ossec-authd ERROR: Not compiled. Missing OpenSSL support.

I've run into a snag with ossec-authd. Whenever I try to start it, it throws the missing openssl support error. The same happens when I try to run agent-auth on agent servers.

I've completely removed /var/ossec, made sure that gcc, glibc, openssl, and openssl-devel were installed, then re-downloaded the .tar.gz and re-ran ./install.sh. After that, I removed /var/ossec and ran env V=1 ./install.sh, no joy.

Not sure where to go from here. Thanks in advance.

OpenSSL versions:

openssl.x86_64                       1:1.0.2k-12.el7            installed
openssl-devel.x86_64                 1:1.0.2k-12.el7            @base
openssl-libs.x86_64                  1:1.0.2k-12.el7            installed

sudo ldconfig -p | grep ssl

    libssl3.so (libc6,x86-64) => /lib64/libssl3.so
    libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
    libssl.so (libc6,x86-64) => /lib64/libssl.so
    libevent_openssl-2.0.so.5 (libc6,x86-64) => /lib64/libevent_openssl-2.0.so.5

-OSSEC version number: 3.0.0 -Content of /etc/ossec-init.conf: DIRECTORY="/var/ossec" VERSION="v3.0.0" DATE="Wed Sep 19 12:56:26 MDT 2018" TYPE="server"

-Content of /var/ossec/etc/ossec.conf:

<ossec_config>
  <global>
    <email_notification>no</email_notification>
  </global>
  <syslog_output>
    <server>127.0.0.1</server>
    <port>15046</port>
    <format>cef</format>
  </syslog_output>

  <syscheck>
    <!-- Frequency that syscheck is executed - default to every 22 hours -->
    <frequency>79200</frequency>

    <!-- Directories to check  (perform all possible verifications) -->
    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
    <directories check_all="yes">/bin,/sbin,/boot</directories>

    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/mnttab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>

    <!-- Windows files to ignore -->
    <ignore>C:\WINDOWS/System32/LogFiles</ignore>
    <ignore>C:\WINDOWS/Debug</ignore>
    <ignore>C:\WINDOWS/WindowsUpdate.log</ignore>
    <ignore>C:\WINDOWS/iis6.log</ignore>
    <ignore>C:\WINDOWS/system32/wbem/Logs</ignore>
    <ignore>C:\WINDOWS/system32/wbem/Repository</ignore>
    <ignore>C:\WINDOWS/Prefetch</ignore>
    <ignore>C:\WINDOWS/PCHEALTH/HELPCTR/DataColl</ignore>
    <ignore>C:\WINDOWS/SoftwareDistribution</ignore>
    <ignore>C:\WINDOWS/Temp</ignore>
    <ignore>C:\WINDOWS/system32/config</ignore>
    <ignore>C:\WINDOWS/system32/spool</ignore>
    <ignore>C:\WINDOWS/system32/CatRoot</ignore>
  </syscheck>

  <rootcheck>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
  </rootcheck>

  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>::1</white_list>
    <white_list>^localhost.localdomain$</white_list>
    <white_list>172.31.0.2</white_list>
    <white_list>my.ip.ip.ip</white_list>
  </global>

  <remote>
    <connection>syslog</connection>
  </remote>

  <remote>
    <connection>secure</connection>
  </remote>

  <alerts>
    <log_alert_level>1</log_alert_level>
  </alerts>

  <command>
    <name>host-deny</name>
    <executable>host-deny.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>disable-account</name>
    <executable>disable-account.sh</executable>
    <expect>user</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>restart-ossec</name>
    <executable>restart-ossec.sh</executable>
    <expect></expect>
  </command>

  <command>
    <name>route-null</name>
    <executable>route-null.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <!-- Active Response Config -->
  <active-response>
    <!-- This response is going to execute the host-deny
       - command for every event that fires a rule with
       - level (severity) >= 6.
       - The IP is going to be blocked for  600 seconds.
      -->
    <command>host-deny</command>
    <location>local</location>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

  <active-response>
    <!-- Firewall Drop response. Block the IP for
       - 600 seconds on the firewall (iptables,
       - ipfilter, etc).
      -->
    <command>firewall-drop</command>
    <location>local</location>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

  <!-- Files to monitor (localfiles) -->

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/secure</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/maillog</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/error_log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/access_log</location>
  </localfile>

  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort</command>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 5</command>
  </localfile>
</ossec_config>

