CentosFixFailedOSSEC

How to fix a failed ossec compilation on Centos

One tool that I like a lot is ossec (Open Source Security), which combines a powerful log analyzer, rootkit exterminator and binary checksum.

But, sometimes, you will bump into the following problem while trying to compile it on Centos:

 *** Making os_auth ***

make[1]: Entering directory `/root/INSTALLED/ossec-hids-2.7.1/src/os_auth'
gcc -g -Wall -I../ -I../headers  -DDEFAULTDIR=\"/var/ossec\" -DLOCAL -DUSE_OPENSSL -DUSEINOTIFY     
-DARGV0=\"ossec-authd\" -DXML_VAR=\"var\" -DOSSECHIDS  main-server.c ssl.c  ../addagent/validate.c
../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a 
../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o ossec-authd
In file included from /usr/include/krb5.h:8,
                 from /usr/include/openssl/kssl.h:72,
                 from /usr/include/openssl/ssl.h:165,
                 from auth.h:45,
                 from main-server.c:29:
/usr/include/krb5/krb5.h:7641:24: error: et/com_err.h: No such file or directory
In file included from /usr/include/krb5.h:8,
                 from /usr/include/openssl/kssl.h:72,
                 from /usr/include/openssl/ssl.h:165,
                 from auth.h:45,
                 from ssl.c:32:
/usr/include/krb5/krb5.h:7641:24: error: et/com_err.h: No such file or directory
make[1]: *** [auth1] Error 1
make[1]: Leaving directory `/root/INSTALLED/ossec-hids-2.7.1/src/os_auth'

Error Making os_auth
make: *** [all] Error 1

 Error 0x5.
 Building error. Unable to finish the installation.

Ooops! What happened? In my case, it was a simple case of a mixed-up yum database, that needed some scrubbing, and some packages that needed to be re-installed.

Here is how to do it:

1. Clean up RPM and yum.

Simple enough with the following commands:

# yum clean all
# rm -f /var/lib/rpm/__db*
# rpm --rebuilddb
# yum update

That's fairly radical, but it works pretty well.

2. Re-install the missing packages.

This is strictly for ossec compilation, but applying this to all your packages is not a bad idea. See point 3 below. On the same machine, Apache and PHP would also complain loudly that there were missing libraries for instance.

The commands shown below should do the trick for ossec:

# rpm -qa --filesbypkg | grep -i com_err.h
libcom_err-devel          /usr/include/et/com_err.h
# yum -y reinstall libcom_err-devel

This re-installs libcom_err-devel, which contains the library ossec was complaining about.

You can now check the result with the command below, and restart the compilation of ossec:

# find / -name com_err.h
/usr/include/et/com_err.h

If the command shown above displays com_err.h, then you are all set.

3. Fix all libs! For Great Justice!

A little bit more radical, but this also works very well:

# rpm -qa | grep -i ^lib | grep -v ssh | xargs yum -y reinstall

The command shown above will re-install all libs on your Centos server, excluding libssh, since you probably do not want to break openssh in the middle of a configuration fix session.

PLEASE NOTE While the command shown above fixed a lot of problems for me, it has the potential to be very destructive! Make sure you undertand what you are getting into and USE AT YOUR OWN RISKS!!

That's all for now, I hope this helps!

See Also: