Sysmon for Linux安装
2021-10-20 本文已影响0人
走错说爱你
Sysmon for Linux在不久前发布了,这里对其安装过程做了个记录
环境
不出网的内网机器:
- centos
- Python 3.8.6
安装过程
首先尝试官方提供的安装方法:
sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm
sudo yum install sysmonforlinux
嗯,安装失败,提示找不到这个包,于是尝试手动构建
首先安装其依赖:
sudo yum install build-essential gcc g++ make cmake libelf-dev llvm clang libxml2 libxml2-dev libzstd1 git libgtest-dev apt-transport-https dirmngr monodevelop googletest google-mock libjson-glib-dev
发现相当一部分依赖安装失败了,干脆先构建吧,到时候报啥错就装啥
在GitHub上下载源码:
源码下载
按照官方的教程,首先解压,然后进入目录:
cd SysmonForLinux
mkdir build
cd build
接着输入命令编译:
cmake ..
然后就开始报错了:
bash: cmake: 未找到命令...
安装软件包“cmake”以提供命令“cmake”? [N/y] y
* 正在队列中等待...
* 装入软件包列表...
下列软件包必须安装:
cmake-3.18.2-11.el8_4.x86_64 Cross-platform make system
cmake-data-3.18.2-11.el8_4.noarch Common data-files for cmake
cmake-filesystem-3.18.2-11.el8_4.x86_64 Directories used by CMake modules
cmake-rpm-macros-3.18.2-11.el8_4.noarch Common RPM macros for cmake
libuv-1:1.41.1-1.el8_4.x86_64 libuv is a multi-platform support library with a focus on asynchronous I/O.
继续更改? [N/y] y
* 正在队列中等待...
* 正在等待认证...
* 正在队列中等待...
* 正在下载软件包...
* 正在请求数据...
* 正在测试更改...
* 正在安装软件包...
cmake: symbol lookup error: cmake: undefined symbol: archive_write_add_filter_zstd
按照网上的教程,安装了libarchive:
yum install libarchive
然后运行命令还是报错:
CMake Error: CMake was unable to find a build program corresponding to "Unix Makefiles". CMAKE_MAKE_PROGRAM is not set. You probably need to select a different build tool.
CMake Error: CMAKE_C_COMPILER not set, after EnableLanguage
CMake Error: CMAKE_CXX_COMPILER not set, after EnableLanguage
-- Configuring incomplete, errors occurred!
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeOutput.log".
经过排查,发现是没有cmake,于是运行命令:
yum install make
然后再次运行命令,发现报了新的错:
[root@localhost build]# cmake ..
-- The C compiler identification is unknown
-- The CXX compiler identification is unknown
CMake Error at CMakeLists.txt:52 (project):
No CMAKE_C_COMPILER could be found.
Tell CMake where to find the compiler by setting either the environment
variable "CC" or the CMake cache entry CMAKE_C_COMPILER to the full path to
the compiler, or to the compiler name if it is in the PATH.
CMake Error at CMakeLists.txt:52 (project):
No CMAKE_CXX_COMPILER could be found.
Tell CMake where to find the compiler by setting either the environment
variable "CXX" or the CMake cache entry CMAKE_CXX_COMPILER to the full path
to the compiler, or to the compiler name if it is in the PATH.
-- Configuring incomplete, errors occurred!
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeOutput.log".
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeError.log".
于是安装gcc:
yum install gcc
然后再次运行命令,报了新的错:
[root@localhost build]# cmake ..
-- The C compiler identification is GNU 8.4.1
-- The CXX compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
CMake Error at CMakeLists.txt:52 (project):
No CMAKE_CXX_COMPILER could be found.
Tell CMake where to find the compiler by setting either the environment
variable "CXX" or the CMake cache entry CMAKE_CXX_COMPILER to the full path
to the compiler, or to the compiler name if it is in the PATH.
-- Configuring incomplete, errors occurred!
