Exactly... like why OSSEC needs to be installed and if we can uninstall it :)
On Tue, Feb 22, 2011 at 12:34 PM, dan (ddp) <[email protected]> wrote: > They'll just whine about something else. ;) > > On Tue, Feb 22, 2011 at 3:24 PM, Jeremy Lee <[email protected]> wrote: > > Thanks guys. Got it. The binary install worked perfectly. So hopefully I > > won't hear any more whining in the near future.... > > > > On Tue, Feb 22, 2011 at 12:01 PM, Joel Brooks <[email protected]> > > wrote: > >> > >> Hey, > >> > >> there's an entry in the FAQ about this... > >> > >> http://www.ossec.net/wiki/Know_How:BinaryInstall > >> > >> J > >> > >> On Feb 22, 2:38 pm, Jeremy Lee <[email protected]> wrote: > >> > As luck would have it, the same engineer was assigned to the ticket I > >> > opened! :D > >> > > >> > *sigh* > >> > > >> > Guess I'll be trying the binary-install method. > >> > > >> > On Tue, Feb 22, 2011 at 11:34 AM, Jeremy Lee <[email protected]> > wrote: > >> > > That's what I thought :) I stopped chatting with him after several > >> > > more > >> > > exchanges and am just going to have another engineer install it. He > >> > > must be > >> > > in a bad mood today :P > >> > > >> > > On Tue, Feb 22, 2011 at 11:08 AM, dan (ddp) <[email protected]> > wrote: > >> > > >> > >> I'm going to try not to be too snarky with my response (not > directed > >> > >> at you, but at the "installing gcc is insecure!" mentality). > >> > >> Emphasis on try. ;) > >> > > >> > >> On Tue, Feb 22, 2011 at 1:49 PM, jplee3 <[email protected]> wrote: > >> > >> > Hey all, > >> > > >> > >> > One of the syseng's here was complaining about how having GCC on > a > >> > >> > publicly accessible server is insecure, etc. I partly agree, > except > >> > >> > couldn't we just install GCC, then install OSSEC, then remove > GCC? > >> > > >> > >> Yes. You could install gcc, install OSSEC, and then remove gcc. > >> > >> Just like an attacker can break in, install gcc, do the deed, and > >> > >> uninstall gcc (although if they use packages and don't shut off > OSSEC > >> > >> you'll get an alert ;)). > >> > >> /me rages > >> > > >> > >> > Anyway, that's beside the point... I wanted to ask, if it is > >> > >> > possible, > >> > >> > how one would go about copying an OSSEC installation from one > >> > >> > server > >> > >> > to another (assuming both servers have the same OS installed). > I'd > >> > >> > imagine it would probably not be the most trivial thing to do > >> > >> > (compared to simply having GCC installed and then uninstalling > once > >> > >> > it > >> > >> > is no longer required). I'm guessing the following steps would > need > >> > >> > to > >> > >> > be taken at least: > >> > > >> > >> > 1) Stop OSSEC > >> > >> > 2) Tar.gz the current OSSEC directory (as well as OSSEC init and > >> > >> > startup conf/script) > >> > > >> > >> Remember to use -p (or a GNU equivalent) to preserve permissions. > >> > > >> > >> > 3) Copy to server B > >> > >> > 4) Create the OSSEC username/group on server B > >> > > >> > >> Keeping the uids/guid the same if possible. > >> > > >> > >> > 5) Untar the OSSEC dir and clear the log files > >> > >> > 6) Run manage_agents on server/agent to add and initialize > >> > >> > 7) Start OSSEC > >> > > >> > >> > I'm just afraid that there might be other quirks with trying to > do > >> > >> > it > >> > >> > this way - any thoughts/advice? > >> > > >> > >> > I've already opened a ticket to have another syseng install GCC > in > >> > >> > the > >> > >> > meantime (to avoid the hassle). Of course, if OSSEC had been > >> > >> > installed > >> > >> > on these servers in accordance with our policy, to begin with, I > >> > >> > wouldn't be asking any of these fun questions. :) > >> > > >> > > >> > >> >> > http://www.ossec.net/doc/manual/installation/installation-binary.html... > >> > > >> > >> I haven't tried the binary install methods, but I don't remember > >> > >> seeing many issues with it. > >> > > >> > > > >
