James, Any thoughts, my Plink log is:
**********************NEW SECTION************************ login as:**********************END SECTION************************ **********************NEW SECTION************************ login as:**********************END SECTION************************ **********************NEW SECTION************************ login as:**********************END SECTION************************ **********************NEW SECTION************************ password:**********************END SECTION************************ **********************NEW SECTION************************ password:**********************END SECTION************************ **********************NEW SECTION************************ password:**********************END SECTION************************ Thanks Brad On 11/16/11, James M Pulver <[email protected]> wrote: > Sure. Autoit + plink + a script on the linux side. > Linux bash script is ossecleppadd.txt, when setting up on Linux remove the > .txt or alter autoit script appropriately. > > Note, you'll need sudo to allow the user on linux to run the ossecleppadd > script as root. It calls the existing > /usr/share/doc/ossec-hids-2.5.1/contrib/ossec-batch-manager.pl script, so > place it in /usr/share/doc/ossec-hids-2.5.1/contrib/... > > On windows/autoit you'll need to provide the linux user username and > password details. I complile the autoit script before deploying - will stop > my users from messing around with it. You also need to have the plink.exe > to compile into the working autoit script. Also, I have it using 2.5.1, you > can probably just adjust the directories... > > Anyway I hope the attachments come through. > -- > James Pulver > LEPP Computer Group > Cornell University > > From: [email protected] [mailto:[email protected]] On > Behalf Of ninefofo > Sent: Wednesday, November 16, 2011 2:31 PM > To: [email protected] > Subject: Re: [ossec-list] Re: Unattended Agent Install > > > Scripts for AutoIT? If so can you share? > On Wed, Nov 16, 2011 at 12:10 PM, James M Pulver > <[email protected]<mailto:[email protected]>> wrote: > I assume you could modify the scripts I've created for 2.5 ... Maybe not > very much if the file formats haven't changed... > > -- > James Pulver > LEPP Computer Group > Cornell University > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] On > Behalf Of Barnes, Steven > Sent: Wednesday, November 16, 2011 1:18 PM > To: [email protected]<mailto:[email protected]> > Subject: RE: [ossec-list] Re: Unattended Agent Install > > > What about windows 2.6 agent installs for auto generating the keys? > "agent-auth" isn't in the windows agent. > /opt/ossec/bin/agent-auth -m <ip address of core> -p 1515 > > Does anyone have a mass deployment solution for installing the ossec 2.6 > agent on 5k windows machines? > > Steven > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] > On Behalf Of Stephane Rossan > Sent: Tuesday, November 15, 2011 12:00 PM > To: [email protected]<mailto:[email protected]> > Subject: Re: [ossec-list] Re: Unattended Agent Install > > In my environment, I use a combination of OSSEC RPM (I built it) and > puppet to download, deploy and auto-register my agents. > I obviously use OSSEC 2.6. > -Stephane > > On 11/15/11 10:53 AM, "ninefofo" > <[email protected]<mailto:[email protected]>> wrote: > >> >>Hey, its noob again. >> >>Any direction I can take on unattended/silent installs? >> >>Thank You >> >>Brad >> >> >> >>On Nov 9, 2:58 pm, ninefofo <[email protected]<mailto:[email protected]>> >> wrote: >>> Hello, >>> >>> noob here. >>> >>> Are there any guidelines on installing the agent unattended, > supplying >>> the server IP, Key and Starting auto-magically? >>> >>> Thanks >>> >>> Brad >> > > > ----------------------------------------- > The information in this message may be proprietary and/or > confidential, and protected from disclosure. If the reader of this > message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have > received this communication in error, please notify First Data > immediately by replying to this message and deleting it from your > computer. > >
