That's what I thought :) I stopped chatting with him after several more exchanges and am just going to have another engineer install it. He must be in a bad mood today :P
On Tue, Feb 22, 2011 at 11:08 AM, dan (ddp) <[email protected]> wrote: > I'm going to try not to be too snarky with my response (not directed > at you, but at the "installing gcc is insecure!" mentality). > Emphasis on try. ;) > > On Tue, Feb 22, 2011 at 1:49 PM, jplee3 <[email protected]> wrote: > > Hey all, > > > > One of the syseng's here was complaining about how having GCC on a > > publicly accessible server is insecure, etc. I partly agree, except > > couldn't we just install GCC, then install OSSEC, then remove GCC? > > > > Yes. You could install gcc, install OSSEC, and then remove gcc. > Just like an attacker can break in, install gcc, do the deed, and > uninstall gcc (although if they use packages and don't shut off OSSEC > you'll get an alert ;)). > /me rages > > > > > Anyway, that's beside the point... I wanted to ask, if it is possible, > > how one would go about copying an OSSEC installation from one server > > to another (assuming both servers have the same OS installed). I'd > > imagine it would probably not be the most trivial thing to do > > (compared to simply having GCC installed and then uninstalling once it > > is no longer required). I'm guessing the following steps would need to > > be taken at least: > > > > 1) Stop OSSEC > > 2) Tar.gz the current OSSEC directory (as well as OSSEC init and > > startup conf/script) > > Remember to use -p (or a GNU equivalent) to preserve permissions. > > > 3) Copy to server B > > 4) Create the OSSEC username/group on server B > > Keeping the uids/guid the same if possible. > > > 5) Untar the OSSEC dir and clear the log files > > 6) Run manage_agents on server/agent to add and initialize > > 7) Start OSSEC > > > > > > I'm just afraid that there might be other quirks with trying to do it > > this way - any thoughts/advice? > > > > I've already opened a ticket to have another syseng install GCC in the > > meantime (to avoid the hassle). Of course, if OSSEC had been installed > > on these servers in accordance with our policy, to begin with, I > > wouldn't be asking any of these fun questions. :) > > > http://www.ossec.net/doc/manual/installation/installation-binary.html?highlight=binary > > I haven't tried the binary install methods, but I don't remember > seeing many issues with it. >