<ossec_config>  <!-- rules global entry -->
  <rules>
    <include>rules_config.xml</include>
    <include>pam_rules.xml</include>
    <include>sshd_rules.xml</include>
    <include>telnetd_rules.xml</include>
    <include>syslog_rules.xml</include>
    <include>arpwatch_rules.xml</include>
    <include>symantec-av_rules.xml</include>
    <include>symantec-ws_rules.xml</include>
    <include>pix_rules.xml</include>
    <include>named_rules.xml</include>
    <include>smbd_rules.xml</include>
    <include>vsftpd_rules.xml</include>
    <include>pure-ftpd_rules.xml</include>
    <include>proftpd_rules.xml</include>
    <include>ms_ftpd_rules.xml</include>
    <include>ftpd_rules.xml</include>
    <include>hordeimp_rules.xml</include>
    <include>roundcube_rules.xml</include>
    <include>wordpress_rules.xml</include>
    <include>cimserver_rules.xml</include>
    <include>vpopmail_rules.xml</include>
    <include>vmpop3d_rules.xml</include>
    <include>courier_rules.xml</include>
    <include>web_rules.xml</include>
    <include>web_appsec_rules.xml</include>
    <include>apache_rules.xml</include>
    <include>nginx_rules.xml</include>
    <include>php_rules.xml</include>
    <include>mysql_rules.xml</include>
    <include>postgresql_rules.xml</include>
    <include>ids_rules.xml</include>
    <include>squid_rules.xml</include>
    <include>firewall_rules.xml</include>
    <include>apparmor_rules.xml</include>
    <include>cisco-ios_rules.xml</include>
    <include>netscreenfw_rules.xml</include>
    <include>sonicwall_rules.xml</include>
    <include>postfix_rules.xml</include>
    <include>sendmail_rules.xml</include>
    <include>imapd_rules.xml</include>
    <include>mailscanner_rules.xml</include>
    <include>dovecot_rules.xml</include>
    <include>ms-exchange_rules.xml</include>
    <include>racoon_rules.xml</include>
    <include>vpn_concentrator_rules.xml</include>
    <include>spamd_rules.xml</include>
    <include>msauth_rules.xml</include>
    <include>mcafee_av_rules.xml</include>
    <include>trend-osce_rules.xml</include>
    <include>ms-se_rules.xml</include>
    <!-- <include>policy_rules.xml</include> -->
    <include>zeus_rules.xml</include>
    <include>solaris_bsm_rules.xml</include>
    <include>vmware_rules.xml</include>
    <include>ms_dhcp_rules.xml</include>
    <include>asterisk_rules.xml</include>
    <include>ossec_rules.xml</include>
    <include>attack_rules.xml</include>
    <include>openbsd_rules.xml</include>
    <include>clam_av_rules.xml</include>
    <include>dropbear_rules.xml</include>
    <include>sysmon_rules.xml</include>
    <include>opensmtpd_rules.xml</include>
    <include>exim_rules.xml</include>
    <include>openbsd-dhcpd_rules.xml</include>
    <include>local_rules.xml</include>
</rules>
</ossec_config>  <!-- rules global entry -->

-Content of /var/ossec/logs/ossec.log:

