I've had to rebuild ossec-hids with zeromq twice now on two different architechtures - Ubuntu 10.04 32bit and 14.04 64bit.
I figured I ought to at least reformat my ~/.bash_history file and call it a blog post.
Install dependencies
apt-get install \
build-essential autoconf automake autogen \
libtool pkg-config libssl-dev
Build libsodium
cd libsodium/
./autogen.sh
./configure --prefix=/opt/ossec/zmq
make -j -l1 --quiet
mkdir -p fpmroot/
rm -fr fpmroot/*
make DESTDIR=$PWD/fpmroot/ --quiet install
Create libsodium deb package
fpm -s dir -t deb \
-n libsodium \
-v 1.0.2 \
--iteration 1 \
-C $PWD/fpmroot/ .
Install the new package sudo dpkg -i libsodium_1.0.2-1_amd64.deb
Compile zeromq source with custom libsodium
cd libzmq/
./autogen.sh
PKG_CONFIG_PATH=/opt/ossec/zmq/lib/pkgconfig/ \
./configure --prefix=/opt/ossec/zmq
make -j -l1 --quiet
mkdir -p fpmroot/
rm -fr fpmroot/*
make DESTDIR=$PWD/fpmroot/ --quiet install
Create libzmq4 deb package
fpm -s dir -t deb -n libzmq4 \
-v 4.1.0 \
--iteration 1 \
-C $PWD/fpmroot/ \
.
Install the new package sudo dpkg -i libsodium_1.0.2-1_amd64.deb
Build czmq
cd czmq/
git checkout v3.0.0
./autogen.sh
PKG_CONFIG_PATH=/opt/ossec/zmq/lib/pkgconfig/ \
./configure --prefix=/opt/ossec/zmq
make -j -l1
mkdir -p fpmroot/ && rm -fr fpmroot/*
sudo make DESTDIR=$PWD/fpmroot/ install
Create czmq deb package
fpm -s dir -t deb \
-n czmq \
-v 3.0.0-rc1 \
--iteration 1 \
-C $PWD/fpmroot/ .
Install the new package sudo dpkg -i libzmq4_4.1.0-1_amd64.deb
Build ossec-hids
cd ossec-hids-2.8.1/
export LD_LIBRARY_PATH=/opt/ossec/zmq/lib
sudo ./install.sh
Verify
$ pgrep -l -f ossec
27190 ossec-analysisd
27194 ossec-logcollec
27199 ossec-remoted
27205 ossec-syscheckd
27208 ossec-monitord
comments powered by Disqus