On Tue, Oct 4, 2011 at 3:42 PM, dan (ddp) <[email protected]> wrote: > On Tue, Oct 4, 2011 at 3:17 PM, Joe S <[email protected]> wrote: >> >> >> >>> IP of ANY is still not working of me on the following setup: >>> >>> * Clients (multiple RHEL 6.1 AMD64) using Atomic ossec-hids-client >>> * Server (RHEL 5.7 AMD64) using OSSEC tar.gz with patches from >>> mercurial. >>> >>> I know this is an open source project and I intend to make no demands >>> of anyone's time. I don't know if this is a bug or an undocumented >>> feature. It seems like a bug, but the last email thread I had with >>> Daniel indicated that this couldn't be a bug and that significant code >>> would have had to have been changed for this to be true. >>> >>> So I don't know what to do. >> >> Here's what works. >> >> Manually edit the client.keys file. Replace "ANY" with the IP Address >> of the host. Save file. Extract key and restart server. >> Import key on client, restart client. >> It works. >> >> What is the string after the IP/any field in client.keys? What is it >> used for? Is it some kind of hash used for authentication? > > Yes, that is the key. > > I just setup to CentOS 6.0 x86_64 systems. > I installed OSSEC on each (post 2.6 source, but I don't think anything > has really changed in the auth stuff). > One system became an OSSEC server. > The other an agent. > I setup ossec-authd, and then ran agent-auth (copy & pasted most of it > from dcid's blog post). > No errors so far. > > So the problem seems to either be your systems, or the atomic RPMs. >
It doesn't seem to work for me with atomic RPMs either, but I don't get any errors. Just no connection.
