Open bcapptain opened 5 years ago
@kristianpaul I think the default right now is to use pcre2 from the system (installed through the OS's package manager). As long as you have the dependency installed, it shouldn't cause any issues. But feel free to submit a pull request to bundle it. Maybe there's more demand for it than I realize.
I think the only good way is to bundle it, this way the lib is compiled with JIT support, which makes a huge performance gain.
followed instructions and built ossec-hids
ok, however, still having issue when building windows agent make TARGET=winagent
in src
directory.
@dumpvn Please open an issue and include some details so we can try to help you fix it.
Just dropping by 2 years later to update the instructions here a bit with the OSSEC install guide since there still seems to be installation issues:
refer to this: https://www.ossec.net/docs/docs/manual/installation/installation-requirements.html
I'm on a Ubuntu 20.2 Linode instance attempting to install ossec-hids-3.7.0:
retry install.sh
good luck!
Update for Ubuntu 22.04. At the moment the deb package still won't install for me (see https://github.com/ossec/ossec-hids/issues/2048).
If you want to build from source, you will get an error trying to install libpcre2-dev
:
sudo apt install libpcre2-dev
[...]
The following packages have unmet dependencies:
libpcre2-dev : Depends: libpcre2-8-0 (= 10.39-3ubuntu0.1) but 10.40-1+ubuntu18.04.1+deb.sury.org+1 is to be installed
E: Unable to correct problems, you have held broken packages.
Errors out. So, the alternative is download pcre2 tarball from new location (ftp location posted above is no more, and official docs have not updated this either: https://www.ossec.net/docs/docs/manual/installation/installation-requirements.html#pcre2), it should be from https://github.com/PCRE2Project/pcre2/releases now). Alter the src/Makefile
to reflect this new version, like post above me did, then it finally built.
For example, what worked was:
sudo apt install -y build-essential make zlib1g-dev libevent-dev libssl-dev
cd ~
mkdir build && cd build
wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
tar -zxvf 3.7.0.tar.gz
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.43/pcre2-10.43.tar.gz
tar -zxvf pcre2-10.43.tar.gz
mv pcre2-10.43 ossec-hids-3.7.0/src/external/
cd ossec-hids-3.7.0
Edit src/Makefile
to match your pcre version:
EXTERNAL_PCRE2=external/pcre2-10.43/
Now run install script:
sudo PCRE2_SYSTEM=no ./install.sh
Fix: Extract pcre2-10.32.tar.gz to src/external.
Get it here: https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz