Hello Group-- Here is my contribution to 2WoO. I have taken some ideas and methods from around the internet and in the Ossec-list and combined it with some of my own methodology and coding and created a working deployment package OssecHIDS for Windows Agents in larger groups. This was designed to create a customized and self-configuring MSI that can be setup for unattended install or with a full UI that technicians can use to install agents manually when needed.
I have outlined this in detail on my blog at http://philipshramko.blogspot.com/ in a 3 part series. Parts 1 and 2 are up now for review with some of the code. It's written more like a class than a how-to so that anyone reading it will understand what the scripts do, how to customize them and how they all tie together to make a complete deployment package. I'm going to be working on Part 3 tonight and will hopefully have it up before tomorrow morning. I'll also zip up all the files and try to get them hosted somewhere that you will be able to get them easily. I'm going to do my best to post everything with formatting intact but there are some long lines of code that need to be kept the way they are so keeping it all clean in the space it's all written in might be difficult. In keeping with the spirit of open-source software, everything used to create the package is open source or freely available. There are some pre-requisites that you will need to install onto a development box to get to a complete and working deployment platform. The good part about that is that if you need to create MSI packages regularly or from time to time you will end up with a very flexible and very powerful development platform for future projects as well as working OssecHIDS deployment system that you will be able to use to re-create automated OssecHIDS Windows MSI packages. You can re-build the deployment MSI whenever an updated Ossec Windows agent is available or when you add a new computer to your network in minutes instead of days or weeks. The intent of this is to save the members of the Ossec community much of the planning and development time currently associated with setting up the HIDS system in your environment. Thank you and enjoy.
