I'm working on the same thing. AutoIT is just your installation wrapper for OSSEC. Its pretty easy to assemble a installation routine with AutoIT.
No, AutoIT is only necessary to create the single exe wrapper that calls the OSSEC installer. On Wed, Nov 16, 2011 at 3:50 PM, Barnes, Steven < [email protected]> wrote: > So autoit needs to be installed on the windows server? If so then I would > need to install autoit on the 5k windows servers before installing the > ossec package. That’s not a viable option.**** > > ** ** > > Steven**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *James M Pulver > *Sent:* Wednesday, November 16, 2011 2:36 PM > > *To:* [email protected] > *Subject:* RE: [ossec-list] Re: Unattended Agent Install**** > > ** ** > > Sure. Autoit + plink + a script on the linux side. **** > > Linux bash script is ossecleppadd.txt, when setting up on Linux remove the > .txt or alter autoit script appropriately. **** > > ** ** > > Note, you’ll need sudo to allow the user on linux to run the ossecleppadd > script as root. It calls the existing > /usr/share/doc/ossec-hids-2.5.1/contrib/ossec-batch-manager.pl script, so > place it in /usr/share/doc/ossec-hids-2.5.1/contrib/…**** > > ** ** > > On windows/autoit you’ll need to provide the linux user username and > password details. I complile the autoit script before deploying – will stop > my users from messing around with it. You also need to have the plink.exe > to compile into the working autoit script. Also, I have it using 2.5.1, you > can probably just adjust the directories…**** > > ** ** > > Anyway I hope the attachments come through.**** > > --**** > > James Pulver**** > > LEPP Computer Group**** > > Cornell University**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *ninefofo > *Sent:* Wednesday, November 16, 2011 2:31 PM > *To:* [email protected] > *Subject:* Re: [ossec-list] Re: Unattended Agent Install**** > > ** ** > > **** > > Scripts for AutoIT? If so can you share?**** > > On Wed, Nov 16, 2011 at 12:10 PM, James M Pulver <[email protected]> > wrote:**** > > I assume you could modify the scripts I've created for 2.5 ... Maybe not > very much if the file formats haven't changed...**** > > > -- > James Pulver > LEPP Computer Group > Cornell University**** > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Barnes, Steven > Sent: Wednesday, November 16, 2011 1:18 PM > To: [email protected] > Subject: RE: [ossec-list] Re: Unattended Agent Install > > > What about windows 2.6 agent installs for auto generating the keys? > "agent-auth" isn't in the windows agent. > /opt/ossec/bin/agent-auth -m <ip address of core> -p 1515 > > Does anyone have a mass deployment solution for installing the ossec 2.6 > agent on 5k windows machines? > > Steven > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Stephane Rossan > Sent: Tuesday, November 15, 2011 12:00 PM > To: [email protected] > Subject: Re: [ossec-list] Re: Unattended Agent Install > > In my environment, I use a combination of OSSEC RPM (I built it) and > puppet to download, deploy and auto-register my agents. > I obviously use OSSEC 2.6. > -Stephane > > On 11/15/11 10:53 AM, "ninefofo" <[email protected]> wrote: > > > > >Hey, its noob again. > > > >Any direction I can take on unattended/silent installs? > > > >Thank You > > > >Brad > > > > > > > >On Nov 9, 2:58 pm, ninefofo <[email protected]> wrote: > >> Hello, > >> > >> noob here. > >> > >> Are there any guidelines on installing the agent unattended, > supplying > >> the server IP, Key and Starting auto-magically? > >> > >> Thanks > >> > >> Brad > >**** > > ** ** > > ------------------------------ > > * The information in this message may be proprietary and/or confidential, > and protected from disclosure. If the reader of this message is not the > intended recipient, or an employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > First Data immediately by replying to this message and deleting it from > your computer. * >
