids/src/external/pcre2-10.32//install \ --enable-jit \ --disable-shared \ --enable-static && \ make install-libLTLIBRARIES install-nodist_includeHEADERS /bin/sh: 1: cd: can't cd to external/pcre2-10.32/ Makefile:766: recipe for target 'external/pcre2-10.32//install/lib/libpcre2-8.a' failed make: *** [external/pcre2-10.32//install/lib/libpcre2-8.a] Error 2 Error 0x5. Building error. Unable to finish the installation.I'm not that great at
makesyntax, but it looks like the environment variable isn't being pulled in for some reason.
So I ran into this exact same issue but had a different solution. I'm incredibly new to Ubuntu, my boss wanted me to demo OSSEC as a SIEMs solution. I don't know about modifying a config file or anything like that but the OSSEC installer is looking for PCRE2 here:
--prefix=/home/charlie/Downloads/ossec-hids/src/external/pcre2-10.32//install \
It fails cause that directory doesn't exist. So I went into the ossec-hids-3.3.0, mkdir src, mkdir external, went into the external folder, downloaded and extracted pcre2-10.32.tar.gz there and was able to successfully run through the installation without error.
@d4t4king It looks like you're not using
PCRE2_SYSTEM=y(and have the appropriate package installed), and you didn't download the pcre2 source.wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz tar xzf pcre2-10.32.tar.gz -C src/external
Running the #wget and #tar commands above allowed me to successfully comile on Rasbian. Thank you!
$ cat /proc/version; uname -a Linux version 4.14.79+ (dc4@dc4-XPS13-9333) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611)) #1159 Sun Nov 4 17:28:08 GMT 2018 Linux loki 4.14.79+ #1159 Sun Nov 4 17:28:08 GMT 2018 armv6l GNU/Linux
Still having the same issue with pcr2 not available in the external directory ... Last version of ossec 3.3.0 on Debian 9.6.0
Sorry @theoooooo I don’t see your previous report of an issue. What problem are you having exactly?
@ddpbsd I had to add manually the missing folder to be able to complete the installation as described above :
Fix: Extract pcre2-10.32.tar.gz to src/external.
Get it here: https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
So it’s working as expected. I have a pull request for defaulting to the system pcre2. I can’t remember the status of it off hand, but it should help with the confusion. Or everyone will report that they had to install the package to get it to work. We’ll see what happens.
I never managed to get the installer working properly. I ended up adding the repo which worked fine.
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo bash
apt update;apt install ossec-hids-server -y
or
yum install ossec-hids-server -y
I successfully updated my build from 3.1 to 3.3 with this method
cat /etc/ossec-init.conf
