You are not logged in.
- Topics: Active | Unanswered
#1 2018-08-21 02:48:40
- luciferHasa
- Member
- Registered: 2018-08-20
- Posts: 29
OSSEC HIDS: unknown installation error:
hello,
i tried installing ossec but it gives out the following error.
- No action was made to configure the OSSEC HIDS to start
during the boot. Add the following line to your init script:
/home/hasanka/.cache/yay/ossec-hids/pkg/ossec-hids//var/ossec/bin/ossec-control start
sed: no input files
==> ERROR: A failure occurred in package().
Aborting...
Error making: ossec-hidsif someone could tell me what i did wrong anything would help. Thanks 
these were the prompts in installation,
[hasanka@archlinux .cache]$ yay ossec
4 aur/ossec-hids 3.0.0-2 (+1 0.00%)
Open Source Host-based Intrusion Detection System
3 aur/ossec-agent 2.8.3-1 (+7 0.00%) (Orphaned) (Out-of-date 2017-09-09)
Open Source Host-based Intrusion Detection System
2 aur/ossec-server 2.8.3-1 (+9 0.00%) (Orphaned) (Out-of-date 2017-09-27)
Open Source Host-based Intrusion Detection System
1 aur/ossec-local 2.9.3-1 (+15 0.00%) (Orphaned)
Open Source Host-based Intrusion Detection System
==> Packages to install (eg: 1 2 3, 1-3 or ^4)
==> input 4
:: Checking for conflicts...
:: Checking for inner conflicts...
[Aur: 1] ossec-hids-3.0.0-2
1 ossec-hids (Build Files Exist)
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> input "a"
:: Deleting (1/1): /home/hasanka/.cache/yay/ossec-hids
:: Downloading PKGBUILD (1/1): ossec-hids
Cloning into 'ossec-hids'...
1 ossec-hids (Build Files Exist)
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> Diffs to show?
==> input "a", opens the following text in some sort of editor, like vim, coz it has " : " and i opened the help file related with it and tried
diff --git /home/hasanka/.cache/yay/ossec-hids/.SRCINFO /home/hasanka/.cache/yay/ossec-hids/.SRCINFO
new file mode 100644
index 0000000..fcd8a95
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/.SRCINFO
diff --git /home/hasanka/.cache/yay/ossec-hids/.SRCINFO /home/hasanka/.cache/yay/ossec-h
ids/.SRCINFO
new file mode 100644
index 0000000..fcd8a95
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/.SRCINFO
@@ -0,0 +1,22 @@
+pkgbase = ossec-hids
+ pkgdesc = Open Source Host-based Intrusion Detection System
+ pkgver = 3.0.0
+ pkgrel = 2
+ url = https://ossec.github.io/
+ install = ossec.install
+ arch = any
+ license = GPL2
+ depends = openssl
+ options = emptydirs
+ backup = var/ossec/etc/ossec.conf
+ backup = var/ossec/etc/client.keys
+ backup = var/ossec/rules/local_rules.xml
+ source = https://github.com/ossec/ossec-hids/archive/3.0.0.tar.gz
+ source = ossec.service
+ source = config
+ sha256sums = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98
+ sha256sums = be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9
+ sha256sums = 2700c08962a64009ab65b72282141244cdfd7d327c8e8bdde6f5fcc623fdf1b4
+
+pkgname = ossec-hids
+
diff --git /home/hasanka/.cache/yay/ossec-hids/PKGBUILD /home/hasanka/.cache/yay/ossec-hids/PKGBUILD
new file mode 100644
index 0000000..1a22343
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/PKGBUILD
@@ -0,0 +1,71 @@
+# Maintainer: TC <crt@archlinux.email>
+pkgname=ossec-hids
+pkgver=3.0.0
+pkgrel=2
+pkgdesc="Open Source Host-based Intrusion Detection System"
+arch=('any')
+url="https://ossec.github.io/"
+license=('GPL2')
+depends=('openssl')
+backup=('var/ossec/etc/ossec.conf'
+ 'var/ossec/etc/client.keys'
+ 'var/ossec/rules/local_rules.xml')
+install=ossec.install
+options=('emptydirs')
+source=(https://github.com/ossec/$pkgname/archive/$pkgver.tar.gz \
+ ossec.service
+ config)
+sha256sums=('a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98'
+ 'be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9'
+ '2700c08962a64009ab65b72282141244cdfd7d327c8e8bdde6f5fcc623fdf1b4')
+_instdir=/var/ossec
+
+_preparevars() {
+ export USER_INSTALL_TYPE=server # (server, agent, local, hybrid?)
