Error: PostgreSQL client libraries not installed.

I was a bit frustrated with it, it seems as it if requires both MySQL and PostgreSQL to be installed to finish compiling. To get around this just install PostgreSQL that seems to do the trick.

# yum install postgresql

Running the main package seems to do the trick. Then try running setdb again:

# make setdb

If you prefer not to install PostgreSQL then you could try the instructions here: https://groups.google.com/forum/?fromgroups=#!topic/ossec-list/3BwJ2wxKAWo.

Hope this helps someone, I am sharing it because I had a challenge getting past it and found very little info out there on how to fix it.

Cheers

How cool is that? This is what it looks like when it’s not under an attack:

This was made by using Logstalgia, a website access log visualization. Gizmodo provides more context about whose data this was, just thought it was freaking neat.

Fortunately, it all started off with my presentation at WordCamp Miami, which was pretty awesome I might add.

It really kicked off with the big challenges presented by the apparent abuse of trust that came from the Social Media Widget plugin. If you didn’t hear, the original developer of the plugin sold the rights to a marketing firm, who then outsourced it to a freelancer. That freelancer then took it upon himself to inject code into the core of the plugin, so when it was pushed to the repository and notified everyone of updates it injected everyone with the payload. Nasty, I know. Talk about taking all the fun out of hacking, boo for laziness, yay for ingenuity. The obvious downside here being the abuse of trust as I just stated, making you wonder what is being done to address that very apparent vulnerability. What do you think?

Then the middle of the month really kicked off with some awesome brute-force attacks. It seemed to be well coordinated and kicked off by a public note from HostGator that got the entire community fired up, in a good way. For the longest time we have been talking about web-based brute force attacks, and many would argue that it was too unlikely because of the technological challenges involved, specifically network latency. I’d say this was a pretty good example of how little that really matters these days. The interesting bit of it all was the scale of the attack, but then you started to see all this funny business by security professionals blowing their speculations out of their water. There is a big difference saying that there is a large scale brute force attack going on, something fundamentally different to say there is an attack and they’re aiming to do X, especially without tangible data to back it up. The good news is we were able to capture some good data during that week of attacks that made for an interesting report.

These issues did generate a lot of good content, two posts I particular liked were by Ipstenu and were on False Security and Two Factor Authentication. You should read them.

Then finally, as the month had not just whooped our behinds, two of the most popular caching plugins are found to have a very serious vulnerability that allows for Remote Command Execution (RCE). What you didn’t hear most WAF companies say is that this attack was particular dangerous because of hard it is to track it, it was exploiting the commenting system built within WordPress and if you have spent any time looking at logs you know that those footprints, for comments, are very small. Regardless, the authors got praise for their response and the person disclosing got flack for disclosing the way he did, which was publicly. On that note, I do caution folks to be grateful he disclosed on the WordPress forums, had he gone underground or disclosed on other sources like SecLists it would have probably been blown out of proportion before it was ever fixed, making for somem sleepless nights.

All in all, as you might imagine, it was an interesting time for all.

Ah yes, be sure to tune in next week, I’ll be giving a live website security webinar with the folks over at ithemes on some of these things.

***Updated: 20130409****

Here is the video recording of my talk on the presentation above. Unfortunately we had a few technical difficulties so you’ll have to follow on the slide deck I have above.