Hello all, I have been working on an idea of automating the ossec windows agent setup. The process is, when the Ossec Agent is installed on the system, the updated "client.keys" and "ossec.conf" will be copied along with it (The ossec agent setup file, client.keys and ossec.conf file are all available through a single zip file) Every time an Ossec Agent is added, the "client.key" for this agent and the "ossec.conf" file with the updated "Ossec Server Ip" will be all put in a zip file. The user downloads the zip file for his system and runs the "Ossec Windows Agent" Setup. I have tweaked the setup file to copy the "ossec.conf" and "client.keys" to the relevant path at the end of the installation. It will also start the "Ossec Agent" on the windows system. The "zip" files will be available after authenticating to a web server from where he proceeds to download it. My concern is that if all the "client.keys" are made available in a web server in its individual zip file (along with Ip Address and Hostname description), how big a hole am I opening in the Ossec Client-Server setup ? I don't know how to determine which is a Windows / Linux agent (without additional input while adding it), so I am also ending up creating "zip" files for even linux agents.
With Regards, Abhisek Sanyal
