I'm going to try not to be too snarky with my response (not directed at you, but at the "installing gcc is insecure!" mentality). Emphasis on try. ;)
On Tue, Feb 22, 2011 at 1:49 PM, jplee3 <[email protected]> wrote: > Hey all, > > One of the syseng's here was complaining about how having GCC on a > publicly accessible server is insecure, etc. I partly agree, except > couldn't we just install GCC, then install OSSEC, then remove GCC? > Yes. You could install gcc, install OSSEC, and then remove gcc. Just like an attacker can break in, install gcc, do the deed, and uninstall gcc (although if they use packages and don't shut off OSSEC you'll get an alert ;)). /me rages > > Anyway, that's beside the point... I wanted to ask, if it is possible, > how one would go about copying an OSSEC installation from one server > to another (assuming both servers have the same OS installed). I'd > imagine it would probably not be the most trivial thing to do > (compared to simply having GCC installed and then uninstalling once it > is no longer required). I'm guessing the following steps would need to > be taken at least: > > 1) Stop OSSEC > 2) Tar.gz the current OSSEC directory (as well as OSSEC init and > startup conf/script) Remember to use -p (or a GNU equivalent) to preserve permissions. > 3) Copy to server B > 4) Create the OSSEC username/group on server B Keeping the uids/guid the same if possible. > 5) Untar the OSSEC dir and clear the log files > 6) Run manage_agents on server/agent to add and initialize > 7) Start OSSEC > > > I'm just afraid that there might be other quirks with trying to do it > this way - any thoughts/advice? > > I've already opened a ticket to have another syseng install GCC in the > meantime (to avoid the hassle). Of course, if OSSEC had been installed > on these servers in accordance with our policy, to begin with, I > wouldn't be asking any of these fun questions. :) http://www.ossec.net/doc/manual/installation/installation-binary.html?highlight=binary I haven't tried the binary install methods, but I don't remember seeing many issues with it.
