search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.42k stars 1.03k forks source link

OSSEC HIDS v3.0.0 fails to compile: recipe for target 'ossec-maild' failed #1471

Closed vitorhmcorreia closed 6 years ago

vitorhmcorreia commented 6 years ago

Compilation / installation fails on Ubuntu Linux 4.15.13 64 bits

Relevant logs:

(...) /usr/bin/x86_64-linux-gnu-ld: shared.a(store_op.o): relocation R_X86_64_32 against .rodata.str1.8' can not be used when making a PIE object; recompile with -fPIC /usr/bin/x86_64-linux-gnu-ld: os_regex.a(os_regex_compile.o): relocation R_X86_64_32S against symbolcharmap' can not be used when making a PIE object; recompile with -fPIC /usr/bin/x86_64-linux-gnu-ld: os_regex.a(os_match_compile.o): relocation R_X86_64_32S against symbol charmap' can not be used when making a PIE object; recompile with -fPIC /usr/bin/x86_64-linux-gnu-ld: os_regex.a(os_regex_execute.o): relocation R_X86_64_32S against symbolregexmap' can not be used when making a PIE object; recompile with -fPIC /usr/bin/x86_64-linux-gnu-ld: os_regex.a(os_match_execute.o): relocation R_X86_64_32S against symbol `charmap' can not be used when making a PIE object; recompile with -fPIC /usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output collect2: error: ld returned 1 exit status Makefile:839: recipe for target 'ossec-maild' failed make: *** [ossec-maild] Error 1

Error 0x5. Building error. Unable to finish the installation.

(..)

Previous version: 2.9.3, working fine. No major changes to the server have been made lately. Full install log in attach.

Any ideias?

Best regards, Vitor Correia

ossec_install_log.log

ddpbsd commented 6 years ago

What version of gcc and binutils are you using?

vitorhmcorreia commented 6 years ago

gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)

From APT: Package: binutils Version: 2.30-20ubuntu2~18.04

vitorhmcorreia commented 6 years ago

Help, anyone?

ddpbsd commented 6 years ago

Try to recompile with -fPIC?

vitorhmcorreia commented 6 years ago

Please, how can I go about doing that? I am using the install.sh script, should I change something there?

Thank you.

ddpbsd commented 6 years ago

I haven't really tried it, but: env CFLAGS="-fPIC" ./install.sh

vitorhmcorreia commented 6 years ago

No luck...

ddpbsd commented 6 years ago

I just ran env CFLAGS="-fPIC" make TARGET=server V=1 to test, and here's the output:

cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/maild.c -o os_maild/maild.o
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/sendmail.c -o os_maild/sendmail.o
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/sendcustomemail.c -o os_maild/sendcustomemail.o
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/config.c -o os_maild/config.o
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/os_maild_client.c -o os_maild/os_maild_client.o
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ -DARGV0=\"ossec-maild\" -c os_maild/mail_list.c -o os_maild/mail_list.o

...
cc -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR=\"/var/ossec\" -DUSER=\"ossec\" -DREMUSER=\"ossecr\" -DGROUPGLOBAL=\"ossec\" -DMAILUSER=\"ossecm\" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/ os_maild/maild.o os_maild/sendmail.o os_maild/sendcustomemail.o os_maild/config.o os_maild/os_maild_client.o os_maild/mail_list.o os_crypto.a config.a shared.a os_net.a os_regex.a os_xml.a  -lm -lpthread -lssl -lcrypto -o ossec-maild

(I removed some unrelated warnings) So it should be working. I get similar results for:

I also see -fPIC being used when I run: env CFLAGS=-fPIC V=1 ./install.sh

Compiler:
    CFLAGS          -fPIC -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -DINOTIFY_ENABLED -DLIBOPENSSL_ENABLED -Wall -Wextra -I./ -I./headers/
vitorhmcorreia commented 6 years ago

No luck, unfortunately :|

ddpbsd commented 6 years ago

That doesn't give me a lot to go on.

vitorhmcorreia commented 6 years ago

Sorry Dan,

I was in a hurry, but still wanted to give you some feedback.

Here are the errors:

root@server:~/ossec/ossec-hids# env CFLAGS=-fPIC V=1 ./install.sh

Para instalação em português, escolha [br]. 要使用中文进行安装, 请选择 [cn]. Fur eine deutsche Installation wohlen Sie [de]. Για εγκατάσταση στα Ελληνικά, επιλέξτε [el]. For installation in English, choose [en]. Para instalar en Español , eliga [es]. Pour une installation en français, choisissez [fr] A Magyar nyelvű telepítéshez válassza [hu]. Per l'installazione in Italiano, scegli [it]. 日本語でインストールします.選択して下さい.[jp]. Voor installatie in het Nederlands, kies [nl]. Aby instalować w języku Polskim, wybierz [pl]. Для инструкций по установке на русском ,введите [ru]. Za instalaciju na srpskom, izaberi [sr]. ** Türkçe kurulum için seçin [tr]. (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: OSSEC HIDS v3.0.0 Installation Script - http://www.ossec.net

You are about to start the installation process of the OSSEC HIDS. You must have a C compiler pre-installed in your system.

