Installations requirements¶
For UNIX systems, OSSEC only requires gnu make, gcc, and libc. OpenSSL is a suggested, but optional, prerequisite. However, you always have the option to pre-compile it on one system and move the binaries to the final box.
PCRE2¶
New in version 3.3.
PCRE2 support has been added to version 3.3. The build system can either use the system’s PCRE2 libraries, or the library can be built as part of the installation process.
The default build process expects the pcre2-10.32 source to be installed in src/external:
$ cd ossec-hids-*/src
$ wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz
$ tar xzf pcre2-10.32.tar.gz -C src/external
To use the system’s PCRE2, set the PCRE2_SYSTEM variable to yes:
# cd ossec-hids-*
# PCRE2_SYSTEM=yes ./install.sh
If the system’s PCRE2 library is used, verify that JIT is enabled. If it is not, set USE_PCRE2_JIT to no:
# PCRE2_SYSTEM=yes USE_PCRE2_JIT=no ./install.sh
zlib¶
zlib is included with OSSEC in src/external/zlib-1.2.11. In previous versions this included version was used by default during the build process, but this changed to using the system zlib. Ensure the correct zlib development packages are installed.
To use the included version of zlib, simply set ZLIB_SYSTEM to no:
# cd ossec-hids-*
# ZLIB_SYSTEM=no ./install.sh
Ubuntu¶
On Ubuntu you will need the build-essential package in order to compile and install OSSEC.
To install the package run the following command.
# apt-get install build-essential zlib1g-dev
To use the system’s pcre2 libraries, install the libpcre2 development package:
# apt-get install libpcre2-dev
If database support is needed mysql-dev or postgresql-dev should be installed. Run the following command to install these packages.
# apt-get install mysql-dev postgresql-dev
To use the SQLite features, the libsqlite3-dev package is necessary.
New in version 3.0.
# apt-get install libsqlite3-dev
RedHat/CentOS¶
RedHat should have most of the packages needed by default. The zlib development package should be installed:
# yum install zlib-devel
To use the system’s pcre2 libraries, add the pcre2 development package:
# yum install pcre2-devel
If database support is needed the package mysql-devel and/or postgresql-devel will need to be installed.
# yum install mysql-devel postgresql-devel
To use the SQLite features, the sqlite-devel package is necessary.
New in version 3.0.
# yum install sqlite-devel
OpenSuse¶
The zlib development package should be installed:
# zypper install zlib-devel
To use the system’s pcre2 libraries, add the pcre2 development package:
# zypper install pcre2-devel
If database support is needed the package mysql-devel and/or postgresql-devel will need to be installed.
# zypper install postgresql-devel mysql-devel
Debian¶
Warning
The Debian instructions are probably out of date. Contributions updating this section would be appreciated.
Debian has replaced bash with dash, and this may cause issues during installation. Dash does not appear to support all of the features available in other shells, and may display an error when trying to set the server’s IP address on an agent system. The error can be ignored, but the server ip address will need to be set.
Do this by making sure something like the following information is in the agent’s ossec.conf:
<ossec_config>
<client>
<server-ip>SERVER'S IP</server-ip>
</client>
This can also be avoided by using bash to run install.sh
:
# bash ./install.sh
Alpine Linux¶
To build OSSEC on Alpine Linux the following packages should be installed:
# apk add libc-dev pcre2-dev bsd-compat-headers libevent-dev openssl-dev zlib-dev linux-headers
Even with the linux-headers package installed, make will not be able to find a.out.h. Until the installer is fixed, link a.out.h to src/headers:
$ ln -s /usr/include/linux/a.out.h ./headers/a.out.h
OpenBSD¶
To build OSSEC on OpenBSD the following packages should be installed:
# pkg_add pcre2 gmake
To add database support for a server the postgresql-client or mariadb-client will need to be installed.
For sqlite support, install the sqlite3 package.
FreeBSD¶
TBD