Compiling the OSSEC Windows Agent on Windows

Warning

As of 2.9 this is no longer supported. The Windows agent can be built on Linux systems. Patches to update the Windows compilation support are very welcome.

Note

Originally posted Compiling the OSSEC Windows Agent on Windows by mstarks, duplicated here with permission.

Most people that use the OSSEC Windows agent download a pre-compiled copy from the OSSEC site. While that is a good option for many individual users, it may not suit those with more specific needs and/or those in enterprise environments. Users who fall into those categories could benefit from customizing the agent and maintaining internal builds in order to suit their individual needs.

There are already instructions on how to compile the Windows agent on Linux, but ironically the process doesn’t work so well on Windows. I had a need to make this work on Windows, so I thought I would share the process with you.

Requirements:

Here are the steps:

  1. Download and install the required programs. Be sure to pay special attention to the steps for properly installing and configuring MinGW, particularly the part about modifying the PATH environment variable.
  2. Next, we.re going to extract OSSEC using 7-Zip. To do so, simply right-click on the file and select 7-Zip, extract to “folder name.tar,” where folder name is the name of the package. This decompresses the archive. Navigate within that folder and repeat this step to untar the archive. At this point, you should see all of the files in the package.
  3. Place gen_win.txt in the src\win32 folder and rename the extension to .cmd.
  4. Download Unix2DOS and place it in the src\win32 folder
  5. Open a command prompt. Navigate to src\win32, make any desired customizations, and execute gen_win.cmd. This should gather all of the required files and place them in src\win-pkg.
  6. Next, we compile the Windows agent by navigating to src\win-pkg and executing make.bat (I assume you have the chops to know how to change directories :) ).
  7. Now we have all of the files we need but no way to effectively install it. To generate the installer, simply execute the NSIS compiler like so: "c:\Program Files\NSIS\makensis.exe" ossec-installer.nsi

If you see no errors and a binary named ossec-win32-agent.exe, everything was successful. Congratulations, you now have a custom-made version of OSSEC!

Table Of Contents

Previous topic

Unattended Source Installation

Next topic

Compiling OSSEC 2.9 with MinGW: