# wazuh-agent port from github



## rainer_d (Dec 19, 2017)

Hi,

somebody created a port of this:

https://github.com/RainbowHackerHorse/ports-wazuh

I tried to build it, but it seems to want gcc.

I've added the "USES_GCC= yes" to the Makefile, but it somehow still relies on a gcc command that isn't where it seems to look for it.

Anybody know what to do in such cases?


----------



## SirDice (Dec 19, 2017)

Try contacting the owner. He may want to get this in the ports tree but isn't finished yet.



> This is an attempt to port Wazuh to the FreeBSD Ports Tree.
> [/code]


----------



## rainer_d (Dec 19, 2017)

ok, I'll try.

Also, the author is actually female. I made the same mistake at first. But the github account is named "RainbowHackerHorse" for a reason (and not Stallion)....
;-)


----------



## SirDice (Dec 19, 2017)

rainer_d said:


> Also, the author is actually female.


Oops. Now that you mention it. The profile picture does indeed look distinctly female.


----------



## tobik@ (Dec 19, 2017)

rainer_d said:


> Anybody know what to do in such cases?


Remove USE_GCC again and try with BINARY_ALIAS= gcc=${CC} first. Only readd USE_GCC=yes as a last resort.


----------



## rainer_d (Dec 19, 2017)

Doesn't make a difference.

```
# $FreeBSD$

PORTNAME=       wazuh
PORTVERSION=    2.1.0
DISTVERSIONPREFIX=      v
PORTREVISION?=  0
CATEGORIES=     security
USE_GITHUB=     yes
GH_ACCOUNT=     wazuh
GH_TAGNAME=     v2.1.0
PKGNAMESUFFIX=  -agent

MAINTAINER=     [email]jonathan@wazuh.com[/email]
COMMENT?=       Security tool to monitor and check logs and intrusions

CFLAGS+=        -ferror-limit=0

USES=           gmake readline
USE_OPENSSL=    yes
#USE_GCC= yes
BINARY_ALIAS= gcc=${CC}

.if defined(MAINTAINER_MODE)
UID_FILES+=     ../../UIDs
GID_FILES+=     ../../GIDs
.endif
USERS=          ossec ossecm ossecr
GROUPS=         ossec

.if !defined(CLIENT_ONLY)
OPTIONS_DEFINE= MYSQL PGSQL

USES+=          shebangfix
SHEBANG_LANG=   expect
expect_OLD_CMD= "/usr/bin/env expect"
expect_CMD=     ${LOCALBASE}/bin/expect
.endif

OPTIONS_DEFINE+=        DOCS

SUB_LIST=       PORTNAME=${PORTNAME}
SUB_FILES=      pkg-message
PLIST_SUB=      PORTNAME=${PORTNAME}
DOCSFILES=      BUGS CONFIG CONTRIBUTORS INSTALL LICENSE
PORTDOCS=       ${DOCSFILES}

#WRKSRC_SUBDIR= src
USE_GMAKE=      yes
PLIST=          ${.CURDIR}/pkg-plist

.include <bsd.port.pre.mk>

do-build:
        cd ${WRKSRC}/src && ${GMAKE} TARGET=agent PREFIX=/opt/
do-install:
        @${CP} ${WRKSRC}/etc/ossec-agent.conf* ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample   
.include <bsd.port.mk>
```


----------



## tobik@ (Dec 19, 2017)

rainer_d said:


> ```
> .include <bsd.port.pre.mk>
> 
> do-build:
> ...


This is very wrong (BINARY_ALIAS can't have any effect if gmake is run like this) and my best guess is that it should be replaced by

```
BUILD_WRKSRC= ${WRKSRC}/src
MAKE_ARGS= TARGET=agent PREFIX=/opt/
```
But the whole port is a mess unfortunately . It also misses a pkg-plist and pkg-descr so you'll have to fix this too if you want it to build.


----------



## rainer_d (Dec 19, 2017)

Hm, yes.
I'll try to look at it over the holidays, I guess.

I'm really just a "consumer" of ports, normally. But I have a need to have the wazuh agent for FreeBSD....


----------



## Rainbow (Dec 19, 2017)

Hey folks. RainbowHackerHorse here.
I'm aware the port is broken, but thanks for the criticism ;p
In all seriousness, it was never completed. I was working on this as a side-project at work in conjunction with some folks from the Wazuh team. Something happened to the guy I was collaborating with, and then I got busy with other things.
I'll be trying to set aside some time to actually work on this very soon, and get it up to snuff. Got a perpetually open tab with the Porter's Handbook up, and a friend of mine who's committed to core in the past planning on reviewing it with me before I submit, just to be extra safe 
Feel free to keep checking the GitHub project for updates.
(And for the record, just as an aside, half the stuff in that Makefile makes me cringe too, and was courtesy of the guy I was working with... I plan on reverting his changes and starting back from where I got to on my own, before I try to finish this.)


----------



## Rainbow (Dec 19, 2017)

SirDice said:


> Try contacting the owner. She may want to get this in the ports tree but isn't finished yet.


Exactly. Too many things to do, not enough time, I'm afraid. Luckily, I've been working my way through porting a piece of software I wrote, and that'll help me tackle getting Wazuh into ports as well, hopefully shortly.


----------



## SirDice (Dec 19, 2017)

Rainbow said:


> RainbowHackerHorse here.


Apologies for assuming you were male.


----------



## Rainbow (Dec 20, 2017)

SirDice said:


> Apologies for assuming you were male.


oh no! someone assumed I was a guy on the internet! How ever will i survive? /s
No sweat. I'm more worried about Makefiles than whether someone thinks I'm a dude.


----------



## Edgeman (Sep 13, 2019)

Take a look at security/wazuh-agent now


----------



## rainer_d (Sep 14, 2019)

Yes, saw it. Thanks for your work. Will try out in due time.


----------



## Edgeman (Sep 18, 2019)

Wasn't me, I've just been following along 
Needs an update to 3.10 now, and also I don't think it comes with an init script yet.


----------



## borkbork (Apr 26, 2020)

If anyone is looking for an rc script, I wrote one that works. 


```
#!/bin/sh

. /etc/rc.subr

name="wazuh_agent" # How the service will be invoked from service
rcvar="${name}_enable" # The variable in rc.conf that will allow this service to run
load_rc_config $name # Loads the config file, if relevant.

extra_commands="status"

start_cmd="/var/ossec/bin/ossec-control start ; echo Wazuh-Agent started"
stop_cmd="/var/ossec/bin/ossec-control stop ; echo Wazuh-Agent stopped"
status_cmd="/var/ossec/bin/ossec-control status"

run_rc_command "$1"
```

How can we get something like this into the port?


----------



## rigoletto@ (Apr 26, 2020)

You can open a bug report (preferentially with a patch  ) or contact the maintainer.


----------