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeOutput.log".
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeError.log".
于是安装g++:
yum install gcc-c++
然鹅发现报错:
RPM软件包: 错误:db5 错误(-30969) 源自 dbenv->open:BDB0091 DB_VERSION_MISMATCH: Database environment version mismatch
RPM软件包: 错误:cannot open Packages index using db5 - (-30969)
RPM软件包: 错误:无法从 /var/lib/rpm 打开软件包数据库
下载的软件包保存在缓存中,直到下次成功执行事务。
您可以通过执行 'yum clean packages' 删除软件包缓存。
错误:不能执行事务。
经过百度,发现是rpm数据库被损坏了,运行命令修复:
sudo rm /var/lib/rpm/__**
rpm --rebuilddb
yum clean all
然后再次运行命令:
yum install gcc-c++
安装成功,然后再次运行cmake命令,发现了新的问题:
[root@localhost build]# cmake ..
-- The CXX compiler identification is GNU 8.4.1
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:165 (message):
Could NOT find LibXml2 (missing: LIBXML2_LIBRARY LIBXML2_INCLUDE_DIR)
(Required is at least version "2.0.0")
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:458 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindLibXml2.cmake:104 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:88 (find_package)
-- Configuring incomplete, errors occurred!
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeOutput.log".
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeError.log".
发现是缺少LibXml2库,于是在官网找到下载链接:ftp://xmlsoft.org/libxml2/,复制该链接到文件夹内,回车,复制最新版本的LibXml2,粘贴到桌面,上传到服务器中:
LibXml2下载
运行命令对文件解压:
tar zxvf libxml2-2.9.9.tar.gz
然后进入目录:
cd libxml2-2.9.9
运行命令安装:
sudo bash ./configure
make
make install
然后再次运行cmake命令,报了新的错:
[root@localhost build]# cmake ..
-- Found LibXml2: /usr/local/lib/libxml2.so (found suitable version "2.9.9", minimum required is "2.0.0")
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:165 (message):
Could NOT find GTest (missing: GTEST_LIBRARY GTEST_INCLUDE_DIR
GTEST_MAIN_LIBRARY)
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:458 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindGTest.cmake:205 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:307 (find_package)
-- Configuring incomplete, errors occurred!
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeOutput.log".
See also "/root/SysmonForLinux/build/CMakeFiles/CMakeError.log".
显示缺少GTest库,先去Github下载源码,然后传至服务器,解压源码:
tar xzvf googletest-release-1.11.0.tar.gz
然后进入目录:
cd googletest-release-1.11.0
运行命令创建Makefile:
cmake CMakeLists.txt
然后构建:
make
然后执行命令:
sudo cp ./lib/libgtest*.a /usr/lib
sudo cp –a ./googletest/include/gtest/*.* /usr/include/
然后重新运行cmake命令,还是之前的问题,在网上找了下,运行命令:
sudo yum update
然后重新运行cmake命令,出现了新的问题:
[root@localhost SysmonForLinux]# cmake ..
CMake Error: The source directory "/root" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
[root@localhost SysmonForLinux]# cd build/
[root@localhost build]# cmake ..
-- Found GTest: /usr/lib/libgtest.a
-- Configuring done
CMake Error at CMakeLists.txt:104 (add_executable):
Cannot find source file:
/root/SysmonForLinux/sysmonCommon/usage.c
Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
.hpp .hxx .in .txx
CMake Error at CMakeLists.txt:312 (add_executable):
Cannot find source file:
/root/SysmonForLinux/sysmonCommon/UnitTests/main.cpp
Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
.hpp .hxx .in .txx
CMake Error at CMakeLists.txt:104 (add_executable):
No SOURCES given to target: sysmon
CMake Error at CMakeLists.txt:312 (add_executable):
No SOURCES given to target: sysmonUnitTests
CMake Generate step failed. Build files cannot be regenerated correctly.