+ export USER_NO_STOP=yes
+ export USER_DIR=$_instdir
+ export USER_BINARYINSTALL=x
+ export USE_GEOIP=yes
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ _preparevars
+ . "$srcdir/config" # load configuration
+
+ # fix placement of ossec-init.conf
+ sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh
+
+ cd src
+ make TARGET=$USER_INSTALL_TYPE
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ _preparevars
+ . "$srcdir/config" # load configuration
+
+ # install -dm755 "$pkgdir/etc"
+ mkdir -p $pkgdir/etc
+ USER_DIR="$pkgdir/$_instdir" ./install.sh
+
+ # fix DIRECTORY path in ossec-init.conf
+ sed -i '/DIRECTORY=/c\DIRECTORY="/var/ossec"' "$pkgdir/etc/ossec-init.conf"
+
+ # install systemd service unit
+ install -Dm0644 "$srcdir/ossec.service" "$pkgdir/usr/lib/systemd/system/ossec.service"
+ # install license
+ install -D -m644 LICENSE "$pkgdir"/usr/share/licenses/ossec-hids/LICENSE
+
+ # change user permissions
+ find "$pkgdir" -user nobody -exec chown 524 '{}' ';'
+ find "$pkgdir" -user mail -exec chown 525 '{}' ';'
+ find "$pkgdir" -user daemon -exec chown 526 '{}' ';'
+ # change group permissions
+ find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';'
+
+ grep -FRlZ "$startdir" "$pkgdir" | \
+ xargs -0 -- sed -i "s|$startdir|/tmp/build|g"
+}
diff --git /home/hasanka/.cache/yay/ossec-hids/config /home/hasanka/.cache/yay/ossec-hids/config
+ _preparevars
+ . "$srcdir/config" # load configuration
+
+ # install -dm755 "$pkgdir/etc"
+ mkdir -p $pkgdir/etc
+ USER_DIR="$pkgdir/$_instdir" ./install.sh
+
+ # fix DIRECTORY path in ossec-init.conf
+ sed -i '/DIRECTORY=/c\DIRECTORY="/var/ossec"' "$pkgdir/etc/ossec-init.conf"
+
+ # install systemd service unit
+ install -Dm0644 "$srcdir/ossec.service" "$pkgdir/usr/lib/systemd/system/ossec.service"
+ # install license
+ install -D -m644 LICENSE "$pkgdir"/usr/share/licenses/ossec-hids/LICENSE
+
+ # change user permissions
+ find "$pkgdir" -user nobody -exec chown 524 '{}' ';'
+ find "$pkgdir" -user mail -exec chown 525 '{}' ';'
+ find "$pkgdir" -user daemon -exec chown 526 '{}' ';'
+ # change group permissions
+ find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';'
+
+ grep -FRlZ "$startdir" "$pkgdir" | \
+ xargs -0 -- sed -i "s|$startdir|/tmp/build|g"
+}
diff --git /home/hasanka/.cache/yay/ossec-hids/config /home/hasanka/.cache/yay/ossec-hids/config
diff --git /home/hasanka/.cache/yay/ossec-hids/config /home/hasanka/.cache/yay/ossec-hids/config
new file mode 100644
index 0000000..fc7350d
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/config
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Do you want to update it? (y/n) [y]:
+export USER_UPDATE=y
+
+# Do you want to update the rules? (y/n) [y]:
+export USER_UPDATE_RULES=y
+
+# User Language:
+export USER_LANGUAGE=en
+
+# Do you want e-mail notification? (y/n) [y]:
+export USER_ENABLE_EMAIL=y
+# What's your e-mail address?
+export USER_EMAIL_ADDRESS=foo@example.com
+# What's your SMTP server ip/host?
+export USER_EMAIL_SMTP=localhost
+
+# Do you want to run the integrity check daemon? (y/n) [y]:
+export USER_ENABLE_SYSCHECK=y
+
+#Do you want to run the rootkit detection engine? (y/n) [y]:
+export USER_ENABLE_ROOTCHECK=y
+
+# Active response allows you to execute a specific
+# command based on the events received. For example,
+# you can block an IP address or disable access for
+# a specific user.
