On Tue, Oct 4, 2011 at 3:17 PM, Joe S <[email protected]> wrote: > > > >> IP of ANY is still not working of me on the following setup: >> >> * Clients (multiple RHEL 6.1 AMD64) using Atomic ossec-hids-client >> * Server (RHEL 5.7 AMD64) using OSSEC tar.gz with patches from >> mercurial. >> >> I know this is an open source project and I intend to make no demands >> of anyone's time. I don't know if this is a bug or an undocumented >> feature. It seems like a bug, but the last email thread I had with >> Daniel indicated that this couldn't be a bug and that significant code >> would have had to have been changed for this to be true. >> >> So I don't know what to do. > > Here's what works. > > Manually edit the client.keys file. Replace "ANY" with the IP Address > of the host. Save file. Extract key and restart server. > Import key on client, restart client. > It works. > > What is the string after the IP/any field in client.keys? What is it > used for? Is it some kind of hash used for authentication?
Yes, that is the key. I just setup to CentOS 6.0 x86_64 systems. I installed OSSEC on each (post 2.6 source, but I don't think anything has really changed in the auth stuff). One system became an OSSEC server. The other an agent. I setup ossec-authd, and then ran agent-auth (copy & pasted most of it from dcid's blog post). No errors so far. So the problem seems to either be your systems, or the atomic RPMs.