2- Setting up the installation environment.

- Installation will be made at  /var/ossec .

5- Installing the system

ddpbsd commented 6 years ago

Did you make clean in the src dir before trying to compile? You could also try adding -no-pie to the CFLAGS. env CFLAGS="-fPIC -nopie" V=1 ./install.sh

vitorhmcorreia commented 6 years ago

Bingo!

Ran 'make clean' in src dir. and then 'env CFLAGS="-fPIC -no-pie" V=1 ./install.sh' worked perfectly.

Thank you so much for your help and time.

I want to understand the problem, can you please explain your train of thought?

ddpbsd commented 6 years ago

I can, but not well! The error complains about -fPIE, and tells us to use -fPIC. That didn't work, so there must be some default adding in the -fPIE in there silently. I kind of remembered an option to disable PIE, so I googled it. As for the make clean, the output you provided looked too short, so something was being cached. I just wanted to make sure that wasn't affecting anything.

vitorhmcorreia commented 6 years ago

Brilliant stuff, Dan!

Again, I really appreciate your time and effort :)

sachin078 commented 3 years ago

Hey i have tried the above but still i am getting the below error could you please help me on it

5- Installing the system

Error 0x5. Building error. Unable to finish the installation.

ddpbsd commented 3 years ago

@sachin078 What cc and version of that cc are you using? You should be using llvm/clang or gnu gcc

sachin078 commented 3 years ago

[root]# cc --version cc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44) Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root]# [root]# cc -Q -v Using built-in specs. COLLECT_GCC=cc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.8.5/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin --enable-initfini-array --disable-libgcj --with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install --with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux Thread model: posix gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)

I am actually facing this issue while installing the OSSEC agent.

ddpbsd commented 3 years ago

Wow, ok that's pretty old. I guess remove the -no-pie stuff or install a reasonable compiler.

sachin078 commented 3 years ago

which compiler would you recommend to install.

Do you want me to upgrade and test it?

sachin078 commented 3 years ago

I am getting the below error while installing it without -no-pie

.o os_maild/maild.o os_maild/mail_list.o os_crypto.a config.a shared.a os_net.a os_regex.a os_xml.a -lm -lpthread -lsystemd -lpcre2-8 -lssl -lcrypto -lz ./external/compat/imsg.c ./external/compat/imsg-buffer.c -o ossec-maild /usr/bin/ld: cannot find -lsystemd collect2: error: ld returned 1 exit status make: *** [ossec-maild] Error 1

Error 0x5. Building error. Unable to finish the installation.

ddpbsd commented 3 years ago

I don't know if a system that old has the systemd libs, but if it does you need to install them. Not sure how to handle legacy systems beyond that though. Maybe build with USE_SYSTEMD=no?

sachin078 commented 3 years ago

should i upgrade my cc

ddpbsd commented 3 years ago

I don't know enough about your system to make that kind of decision.

sachin078 commented 3 years ago

@ddpbsd Please let me know what information is required. I am not able to resolve this error from past 3 days it would be great if you could help me.

ddpbsd commented 3 years ago

@sachin078 Which error? You solved the -no-pie one by removing that flag from the build, and the lack of the systemd libs can be solved by either installing the systemd libs or building without the systemd stuff.

sachin078 commented 3 years ago

I installed systemd libs but now i am getting the below error.

l/compat/imsg-buffer.c -o ossec-maild /usr/bin/ld: cannot find -lsystemd collect2: error: ld returned 1 exit status make: *** [ossec-maild] Error 1

Error 0x5. Building error. Unable to finish the installation.

ddpbsd commented 3 years ago

I'm not sure, you'll have to do some troubleshooting.

bigtrucker89 commented 3 years ago

Is there some reason youre using 3.0.0? Have you tried the 3.8.0 version?

ddpbsd commented 3 years ago

@mikegotroot99 They're not using 3.0.0, they're using 3.6.0 (the latest version I'm aware of). I don't think the systemd stuff was added until 3.6. They just lazily re-used a slightly similar issue instead of creating a new one. Based on the age of their gcc, I'm guessing @sachin078 is using an old distribution (I don't think it's specified in the thread anywhere), so disabling systemd with env USE_SYSTEMD=no ./install.sh is probably the best option. It's only for reading journald binary logs which distributions from that long ago didn't use (to the best of my knowledge).