1 Reply Latest reply: Oct 21, 2012 8:58 PM by Chris_D RSS

    install ossec on virtualbox solaris11

    956809
      hi, when i tried many times to install the ossec on the virtualbox solaris 11, this problem appeared always. What's more, each time, the word "arUGayud" in this line [ar: cannot rename arUGayud to libz.a: Text file busy] changed, like a random.
      e.g.

      root@solaris11-11:/mnt/sf_shared_folders/ossec-hids-2.6# ./install.sh
      ...
      [ar: cannot rename arNNa4Ud to libz.a: Text file busy]
      ...

      root@solaris11-11:/mnt/sf_shared_folders/ossec-hids-2.6# ./install.sh
      ...
      [ar: cannot rename arjyaWge to libz.a: Text file bus]
      ...
      anyone can help me and tell me why?

      root@solaris11-11:/mnt/sf_shared_folders/ossec-hids-2.6# ./install.sh

      ** Para instala����o em portugu��s, escolha [br].
      ** ���������������������������, ��������� [cn].
      ** Fur eine deutsche Installation wohlen Sie [de].
      ** ������ ���������������������� ������ ����������������, ���������������� [el].
      ** For installation in English, choose [en].
      ** Para instalar en Espa��ol , eliga [es].
      ** Pour une installation en fran��ais, choisissez [fr]
      ** Per l'installazione in Italiano, scegli [it].
      ** ���������������������������������������������������������������jp].
      ** Voor installatie in het Nederlands, kies [nl].
      ** Aby instalowa�� w j��zyku Polskim, wybierz [pl].
      ** ������������������������� ���� ������������������ ���� �������������� ,�������������� [ru].
      ** Za instalaciju na srpskom, izaberi [sr].
      ** T��rk��e kurulum i��in se��in [tr].
      (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]:



      OSSEC HIDS v2.6 Installation Script - http://www.ossec.net

      You are about to start the installation process of the OSSEC HIDS.
      You must have a C compiler pre-installed in your system.
      If you have any questions or comments, please send an e-mail
      to dcid@ossec.net (or daniel.cid@gmail.com).

      - System: SunOS solaris11-11 5.11
      - User: root
      - Host: solaris11-11


      -- Press ENTER to continue or Ctrl-C to abort. --


      1- What kind of installation do you want (server, agent, local or help)?
      server

      - Server installation chosen.

      2- Setting up the installation environment.

      - Choose where to install the OSSEC HIDS [var/ossec]:


      - Installation will be made at /var/ossec .

      3- Configuring the OSSEC HIDS.

      3.1- Do you want e-mail notification? (y/n) [y]:
      n

      --- Email notification disabled.

      3.2- Do you want to run the integrity check daemon? (y/n) [y]:


      - Running syscheck (integrity check daemon).

      3.3- Do you want to run the rootkit detection engine? (y/n) [y]:


      - Running rootcheck (rootkit detection).

      3.4- Active response allows you to execute a specific
      command based on the events received. For example,
      you can block an IP address or disable access for
      a specific user.
      More information at:
      http://www.ossec.net/en/manual.html#active-response

      - Do you want to enable active response? (y/n) [y]:


      - Active response enabled.

      - By default, we can enable the host-deny and the
      firewall-drop responses. The first one will add
      a host to the /etc/hosts.deny and the second one
      will block the host on iptables (if linux) or on
      ipfilter (if Solaris, FreeBSD or NetBSD).
      - They can be used to stop SSHD brute force scans,
      portscans and some other forms of attacks. You can
      also add them to block on snort events, for example.

      - Do you want to enable the firewall-drop response? (y/n) [y]:


      - firewall-drop enabled (local) for levels >= 6

      - Default white list for the active response:
      - 10.13.2.6
      - 10.1.23.6

      - Do you want to add more IPs to the white list? (y/n)? [n]:


      3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:


      - Remote syslog enabled.

      3.6- Setting the configuration to analyze the following logs:
      -- /var/log/authlog
      -- /var/log/syslog
      -- /var/adm/messages

      - If you want to monitor any other file, just change
      the ossec.conf and add a new localfile entry.
      Any questions about the configuration can be answered
      by visiting us online at http://www.ossec.net .


      --- Press ENTER to continue ---



      5- Installing the system
      - Running the Makefile

      *** Making zlib (by Jean-loup Gailly and Mark Adler) ***
      gcc -c -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"zlib\" -DXML_VAR=\"var\" -DOSSECHIDS *.c
      ar cru libz.a *.o
      ar: cannot rename arUGayud to libz.a: Text file busy
      *** Error code 1
      make: Fatal error: Command failed for target `shared'
      Current working directory /mnt/sf_shared_folders/ossec-hids-2.6/src/external/zlib-1.2.3
      cp -pr zlib.h zconf.h ../../headers/
      cp -pr libz.a ../



      *** Making os_xml ***

      gcc -DXML_VAR=\"var\" -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DUSE_OPENSSL -DSOLARIS -DHIGHFIRST -DARGV0=\"os_xml\" -DXML_VAR=\"var\" -DOSSECHIDS -c os_xml.c os_xml_access.c os_xml_node_access.c os_xml_variables.c os_xml_writer.c
      ar cru os_xml.a os_xml.o os_xml_access.o os_xml_node_access.o os_xml_variables.o os_xml_writer.o
      ar: cannot rename arPFaGwd to os_xml.a: Text file busy
      *** Error code 1
      make: Fatal error: Command failed for target `xml'
      Current working directory /mnt/sf_shared_folders/ossec-hids-2.6/src/os_xml

      Error Making os_xml
      *** Error code 1
      The following command caused the error:
      /bin/sh ./Makeall all
      make: Fatal error: Command failed for target `all'

      Error 0x5.
      Building error. Unable to finish the installation.

      root@solaris11-11:/mnt/sf_shared_folders/ossec-hids-2.6#

      root@solaris11-11:/mnt/sf_shared_folders/ossec-hids-2.6# uname -a
      SunOS solaris11-11 5.11 11.0 i86pc i386 i86pc
        • 1. Re: install ossec on virtualbox solaris11
          Chris_D
          The filename is changing each time since it is a randomly generated temporary name.
          From the name of the folder parent (/mnt/sf_shared_folders/ ) it looks like you are trying to compile from a directory shared via virtualbox from the host OS.
          If this is so then it is very likely that something on the host OS is accessing the file and so marking it as used so nothing can rename it.
          Since the file is very quickly created then renamed even a quick look at the file by something else could cause this failure.

          Try extracting the source to a local directory instead and compiling from there (such as /var/tmp)
          I gave it a quick test on a Sol11 VM I have running and it compiled fine that way.