Hey all, One of the syseng's here was complaining about how having GCC on a publicly accessible server is insecure, etc. I partly agree, except couldn't we just install GCC, then install OSSEC, then remove GCC?
Anyway, that's beside the point... I wanted to ask, if it is possible, how one would go about copying an OSSEC installation from one server to another (assuming both servers have the same OS installed). I'd imagine it would probably not be the most trivial thing to do (compared to simply having GCC installed and then uninstalling once it is no longer required). I'm guessing the following steps would need to be taken at least: 1) Stop OSSEC 2) Tar.gz the current OSSEC directory (as well as OSSEC init and startup conf/script) 3) Copy to server B 4) Create the OSSEC username/group on server B 5) Untar the OSSEC dir and clear the log files 6) Run manage_agents on server/agent to add and initialize 7) Start OSSEC I'm just afraid that there might be other quirks with trying to do it this way - any thoughts/advice? I've already opened a ticket to have another syseng install GCC in the meantime (to avoid the hassle). Of course, if OSSEC had been installed on these servers in accordance with our policy, to begin with, I wouldn't be asking any of these fun questions. :)