+# More information at:
+# https://ossec.github.io/docs/manual/ar/
+#
+# - Do you want to enable active response? (y/n) [y]:
+export USER_ENABLE_ACTIVE_RESPONSE=y
+
+# - By default, we can enable the host-deny and the
+# firewall-drop responses. The first one will add
+# a host to the /etc/hosts.deny and the second one
+# will block the host on iptables (if linux) or on
+# ipfilter (if Solaris, FreeBSD or NetBSD).
+# - They can be used to stop SSHD brute force scans,
+# portscans and some other forms of attacks. You can
+# also add them to block on snort events, for example.
+#
+# - Do you want to enable the firewall-drop response? (y/n) [y]:
+export USER_ENABLE_FIREWALL_RESPONSE=y
+
+# Do you want to add more IPs to the white list? (y/n)? [n]:
+# if set to y, installer will ask you to enter the list of IPs
+# if you want to use this feature, you must also export USER_NO_STOP=no
+export USER_WHITE_LIST=n
+
+# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
+export USER_ENABLE_SYSLOG=y
diff --git /home/hasanka/.cache/yay/ossec-hids/ossec.install /home/hasanka/.cache/yay/ossec-hids/ossec.install
new file mode 100644
index 0000000..2fcdd26
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/ossec.install
@@ -0,0 +1,23 @@
+# arg 1: the new package version
+post_install() {
+ getent group ossec >/dev/null || groupadd -g 525 ossec
+ getent passwd ossec >/dev/null || useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec
+ getent passwd ossecm >/dev/null || useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm
+ getent passwd ossecr >/dev/null || useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr
+
+ echo ">> Documentation: https://ossec.github.io/docs/"
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+# arg 1: the old package version
+post_remove() {
+ userdel ossec &>/dev/null
+ userdel ossecm &>/dev/null
+ userdel ossecr &>/dev/null
+ groupdel ossec &>/dev/null
+}
+
+# vim:set ts=2 sw=2 et:
diff --git /home/hasanka/.cache/yay/ossec-hids/ossec.service /home/hasanka/.cache/yay/ossec-hids/ossec.service
new file mode 100644
index 0000000..ceff8df
--- /dev/null
+++ /home/hasanka/.cache/yay/ossec-hids/ossec.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=OSSEC Host-based Intrusion Detection System
+
+[Service]
+Type=forking
+ExecStart=/var/ossec/bin/ossec-control start
+ExecStop=/var/ossec/bin/ossec-control stop
+
+[Install]
+WantedBy=basic.target
(END)i tried editing this with keystroke 'v' and it says,
Cannot edit standard input (Press RETURN)so just input 'q' and it gives a prompt
==> Proceed with install? [Y/n] and after a while gives out the previously mentioned error, pasted again for reader's convenience.
- No action was made to configure the OSSEC HIDS to start
during the boot. Add the following line to your init script:
/home/hasanka/.cache/yay/ossec-hids/pkg/ossec-hids//var/ossec/bin/ossec-control start
sed: no input files
==> ERROR: A failure occurred in package().
Aborting...
Error making: ossec-hidsthanks in advance
Last edited by luciferHasa (2018-08-21 02:49:49)
Offline
#2 2018-08-21 02:58:22
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,426
- Website
Re: OSSEC HIDS: unknown installation error:
Moving to AUR Issues...
Offline
#3 2018-08-21 03:44:29
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,374
- Website
Re: OSSEC HIDS: unknown installation error:
Build with makepkg. If that fails, post the complete makepkg command and all output.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#4 2018-08-21 03:48:56
- luciferHasa
- Member
- Registered: 2018-08-20
- Posts: 29
Re: OSSEC HIDS: unknown installation error:
found out someone else faced the same problem as well
https://aur.archlinux.org/packages/ossec-hids/
ill try what you said rn thanks
Offline
#5 2018-08-21 03:53:31
- luciferHasa
- Member
- Registered: 2018-08-20
- Posts: 29
Re: OSSEC HIDS: unknown installation error:
will downloading the package and trying to install it manually as this site says work in arch as well? do you think it'll work or maybe will i have to try find out?
Offline
#6 2018-08-21 04:01:24
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,426
- Website
Re: OSSEC HIDS: unknown installation error:
Read the wiki page on the AUR and learn how it works, not some stupid blog post for Ubuntu.
Offline