2018/09/19 12:56:26 ossec-testrule: INFO: Reading local decoder file.
2018/09/19 12:56:26 ossec-testrule: INFO: Started (pid: 17854).
2018/09/19 12:56:26 ossec-csyslogd: INFO: Started (pid: 17875).
2018/09/19 12:56:26 INFO: Connected to 127.0.0.1 at address 127.0.0.1, port 15046
2018/09/19 12:56:26 ossec-csyslogd: INFO: Forwarding alerts via syslog to: '127.0.0.1:15046'.
2018/09/19 12:56:26 ossec-execd: INFO: Started (pid: 17880).
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading local decoder file.
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'rules_config.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'sshd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'telnetd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'syslog_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'arpwatch_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'symantec-av_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'symantec-ws_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'pix_rules.xml'
2018/09/19 12:56:26 ossec-remoted: INFO: Started (pid: 17894).
2018/09/19 12:56:26 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting.
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'named_rules.xml'
2018/09/19 12:56:26 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'smbd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'vsftpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'pure-ftpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'proftpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ms_ftpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ftpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'hordeimp_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'roundcube_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'wordpress_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'cimserver_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'vpopmail_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'vmpop3d_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'courier_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'web_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'web_appsec_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'apache_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'nginx_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'php_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'mysql_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'postgresql_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'squid_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'firewall_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'apparmor_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'cisco-ios_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'netscreenfw_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'sonicwall_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'postfix_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'sendmail_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'imapd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'mailscanner_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'dovecot_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ms-exchange_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'racoon_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'vpn_concentrator_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'spamd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'msauth_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'mcafee_av_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'trend-osce_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ms-se_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'zeus_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'solaris_bsm_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'vmware_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ms_dhcp_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'asterisk_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'ossec_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'attack_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'openbsd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'clam_av_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'dropbear_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'sysmon_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'opensmtpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'exim_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'openbsd-dhcpd_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Reading rules file: 'local_rules.xml'
2018/09/19 12:56:26 ossec-analysisd: INFO: Total rules enabled: '1589'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/mnttab'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/mail/statistics'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: '/etc/svc/volatile'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/System32/LogFiles'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/WindowsUpdate.log'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/iis6.log'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/wbem/Repository'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Prefetch'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/SoftwareDistribution'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/config'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/spool'
2018/09/19 12:56:26 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2018/09/19 12:56:26 ossec-analysisd: INFO: White listing IP: '127.0.0.1'
2018/09/19 12:56:26 ossec-analysisd: INFO: White listing IP: '172.31.0.2'
2018/09/19 12:56:26 ossec-analysisd: INFO: White listing IP: '50.232.79.90'
2018/09/19 12:56:26 ossec-analysisd: INFO: 3 IPs in the white list for active response.
2018/09/19 12:56:26 ossec-analysisd: INFO: White listing Hostname: '::1'
2018/09/19 12:56:26 ossec-analysisd: INFO: White listing Hostname: 'localhost.localdomain'
2018/09/19 12:56:26 ossec-analysisd: INFO: 2 Hostname(s) in the white list for active response.
2018/09/19 12:56:26 ossec-analysisd: INFO: Started (pid: 17884).
2018/09/19 12:56:27 ossec-monitord: INFO: Started (pid: 17902).
2018/09/19 12:56:31 ossec-syscheckd: INFO: Started (pid: 17898).
2018/09/19 12:56:31 ossec-rootcheck: INFO: Started (pid: 17898).
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: Monitoring directory: '/boot', with options perm | size | owner | group | md5sum | sha1sum.
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/mnttab'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/utmpx'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/wtmpx'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: '/etc/svc/volatile'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/System32/LogFiles'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/WindowsUpdate.log'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/system32/wbem/Logs'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/system32/wbem/Repository'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/SoftwareDistribution'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/system32/config'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/system32/spool'
2018/09/19 12:56:31 ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2018/09/19 12:56:32 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/messages'.
2018/09/19 12:56:32 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/secure'.
2018/09/19 12:56:32 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/maillog'.
2018/09/19 12:56:32 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/httpd/error_log'.
2018/09/19 12:56:32 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/httpd/access_log'.
2018/09/19 12:56:32 ossec-logcollector: INFO: Monitoring output of command(360): df -P
2018/09/19 12:56:32 ossec-logcollector: INFO: Monitoring full output of command(360): netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort
2018/09/19 12:56:32 ossec-logcollector: INFO: Monitoring full output of command(360): last -n 5
2018/09/19 12:56:32 ossec-logcollector: INFO: Started (pid: 17890).
2018/09/19 12:56:50 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Queue not found'.
2018/09/19 12:56:50 ossec-analysisd(1301): ERROR: Unable to connect to active response queue.
2018/09/19 12:56:50 ossec-analysisd: INFO: Connected to '/queue/alerts/execq' (exec queue)
2018/09/19 12:57:33 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2018/09/19 12:57:33 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).
2018/09/19 13:10:59 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed).
2018/09/19 13:11:11 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database).
2018/09/19 13:11:31 rootcheck: INFO: Starting rootcheck scan.
2018/09/19 13:27:34 rootcheck: INFO: Ending rootcheck scan.