发现sysmonCommon文件夹下是空的,于是去GitHub下载该文件夹内容
下载sysmonCommon
然后解压完了上传到项目对应文件夹中,再次cmake安装,可算成功了:
[root@localhost build]# cmake ..
-- Configuring done
-- Generating done
-- Build files have been written to: /root/SysmonForLinux/build
然后执行make命令:
make
然后报错了:
[root@localhost build]# make
Scanning dependencies of target sysmonEBPFkern4.16
[ 0%] Built target sysmonEBPFkern4.16
Scanning dependencies of target sysmonEBPFkern5.2
[ 0%] Built target sysmonEBPFkern5.2
Scanning dependencies of target sysmonEBPFkern4.15
[ 0%] Built target sysmonEBPFkern4.15
Scanning dependencies of target checkEBPFsizes
[ 1%] Building C object CMakeFiles/checkEBPFsizes.dir/checkEBPFsizes/checkEBPFsizes.c.o
/root/SysmonForLinux/checkEBPFsizes/checkEBPFsizes.c:34:10: 致命错误:libelf.h:没有那个文件或目录
#include <libelf.h>
^~~~~~~~~~
编译中断。
make[2]: *** [CMakeFiles/checkEBPFsizes.dir/build.make:82:CMakeFiles/checkEBPFsizes.dir/checkEBPFsizes/checkEBPFsizes.c.o] 错误 1
make[1]: *** [CMakeFiles/Makefile2:360:CMakeFiles/checkEBPFsizes.dir/all] 错误 2
make: *** [Makefile:103:all] 错误 2
经过查看,的确没有这个头文件,通过以下命令解决:
yum install elfutils-libelf-devel
然后重新make,遇到了新的问题:
[root@localhost build]# make
[ 0%] Built target sysmonEBPFkern4.16
[ 0%] Built target sysmonEBPFkern5.2
[ 0%] Built target sysmonEBPFkern4.15
[ 2%] Built target checkEBPFsizes
[ 3%] Extracting sysmonmsg.mc.utf16
make[2]:/usr/lib/monodevelop/AddIns/MonoDevelop.TextTemplating/TextTransform.exe:命令未找到
make[2]: *** [CMakeFiles/sysmonLogView.dir/build.make:113:sysmonmsg.mc.utf16] 错误 127
make[1]: *** [CMakeFiles/Makefile2:278:CMakeFiles/sysmonLogView.dir/all] 错误 2
make: *** [Makefile:103:all] 错误 2
尝试使用网上的方法安装mono:
yum -y install yum-utils
rpm --import "http://keyserver.Ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"
yum-config-manager --add-repo http://download.mono-project.com/repo/centos/
yum install -y mono
因为机器为内网主机,失败了,于是尝试手动安装,首先安装其依赖:
yum -y install gcc gcc-c++ bison pkgconfig glib2-devel gettext make libpng-devel libjpeg-devel libtiff-devel libexif-devel giflib-devel libX11-devel freetype-devel fontconfig-devel cairo-devel
不出意外,又有部分包安装失败,先进行下一步,在官网下载libgdiplus包,传至服务器解压:
tar zxvf libgdiplus0-6.0.5.tar.gz
然后进入目录,运行命令:
./configure --prefix=/usr/mono
make
make install
echo "/usr/mono/lib" > /etc/ld.so.conf.d/mono.conf
然后下载Mono源码,运行命令:
tar xvf mono-6.12.0.122.tar.xz
cd mono-6.12.0.122
./configure --prefix=/usr/mono/
make
make install
echo PATH=/usr/mono/bin:$PATH>>~/.bash_profile
source ~/.bash_profile
ldconfig
完事了可以用命令验证一下:
mono --version
然而make还是原来的问题,在查找众多资料后无果,决定放弃,后面换一台机子再来
后记
后面换了台联网的机子,按照开头的官网的方法,安装十分丝滑,直接就装好了
无言以对无语凝噎无话可说
