Sure. Autoit + plink + a script on the linux side. Linux bash script is ossecleppadd.txt, when setting up on Linux remove the .txt or alter autoit script appropriately.
Note, you'll need sudo to allow the user on linux to run the ossecleppadd script as root. It calls the existing /usr/share/doc/ossec-hids-2.5.1/contrib/ossec-batch-manager.pl script, so place it in /usr/share/doc/ossec-hids-2.5.1/contrib/... On windows/autoit you'll need to provide the linux user username and password details. I complile the autoit script before deploying - will stop my users from messing around with it. You also need to have the plink.exe to compile into the working autoit script. Also, I have it using 2.5.1, you can probably just adjust the directories... Anyway I hope the attachments come through. -- James Pulver LEPP Computer Group Cornell University From: [email protected] [mailto:[email protected]] On Behalf Of ninefofo Sent: Wednesday, November 16, 2011 2:31 PM To: [email protected] Subject: Re: [ossec-list] Re: Unattended Agent Install Scripts for AutoIT? If so can you share? On Wed, Nov 16, 2011 at 12:10 PM, James M Pulver <[email protected]<mailto:[email protected]>> wrote: I assume you could modify the scripts I've created for 2.5 ... Maybe not very much if the file formats haven't changed... -- James Pulver LEPP Computer Group Cornell University -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Barnes, Steven Sent: Wednesday, November 16, 2011 1:18 PM To: [email protected]<mailto:[email protected]> Subject: RE: [ossec-list] Re: Unattended Agent Install What about windows 2.6 agent installs for auto generating the keys? "agent-auth" isn't in the windows agent. /opt/ossec/bin/agent-auth -m <ip address of core> -p 1515 Does anyone have a mass deployment solution for installing the ossec 2.6 agent on 5k windows machines? Steven -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Stephane Rossan Sent: Tuesday, November 15, 2011 12:00 PM To: [email protected]<mailto:[email protected]> Subject: Re: [ossec-list] Re: Unattended Agent Install In my environment, I use a combination of OSSEC RPM (I built it) and puppet to download, deploy and auto-register my agents. I obviously use OSSEC 2.6. -Stephane On 11/15/11 10:53 AM, "ninefofo" <[email protected]<mailto:[email protected]>> wrote: > >Hey, its noob again. > >Any direction I can take on unattended/silent installs? > >Thank You > >Brad > > > >On Nov 9, 2:58 pm, ninefofo <[email protected]<mailto:[email protected]>> >wrote: >> Hello, >> >> noob here. >> >> Are there any guidelines on installing the agent unattended, supplying >> the server IP, Key and Starting auto-magically? >> >> Thanks >> >> Brad > ----------------------------------------- The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify First Data immediately by replying to this message and deleting it from your computer.
#!/bin/bash
addr=`host $1 | awk ' /address/ {print $4} '`
search=$addr\$
val=`perl ossec-batch-manager.pl -l | awk -v pat="$search" '$3 ~ pat { print $1
}'`
#addr=`host $1 | awk ' /address/ {print $4} '`
if [ $val -ge 0 ]; then
perl ossec-batch-manager.pl -r $val
perl ossec-batch-manager.pl -a -n $1 -p $addr -i $val
else
perl ossec-batch-manager.pl -a -n $1 -p $addr
val=`perl ossec-batch-manager.pl -l | awk -v pat="$search" '$2 ~ pat { print $1
}'`
fi
#key=`perl ossec-batch-manager.pl -e $val`
#line=`awk -v pat="$search" '$3 ~ pat { print $1,$2,$3 }'
/var/ossec/etc/client.keys`
#echo $line $key
awk -v pat="$search" '$3 ~ pat { print $0 }' /var/ossec/etc/client.keys
ConfigureOSSECpublic.au3
Description: ConfigureOSSECpublic.au3
plink_UDF.au3
Description: plink_UDF.au3
