Windows agent does not build completely on a Windows system about ossec-hids HOT 12 CLOSED

@awiddersheim @gaelmuller as they know a lot about the windows build and @gaelmuller submitted the event channel pull requests.

I have never built on windows as it's something that I don't care about as I have windows cross compiling without issues. But to help out with this I know we are gonna need more details on the setup and you are using to attempt to compile this. mingw install, ossec build instructions, whatever you do to help us out with this.

from ossec-hids.

@vichargrave could you also include a log of the output. Thank you

from ossec-hids.

Sorry, I haven't messed with the event channel stuff much. Most of my development has actually been on the 2.7.1 code and I just merged it into master. Will have to talk to @gaelmuller about the event channel stuff.

from ossec-hids.

@awiddersheim - Not really a big deal since it all builds on Linux. It's
just ironic that we can't build an OSSEC Windows agent on Windows. I'm a
CentOS/Ubuntu guy myself, but I have some stuff I want to do with the
registry integrity checking so it would be easier to develop and test on a
Windows system. I think this is a low priority in the grand scheme of
things. I just wanted to bring it to the community's attention.

At any rate I added this line to the win-pkg/make.bat file to build the
event channel:

"C:\MinGW\bin\gcc.exe" -o ossec-agent-eventchannel.exe -Wall
-DARGV0="ossec-agent" -DCLIENT -DWIN32 -DOSSECHIDS
-DEVENTCHANNEL_SUPPORT icon.o os_regex/.c os_net/.c os_xml/.c
zlib-1.2.8/.c config/.c shared/.c os_execd/.c os_crypto/blowfish/.c
os_crypto/md5/.c os_crypto/sha1/.c os_crypto/md5_sha1/.c
os_crypto/shared/.c rootcheck/*.c *.c -Iheaders/ -I. -lwsock32 -lwevtapi

I've enclosed the output I get from invoking make.bat. Line 36 is where
the fatality occurs:

read_win_event_channel.c:31:20: fatal error: winevt.h: No such file or
directory
#include <winevt.h>
^
The <winevt.h> header is not present in the MingW environment for Windows.
If there is a way to build the event channel stuff with the Mingw headers
that are included that would be better.

But again I don't think this is a high priority issue by any means.

On Thu, Mar 20, 2014 at 10:18 AM, awiddersheim [email protected]:

Sorry, I haven't messed with the event channel stuff much. Most of my
development has actually been on the 2.7.1 code and I just merged it into
master. Will have to talk to @gaelmuller https://github.com/gaelmullerabout the event channel stuff.

Reply to this email directly or view it on GitHubhttps://github.com//issues/152#issuecomment-38195133
.

from ossec-hids.

I wouldn't mind seeing the eventchannel stuff getting more love. While I don't think it is a big deal that it can't be compiled on Windows I would like to see it get fixed.

I even had issues getting it to compile on my RHEL machine because I couldn't find the right MingW packages. I don't think EPEL had them and RHEL doesn't ship with them. Granted I didn't try very hard to find the right ones but it was somewhat of a hassle none the less.

from ossec-hids.

I think if the event channel code is coerced to build on the MingW
environment on Windows, then I'm guessing it will build easily on RHEL or
CentOS.

On Thu, Mar 20, 2014 at 12:01 PM, awiddersheim [email protected]:

I wouldn't mind seeing the eventchannel stuff getting more love. While I
don't think it is a big deal that it can't be compiled on Windows I would
like to see it get fixed.

I even had issues getting it to compile on my RHEL machine because I
couldn't find the right MingW packages. I don't think EPEL had them and
RHEL doesn't ship with them. Granted I didn't try very hard to find the
right ones but it was somewhat of a hassle none the less.

Reply to this email directly or view it on GitHubhttps://github.com//issues/152#issuecomment-38207721
.

from ossec-hids.

All the compilation problems I have seen regarding eventchannel support was due to the use of the wrong mingw. You have to use Mingw-w64. It is the only one to support the new event API provided in winevt.h.

I did not test it on Windows though. Can you confirm that you are using http://mingw-w64.sourceforge.net ?

from ossec-hids.

I am not and as far as I can tell, mingw-64 is not available on Windows. By "available" I mean runs on Windows.

On Mar 20, 2014, at 1:53 PM, Gael Muller [email protected] wrote:

All the compilation problems I have seen regarding eventchannel support was due to the use of the wrong mingw. You have to use Mingw-w64. It is the only one to support the new event API provided in winevt.h.

I did not test it on Windows though. Can you confirm that you are using http://mingw-w64.sourceforge.net ?

—
Reply to this email directly or view it on GitHub.

from ossec-hids.

I have been reading up more on this and here is the best summary of the differences:

http://qt-project.org/wiki/MinGW-64-bit
http://sourceforge.net/apps/trac/mingw-w64/wiki/History

Basically Minge-w64 has more features and looks to be used by more and more cross compiling apps, but the team does not make binary releases of the software available.

from ossec-hids.

http://ascend4.org/Setting_up_a_MinGW-w64_build_environment this might have some info on how to do it on windows.

from ossec-hids.

OK thanks I'll take a look at it.

On Mar 21, 2014, at 10:03 PM, Jeremy Rossi [email protected] wrote:

http://ascend4.org/Setting_up_a_MinGW-w64_build_environment this might have some info on how to do it on windows.

—
Reply to this email directly or view it on GitHub.

from ossec-hids.

Closing this issue as no one is working to active address this on windows as the linux build works. please Reopen if this is a requirement for something :)

from ossec-hids.