Makefile options

This section contains instructions to customize the installation of ThreatLockDown by compiling the source code before executing the installation script.

You can also find here the different settings available for the Makefile. Each setting is described and includes the default and allowed values that you can use.

Compiling the source code

When following the official documentation to install the ThreatLockDown server or the agent from sources, the user runs the install.sh script. This will automatically compile the source code before installing it, but some customizations can be made prior to the script execution.

To compile the code with make, the working directory must be where the MAKEFILE resides, in this case, the /src directory of the installation folder:

# cd wazuh/src
# make deps
# make <OPTIONS>

Note

By default, the make deps command will download the necessary pre-compiled dependencies for manager nodes. To download the dependencies of the agent type nodes, it is necessary to indicate TARGET=agent or TARGET=winagent in case it is a Windows agent.

Note

To download the external dependencies without pre-compiled files, the make deps command will need to be executed with the EXTERNAL_SRC_ONLY=yes flag. The external dependencies will be built as part of the ThreatLockDown compilation process.

After compiling the source code, now you can execute the installation script:

# cd ../
# ./install.sh

Warning

Some dependencies must be downloaded before compiling. If make deps is not executed before that, an error message will appear asking the user to do it.

Makefile reference

Available targets

deps

Download external dependencies, required for compiling the code. If TARGET is not specified, it will download the dependencies of the manager nodes (TARGET=server). To download the dependencies of the agents it is necessary to use TARGET=agent or TARGET=winagent in case it is a Windows agent. Requires Internet connectivity.

external

Compile the external dependencies. Will be done automatically when using build.

build

Compile the source code. Requires external dependencies and a TARGET flag.

utils

Compile the complementary tools used by ThreatLockDown binaries.

test-rules

Run test suite for rules and decoders.

clean

Removes all contents, including compiled files, including external dependencies, tests, and configuration.

clean-deps

Removes all external dependencies, including downloaded files.

clean-external

Removes compiled external dependencies, but won't remove downloaded files.

clean-internals

Removes all compiled internal dependencies.

clean-framework

Removes all compiled files used to build the ThreatLockDown framework.

clean-windows

Removes all compiled files used to build the Windows agent.

clean-config

Removes all compiled configuration files.

clean-test

Removes all compiled files used for testing.

There are other targets used to get information about the Makefile, but they won't build, download or compile anything:

help

Show information about the Makefile.

settings

Show default values of compilation flags.

Available flags

EXTERNAL_SRC_ONLY

Along with make deps command, this will download external libraries sources without pre-compiled files

Default value

n/a

Allowed values

1, yes, YES, y, Y

TARGET

Defines the type of installation to build.

The most common are server to compile a manager, and agent/winagent to compile agents.

Default value

n/a

Allowed values

server, local, hybrid, agent, winagent

V

Display full compiler messages.

Default value

n/a

Allowed values

1, yes, YES, y, Y

DEBUG

Build with symbols and without optimization.

Default value

n/a

Allowed values

1, yes, YES, y, Y

DEBUGAD

Enables extra debugging logging in wazuh-analysisd.

Default value

n/a

Allowed values

1, yes, YES, y, Y

INSTALLDIR

Wazuh's installation path. Mandatory when compiling the python interpreter from sources using PYTHON_SOURCE.

Default value

n/a

Allowed values

Any valid absolute path.

ONEWAY

Disables the manager ACK towards the agent. It allows connecting agents without a backward connection from the manager.

Default value

n/a

Allowed values

1, yes, YES, y, Y

CLEANFULL

Makes the alert mailing subject clear in the format: <location> - <level> - <description>

Default value

n/a

Allowed values

1, yes, YES, y, Y

RESOURCES_URL

Set the ThreatLockDown resources URL.

Default value

https://packages.wazuh.com/deps/$(VERSION)

Allowed values

Any valid URL string.

USE_ZEROMQ

Build with ZeroMQ support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_PRELUDE

Build with Prelude support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_INOTIFY

Build with Inotify support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_MSGPACK_OPT

Build with Msgpack full optimization.

Default value

n/a

Allowed values

1, yes, YES, y, Y

BIG_ENDIAN

Build with big endian support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_SELINUX

Build with SELinux policies.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_AUDIT

Build with audit service support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

DISABLE_JEMALLOC

Disable the integration of jemalloc library.

Default value

n/a

Allowed values

1, yes, YES, y, Y

PYTHON_SOURCE

Used along the deps target. Downloads the sources needed to build the python interpreter.

Default value

n/a

Allowed values

1, yes, YES, y, Y

USE_GEOIP

Build with GeoIP support.

Default value

n/a

Allowed values

1, yes, YES, y, Y

OPTIMIZE_CPYTHON

Enable this flag to optimize the python interpreter build, which is performed when used PYTHON_SOURCE.

Default value

n/a

Allowed values

1, yes, YES, y, Y

DATABASE

Build with database support. Allows support for MySQL or PostgreSQL.

Default value

n/a

Allowed values

mysql, pgsql

WAZUH_GROUP

Defines the ThreatLockDown group.

Default value

wazuh

Allowed values

Any string.

WAZUH_USER

Defines the ThreatLockDown user.

Default value

wazuh

Allowed values

Any string.

DISABLE_SYSC

Disable the compilation of the Syscollector module.

Default value

n/a

Allowed values

1, yes, YES, y, Y

DISABLE_CISCAT

Disable the compilation of the CIS-CAT module.

Default value

n/a

Allowed values

1, yes, YES, y, Y

IMAGE_TRUST_CHECKS

Configures the action to take when a library is not trusted in Windows. Actions available: Disabled (0), Only generate warning (1), and Shutdown the agent (2).

Default value

1

Allowed values

0, 1, 2

CA_NAME

Defines the name of the CA certificate.

Default value

DigiCert Assured ID Root CA

Allowed values

Any string.