Hi Abhisek If each user can only access the zip file (with the key and config) for his own box, I think you are ok. The issue is that if any user can download the keys from the other systems you may have a problem. The way I did before was to run some scripts to push the keys individually to each box along with the ossec package. That might be easier than to set up the web server...
Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Tue, Oct 7, 2008 at 5:37 AM, abhisek sanyal <[EMAIL PROTECTED]> wrote: > > Hello all, > I have been working on an idea of automating the ossec windows > agent setup. The process is, when the Ossec Agent is installed on the > system, the updated "client.keys" and "ossec.conf" will be copied > along with it (The ossec agent setup file, client.keys and ossec.conf > file are all available through a single zip file) > Every time an Ossec Agent is added, the "client.key" for this agent > and the "ossec.conf" file with the updated "Ossec Server Ip" will be > all put in a zip file. The user downloads the zip file for his system > and runs the "Ossec Windows Agent" Setup. I have tweaked the setup > file to copy the "ossec.conf" and "client.keys" to the relevant path > at the end of the installation. It will also start the "Ossec Agent" > on the windows system. > The "zip" files will be available after authenticating to a web > server from where he proceeds to download it. My concern is that if > all the "client.keys" are made available in a web server in its > individual zip file (along with Ip Address and Hostname description), > how big a hole am I opening in the Ossec Client-Server setup ? > I don't know how to determine which is a Windows / Linux agent > (without additional input while adding it), so I am also ending up > creating "zip" files for even linux agents. > > With Regards, > Abhisek Sanyal >
