search

jrossi / issue-migration-test

GNU General Public License v2.0
1 stars 0 forks source link

real time monitoring on debian wheezy #32

Closed jrossi closed 10 years ago

jrossi commented 10 years ago

To enable realtime monitoring, ossec has to be compiled with the flag USEINOTIFY. This is only set if the file /usr/include/sys/inotify.h exists(in src/Makeall). In debian wheezy the file is located under /usr/include/x86_64-linux-gnu/sys/inotify.h (http://packages.debian.org/wheezy/amd64/libc6-dev/filelist). So can you add an OR test, so that ossec supports realtime monitoring on debian wheezy.

Note: This issue has been automatically migrated from Bitbucket Created by cgzones on 2012-10-31 15:09:47+00:00, last updated: 2013-03-25 22:46:28+00:00

jrossi commented 10 years ago

with OR test, i mean an or condition on the new file location

Note: This comment has been automatically migrated from Bitbucket Created by cgzones on 2012-10-31 15:18:23+00:00

jrossi commented 10 years ago

Untested since I don't have a Linux box up at the moment (thanks Sandy!)

Someone please test this.

Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2012-10-31 16:00:10+00:00, last updated: 2012-10-31 16:00:30+00:00

jrossi commented 10 years ago

This looks reasonable. I have integrated the patch src_Makeall.diff and tested on CentOS Linux.

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-10-31 23:41:37+00:00

jrossi commented 10 years ago

the file location i suggested is not portable for different architectures. for example for i386 the location is /usr/include/i386-linux-gnu/sys/inotify.h (http://packages.debian.org/wheezy/i386/libc6-dev/filelist). So i think to location /usr/include/linux/inotify.h (http://packages.debian.org/wheezy/amd64/linux-libc-dev/filelist and http://packages.debian.org/wheezy/i386/linux-libc-dev/filelist) should be more generic

Note: This comment has been automatically migrated from Bitbucket Created by cgzones on 2012-11-02 22:28:20+00:00

jrossi commented 10 years ago

From the info above I see a total of three possible locations (RC1 covered 1 and 2):

  1. /usr/include/linux/inotify.h
  2. /usr/include/x86_64-linux-gnu/sys/inotify.h
  3. /usr/include/i386-linux-gnu/sys/inotify.h

Is that all? Are there symbolic links from one to another?

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-11-06 19:33:17+00:00, last updated: 2012-11-06 19:33:36+00:00

jrossi commented 10 years ago

RC currently covers 2. and /usr/include/sys/inotify.h.

I think /usr/include/sys/inotify.h and /usr/include/linux/inotify.h should cover all.

On debian wheezy /usr/include/ARCHITECTURE/sys/inotify.h is in the package libc6-dev, which depends on linux-libc-dev, which contains /usr/include/linux/inotify.h.

Note: This comment has been automatically migrated from Bitbucket Created by cgzones on 2012-11-07 10:20:33+00:00

jrossi commented 10 years ago

Will change Makeall line 69-76 to:

    # Checking for inotify
    if [ "X$OS" = "XLinux" ]; then
        if [ -e /usr/include/sys/inotify.h ]; then
            echo "EEXTRA=-DUSEINOTIFY" >> Config.OS
        elif [ -e /usr/include/linux/inotify.h ]; then
            echo "EEXTRA=-DUSEINOTIFY" >> Config.OS
        fi
    fi

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2013-03-25 22:43:03+00:00, last updated: 2013-03-25 22:43:49+00:00

jrossi commented 10 years ago

updated according to cgzones comment

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2013-03-25 22:46:28+00:00