Fyi 2011/6/9, Christopher Moraes <[email protected]>: > Hi everyone, > > I have made a small enhancement to OSSEC to support different configuration > profiles for agents. If you are interested in this feature and would like > to help, I would appreciate if you could help me test it out. > > The code is available from my bitbucket repository at > http://bitbucket.org/cmoraes/ossec. > (based off the current 2.6 beta source code) > > Background - > > I needed OSSEC to support different syscheck/rootkit/localfile rules for > different categories of servers. For e.g. I needed one config for our Linux > Oracle servers, another one for our Linux JEE App servers, another for our > Windows Domain controllers, etc. > > From what I found, ossec currently supports agent configurations based on > agent name or OS name. For my use case, creating a config for each agent > name was too granular (I have 25 linux database (oracle) servers and wanted > to create one configuration for all of them) and creating one for each OS > was too coarse grained. > > So I have implemented a feature to support configuration "profiles". > Agents can be assigned a profile name (which can be any string) and that > profile name is matched with the config profile in the shared agent.conf. > > A new "profile" attribute is now supported in the agent.conf file. > > <agent_config *profile*="LinuxOracleDBServer"> > ..... > </agent_config> > > And in the agent's etc/ossec.conf file, a new config element > "config-profile" is added > > <ossec_config> > <client> > <server-ip>10.200.36.157</server-ip> > *<config-profile>LinuxOracleDBServer</config-profile>* > </client> > </ossec_config> > > This should make the enhancement backward compatible, so you don't have to > change already deployed agents if you don't want to assign them a profile. > > The code is in an alpha state. I have tested it for a few use cases. If you > can try it out, I'd love to hear your feedback. > > Regards, > Chris >
-- Enviado desde mi dispositivo móvil
