Hi, You could use password setting <https://documentation.wazuh.com/current/user-manual/agents/registering-agents/register-agent-authd.html#use-a-password-to-authorize-agents> for ossec-authd and/or SSL certificates to validate/authorize incoming requests, using those capabilities could help you justify have the service running all time. At the end every service listening in a server could by "risky" but it does not mean you MUST have ossec-authd disabled.
Once script that help me out in the past is: *#!/usr/bin/env bash* > > *# Stop previous ossec-authd instances**# Boot ossec-authd* > > *echo "Starting ossec-authd..."* > *. /etc/ossec-init.conf* > *echo "Killing previous instances..."* > *pkill ossec-authd* > *$DIRECTORY/bin/ossec-authd -f0 -i -P > /dev/null 2>&1 &* > *echo "ossec-authd started"**ps aux | grep ossec-authd | grep -v grep* Maybe you can switch on/off easily ossec-authd server like that. Best, Pedro. On Wed, May 3, 2017 at 5:01 PM, Martinouh <martin...@gmail.com> wrote: > Hello, > > I'd like to keep my manager listening to new agent willing to register, > because my infrastructure will often change. > > But I've read that ossec-authd should not be running all the time for > security. > > So how am i supposed to do if I want to add new agent very often, do I > have to always launch the ossec-authd on the manager ? > > Best regards. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