-Operating system name/version (uname -a if Unix): Linux graylog 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux -Any other relevant information:

CentOS 7.5
SELinux enforicing

I have the same issue:

lsb_release -a

LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.4.1708 (Core) Release: 7.4.1708 Codename: Core

ldconfig -p | grep ssl libssl3.so (libc6,x86-64) => /lib64/libssl3.so libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10 libssl.so (libc6,x86-64) => /lib64/libssl.so libevent_openssl-2.0.so.5 (libc6,x86-64) => /lib64/libevent_openssl-2.0.so.5

install output:

env V=1 ./install.sh which: no host in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

Para instalação em português, escolha [br]. 要使用中文进行安装, 请选择 [cn]. Fur eine deutsche Installation wohlen Sie [de]. Για εγκατάσταση στα Ελληνικά, επιλέξτε [el]. For installation in English, choose [en]. Para instalar en Español , eliga [es]. Pour une installation en français, choisissez [fr] A Magyar nyelvű telepítéshez válassza [hu]. Per l'installazione in Italiano, scegli [it]. 日本語でインストールします．選択して下さい．[jp]. Voor installatie in het Nederlands, kies [nl]. Aby instalować w języku Polskim, wybierz [pl]. Для инструкций по установке на русском ,введите [ru]. Za instalaciju na srpskom, izaberi [sr]. ** Türkçe kurulum için seçin [tr]. (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: which: no host in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

OSSEC HIDS v2.9.4 Installation Script - http://www.ossec.net

You are about to start the installation process of the OSSEC HIDS. You must have a C compiler pre-installed in your system.

System: Linux localhost.localdomain 3.10.0-693.11.6.el7.x86_64
User: root
Host: localhost.localdomain

-- Press ENTER to continue or Ctrl-C to abort. --
- You already have OSSEC installed. Do you want to update it? (y/n): n

1- What kind of installation do you want (server, agent, local, hybrid or help)? agent

Agent(client) installation chosen.

2- Setting up the installation environment.

Choose where to install the OSSEC HIDS [/var/ossec]:
- Installation will be made at /var/ossec .
- The installation directory already exists. Should I delete it? (y/n) [y]: n

3- Configuring the OSSEC HIDS.

3.1- What's the IP Address or hostname of the OSSEC HIDS server?: 127.0.0.1

Adding Server IP 127.0.0.1

3.2- Do you want to run the integrity check daemon? (y/n) [y]:
Running syscheck (integrity check daemon).

3.3- Do you want to run the rootkit detection engine? (y/n) [y]:
Running rootcheck (rootkit detection). strings: '/usr/bin/mail': No such file

3.4 - Do you want to enable active response? (y/n) [y]: n
Active response disabled.

3.5- Setting the configuration to analyze the following logs: -- /var/log/messages -- /var/log/secure -- /var/log/maillog
- If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at http://www.ossec.net .
--- Press ENTER to continue ---

5- Installing the system

Running the Makefile cd external/lua/ && make posix make[1]: Entering directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3' cd src && make posixmake[2]: Entering directory/root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make all SYSCFLAGS="-DLUA_USE_POSIX" make[3]: Entering directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make[3]: Nothing to be done forall'. make[3]: Leaving directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make[2]: Leaving directory/root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make[1]: Leaving directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3' make settings make[1]: Entering directory/root/ossec-hids-2.9.4/src'

General settings: TARGET: agent V: 1 DEBUG:
DEBUGAD
PREFIX: /var/ossec MAXAGENTS: 2048 DATABASE:
ONEWAY: no CLEANFULL: no User settings: OSSEC_GROUP: ossec OSSEC_USER: ossec OSSEC_USER_MAIL: ossecm OSSEC_USER_REM: ossecr Lua settings: LUA_PLAT: posix USE settings: USE_ZEROMQ: no USE_GEOIP: no USE_PRELUDE: no USE_OPENSSL: auto USE_PICVIZ: yes USE_INOTIFY: no Mysql settings: includes:
libs:
Pgsql settings: includes:
libs:
Defines: -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -DINOTIFY_ENABLED -DPICVIZ_OUTPUT_ENABLED -DLIBOPENSSL_ENABLED -DCLIENT Compiler: CFLAGS -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -DINOTIFY_ENABLED -DPICVIZ_OUTPUT_ENABLED -DLIBOPENSSL_ENABLED -DCLIENT -Wall -Wextra -I./ -I./headers/ LDFLAGS -lm -lpthread -lssl -lcrypto CC cc MAKE make make[1]: Leaving directory `/root/ossec-hids-2.9.4/src'

Done building agent

cd external/lua/ && make posix make[1]: Entering directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3' cd src && make posix make[2]: Entering directory/root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make all SYSCFLAGS="-DLUA_USE_POSIX" make[3]: Entering directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make[3]: Nothing to be done forall'. make[3]: Leaving directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3/src' make[2]: Leaving directory/root/ossec-hids-2.9.4/src/external/lua-5.2.3/src'make[1]: Leaving directory /root/ossec-hids-2.9.4/src/external/lua-5.2.3' make settings make[1]: Entering directory/root/ossec-hids-2.9.4/src'

