Sure -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Starks Sent: Tuesday, October 19, 2010 2:19 PM To: [email protected] Subject: RE: [ossec-list] 2WoO Kickoff: the week ahead
>I have some customers who use BigFix, so I am sure this will be helpful. >Thanks for sharing. They're the lucky ones then. :) I can't say enough good things about Bigfix. I discovered a Trojan on one of my machines today (not a rootkit, so it wasn't really hiding), and used Bigfix to verify that it was not on any of the other 2000 or so machines in about 10 minutes. Mostly I used it for security tasks now, but I grew up with it on the Systems Administration side, from about version 5 onward. >You note in your blog that you'll also try to do a write-up on how to use >batch files and psexec. I have done some work in this area but haven't >polished anything up. Perhaps we can collaborate? Sure. I wasn't thinking of anything fancy, something like this: - read a list of computer names from a text file - copy the installer - launch a silent install via psexec - extract the client key from the client.keys file that you get off the ossec server - copy it to the ossec client - copy a customized ossec.conf to the client - use "sc" to start the ossec agent remotely. >There's also someone else I did a bit of work with (he did most of it) who >I am pretty sure is planning on a 2WoO post of his method. >At the end of the week, we should have have 3 or 4 methods for Windows >agent deployment. We should correlate and document them on the wiki at >least. Ultimately, until we have key exchange, it would be nice to have a >completely free script (probably batch, but maybe something with Samba?) we >can continuously improve and support officially. Sounds great, I'm interested to see other approaches! Especially around the security implications of the client.keys. Secure, automated key exchange would be very nice in ossec.
