Compiling OSSEC 3.x with MinGW¶
OSSEC’s Windows agent is compiled on Linux using MinGW
Compilation¶
Change directory to the src directory:
$ cd ossec-hids-*/src
Download and extract the pcre2 source:
$ wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
$ tar xzf pcre2-10.32.tar.gz -C src/external
Run make TARGET=winagent
:
$ make TARGET=winagent
This should produce a good amount of compilation output that ends with:
Output: "ossec-win32-agent.exe"
Install: 7 pages (448 bytes), 3 sections (3144 bytes), 769 instructions (21532 bytes), 318 strings (32350 bytes), 1 language table (346 bytes).
Uninstall: 5 pages (320 bytes),
1 section (1048 bytes), 350 instructions (9800 bytes), 184 strings (3360 bytes), 1 language table (290 bytes).
Datablock optimizer saved 100205 bytes (~8.1%).
Using zlib compression.
EXE header size: 57856 / 56320 bytes
Install code: 14832 / 58196 bytes
Install data: 1045670 / 3116385 bytes
Uninstall code+data: 21058 / 21474 bytes
CRC (0x239C5E6F): 4 / 4 bytes
Total size: 1139420 / 3252379 bytes (35.0%)
make settings
make[1]: Entering directory `/home/ddp/src/projects/git/github/ddpbsd/ossec-hids/src'
General settings:
TARGET: winagent
V:
DEBUG:
DEBUGAD
PREFIX: /var/ossec
MAXAGENTS: 2048
DATABASE:
ONEWAY: no
CLEANFULL: no
User settings:
OSSEC_GROUP: ossec
OSSEC_USER: ossec
OSSEC_USER_MAIL: ossecm
OSSEC_USER_REM: ossecr
Lua settings:
LUA_PLAT: posix
USE settings:
USE_ZEROMQ: no
USE_GEOIP: no
USE_PRELUDE: no
USE_OPENSSL: no
USE_INOTIFY: no
Mysql settings:
includes:
libs:
Pgsql settings:
includes:
libs:
Defines:
-DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux
Compiler:
CFLAGS -O2 -DMAX_AGENTS=2048 -DOSSECHIDS -DDEFAULTDIR="/var/ossec" -DUSER="ossec" -DREMUSER="ossecr" -DGROUPGLOBAL="ossec" -DMAILUSER="ossecm" -DLinux -Wall -Wextra -I./ -I./headers/
LDFLAGS -lm
CC gcc
MAKE make
make[1]: Leaving directory `/home/ddp/src/projects/git/github/ddpbsd/ossec-hids/src'
Done building winagent
The final output will be saved to ./win32/ossec-win32-agent.exe
.