Thanks Joe. It is nice to know that other people like this feature.
On Fri, Jun 10, 2011 at 11:38 PM, Joe Gedeon <[email protected]> wrote: > IMO this would be an excellent feature to be added to OSSEC! > > +2 > > /me have to try to vote twice for this. > > On Fri, Jun 10, 2011 at 17:58, Francisco Jelves > <[email protected]> wrote: > > Fyi > > > > 2011/6/9, Christopher Moraes <[email protected]>: > >> Hi everyone, > >> > >> I have made a small enhancement to OSSEC to support different > configuration > >> profiles for agents. If you are interested in this feature and would > like > >> to help, I would appreciate if you could help me test it out. > >> > >> The code is available from my bitbucket repository at > >> http://bitbucket.org/cmoraes/ossec. > >> (based off the current 2.6 beta source code) > >> > >> Background - > >> > >> I needed OSSEC to support different syscheck/rootkit/localfile rules for > >> different categories of servers. For e.g. I needed one config for our > Linux > >> Oracle servers, another one for our Linux JEE App servers, another for > our > >> Windows Domain controllers, etc. > >> > >> From what I found, ossec currently supports agent configurations based > on > >> agent name or OS name. For my use case, creating a config for each > agent > >> name was too granular (I have 25 linux database (oracle) servers and > wanted > >> to create one configuration for all of them) and creating one for each > OS > >> was too coarse grained. > >> > >> So I have implemented a feature to support configuration "profiles". > >> Agents can be assigned a profile name (which can be any string) and that > >> profile name is matched with the config profile in the shared > agent.conf. > >> > >> A new "profile" attribute is now supported in the agent.conf file. > >> > >> <agent_config *profile*="LinuxOracleDBServer"> > >> ..... > >> </agent_config> > >> > >> And in the agent's etc/ossec.conf file, a new config element > >> "config-profile" is added > >> > >> <ossec_config> > >> <client> > >> <server-ip>10.200.36.157</server-ip> > >> *<config-profile>LinuxOracleDBServer</config-profile>* > >> </client> > >> </ossec_config> > >> > >> This should make the enhancement backward compatible, so you don't have > to > >> change already deployed agents if you don't want to assign them a > profile. > >> > >> The code is in an alpha state. I have tested it for a few use cases. If > you > >> can try it out, I'd love to hear your feedback. > >> > >> Regards, > >> Chris > >> > > > > -- > > Enviado desde mi dispositivo móvil > > > > > > -- > Registered Linux User # 379282 >
