search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.42k stars 1.03k forks source link

Build fails because of missing pcre2-10.32 #1663

Open bcapptain opened 5 years ago

bcapptain commented 5 years ago

Fix: Extract pcre2-10.32.tar.gz to src/external.

Get it here: https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz

jubois commented 3 years ago

@kristianpaul I think the default right now is to use pcre2 from the system (installed through the OS's package manager). As long as you have the dependency installed, it shouldn't cause any issues. But feel free to submit a pull request to bundle it. Maybe there's more demand for it than I realize.

I think the only good way is to bundle it, this way the lib is compiled with JIT support, which makes a huge performance gain.

dumpvn commented 3 years ago

followed instructions and built ossec-hids ok, however, still having issue when building windows agent make TARGET=winagent in src directory.

ddpbsd commented 3 years ago

@dumpvn Please open an issue and include some details so we can try to help you fix it.

greens69 commented 2 years ago

Just dropping by 2 years later to update the instructions here a bit with the OSSEC install guide since there still seems to be installation issues:

refer to this: https://www.ossec.net/docs/docs/manual/installation/installation-requirements.html

I'm on a Ubuntu 20.2 Linode instance attempting to install ossec-hids-3.7.0:

  1. followed the instructions but extracted the newest version of pcre2 (currently 10.4) to src/external
  2. sudo nano /tmp/ossec-hids-3.7.0/src/Makefile
  3. edit the line starting with "EXTERNAL_PCRE2=" to reflect your version of PCRE (for example: "EXTERNAL_PCRE2=external/pcre2-10.40/"
  4. edit the line starting "PCRE2_SYSTEM?=" and change to "NO"

retry install.sh

good luck!

craigmac commented 4 months ago

Update for Ubuntu 22.04. At the moment the deb package still won't install for me (see https://github.com/ossec/ossec-hids/issues/2048).

If you want to build from source, you will get an error trying to install libpcre2-dev:

sudo apt install libpcre2-dev
[...]
The following packages have unmet dependencies:
 libpcre2-dev : Depends: libpcre2-8-0 (= 10.39-3ubuntu0.1) but 10.40-1+ubuntu18.04.1+deb.sury.org+1 is to be installed
E: Unable to correct problems, you have held broken packages.

Errors out. So, the alternative is download pcre2 tarball from new location (ftp location posted above is no more, and official docs have not updated this either: https://www.ossec.net/docs/docs/manual/installation/installation-requirements.html#pcre2), it should be from https://github.com/PCRE2Project/pcre2/releases now). Alter the src/Makefile to reflect this new version, like post above me did, then it finally built.

For example, what worked was:

sudo apt install -y build-essential make zlib1g-dev libevent-dev libssl-dev
cd ~
mkdir build && cd build 
wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
tar -zxvf 3.7.0.tar.gz
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.43/pcre2-10.43.tar.gz
tar -zxvf pcre2-10.43.tar.gz
mv pcre2-10.43 ossec-hids-3.7.0/src/external/
cd ossec-hids-3.7.0

Edit src/Makefile to match your pcre version:

EXTERNAL_PCRE2=external/pcre2-10.43/

Now run install script:

sudo PCRE2_SYSTEM=no ./install.sh