Done building agent

./init/adduser.sh ossec ossecm ossecr ossec /var/ossec Wait for success... success install -d -m 0550 -o root -g ossec /var/ossec/ install -d -m 0750 -o ossec -g ossec /var/ossec/logs install -m 0660 -o ossec -g ossec /dev/null /var/ossec/logs/ossec.log install -d -m 0550 -o root -g 0 /var/ossec/bin install -d -m 0550 -o root -g 0 /var/ossec/lua install -d -m 0550 -o root -g 0 /var/ossec/lua/native install -d -m 0550 -o root -g 0 /var/ossec/lua/compiled install -m 0550 -o root -g 0 ossec-logcollector /var/ossec/bin install -m 0550 -o root -g 0 ossec-syscheckd /var/ossec/bininstall -m 0550 -o root -g 0 ossec-execd /var/ossec/bin install -m 0550 -o root -g 0 manage_agents /var/ossec/bin install -m 0550 -o root -g 0 external/lua/src/ossec-lua /var/ossec/bin/ install -m 0550 -o root -g 0 external/lua/src/ossec-luac /var/ossec/bin/ install -m 0550 -o root -g 0 ../contrib/util.sh /var/ossec/bin/ install -m 0550 -o root -g 0 ./init/ossec-client.sh /var/ossec/bin/ossec-control install -d -m 0550 -o root -g ossec /var/ossec/queue install -d -m 0770 -o ossec -g ossec /var/ossec/queue/alerts install -d -m 0750 -o ossec -g ossec /var/ossec/queue/ossec install -d -m 0750 -o ossec -g ossec /var/ossec/queue/syscheck install -d -m 0750 -o ossec -g ossec /var/ossec/queue/diff install -d -m 0550 -o root -g ossec /var/ossec/etc install -m 0440 -o root -g ossec /etc/localtime /var/ossec/etc install -d -m 1550 -o root -g ossec /var/ossec/tmp install -m 0640 -o root -g ossec -b ../etc/internal_options.conf /var/ossec/etc/ install -d -m 0770 -o root -g ossec /var/ossec/etc/shared install -m 0640 -o root -g ossec rootcheck/db/.txt /var/ossec/etc/shared/ install -d -m 0550 -o root -g ossec /var/ossec/active-response install -d -m 0550 -o root -g ossec /var/ossec/active-response/bin install -d -m 0550 -o root -g ossec /var/ossec/agentless install -m 0550 -o root -g ossec agentlessd/scripts/ /var/ossec/agentless/ install -d -m 0700 -o root -g ossec /var/ossec/.ssh install -m 0550 -o root -g ossec ../active-response/.sh /var/ossec/active-response/bin/ install -m 0550 -o root -g ossec ../active-response/firewalls/.sh /var/ossec/active-response/bin/ install -d -m 0550 -o root -g ossec /var/ossec/var install -d -m 0770 -o root -g ossec /var/ossec/var/run ./init/fw-check.sh execute install -m 0550 -o root -g 0 ossec-agentd /var/ossec/bin install -m 0550 -o root -g 0 agent-auth /var/ossec/bin install -d -m 0750 -o ossec -g ossec /var/ossec/queue/rids

System is Redhat Linux.
Init script modified to start OSSEC HIDS during boot.
Configuration finished properly.
To start OSSEC HIDS: /var/ossec/bin/ossec-control start
To stop OSSEC HIDS: /var/ossec/bin/ossec-control stop
The configuration can be viewed or modified at /var/ossec/etc/ossec.conf

Thanks for using the OSSEC HIDS. If you have any question, suggestion or if you find any bug, contact us at contact@ossec.net or using our public maillist at ossec-list@ossec.net ( http://www.ossec.net/main/support/ ).

More information can be found at http://www.ossec.net

--- Press ENTER to finish (maybe more information below). ---
You first need to add this agent to the server so they can communicate with each other. When you have done so, you can run the 'manage_agents' tool to import the authentication key from the server.

/var/ossec/bin/manage_agents

More information at: http://www.ossec.net/en/manual.html#ma

Best regards

ossec / ossec-hids

ossec-authd ERROR: Not compiled. Missing OpenSSL support. #1533