Oh, and that's what I do, is just grab the line from client.keys and send it over to the agent install script. I tried using the batch manager output, but it doesn't work... Another reason sudo is needed on the Linux side (or changed permissions).
-- James Pulver LEPP Computer Group Cornell University -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Scott Mace Sent: Friday, November 18, 2011 12:13 PM To: [email protected] Subject: Re: [ossec-list] Re: Unattended Agent Install Thanks for the scripts, they look awesome, but as someone pointed out in another thread, the ossec-batch-manager.pl script will not work with dhcp scopes, and errors out with duplicate IP msg. So I started looking at the client.keys file on the server, and it looks like you can just extract the line for a particular client, dump that into a client.keys file and place that in C:\Program Files\ossec-agent and start the agent. Testing confirmed this. Which begs the question: Why the base64 conversion when you extract the key using manage-agents? What is being used to generate the key in client.keys? It seems if that mechanism could be used, a simple bash script could generate the server side client.keys file, and all the client side single entry files. Scott On Wed, Nov 16, 2011 at 3:36 PM, James M Pulver <[email protected]> wrote: > > Sure. Autoit + plink + a script on the linux side. > > Linux bash script is ossecleppadd.txt, when setting up on Linux remove the > .txt or alter autoit script appropriately. > > > > Note, you'll need sudo to allow the user on linux to run the ossecleppadd > script as root. It calls the existing > /usr/share/doc/ossec-hids-2.5.1/contrib/ossec-batch-manager.pl script, so > place it in /usr/share/doc/ossec-hids-2.5.1/contrib/. > > > > On windows/autoit you'll need to provide the linux user username and password > details. I complile the autoit script before deploying - will stop my users > from messing around with it. You also need to have the plink.exe to compile > into the working autoit script. Also, I have it using 2.5.1, you can probably > just adjust the directories. > > > > Anyway I hope the attachments come through. > > -- > > James Pulver > > LEPP Computer Group > > Cornell University > > > > From: [email protected] [mailto:[email protected]] On > Behalf Of ninefofo > Sent: Wednesday, November 16, 2011 2:31 PM > > To: [email protected] > Subject: Re: [ossec-list] Re: Unattended Agent Install > > > > > > Scripts for AutoIT? If so can you share? > > On Wed, Nov 16, 2011 at 12:10 PM, James M Pulver <[email protected]> wrote: > > I assume you could modify the scripts I've created for 2.5 ... Maybe not very > much if the file formats haven't changed... > > -- > James Pulver > LEPP Computer Group > Cornell University > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Barnes, Steven > Sent: Wednesday, November 16, 2011 1:18 PM > To: [email protected] > Subject: RE: [ossec-list] Re: Unattended Agent Install > > > What about windows 2.6 agent installs for auto generating the keys? > "agent-auth" isn't in the windows agent. > /opt/ossec/bin/agent-auth -m <ip address of core> -p 1515 > > Does anyone have a mass deployment solution for installing the ossec 2.6 > agent on 5k windows machines? > > Steven > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Stephane Rossan > Sent: Tuesday, November 15, 2011 12:00 PM > To: [email protected] > Subject: Re: [ossec-list] Re: Unattended Agent Install > > In my environment, I use a combination of OSSEC RPM (I built it) and > puppet to download, deploy and auto-register my agents. > I obviously use OSSEC 2.6. > -Stephane > > On 11/15/11 10:53 AM, "ninefofo" <[email protected]> wrote: > > > > >Hey, its noob again. > > > >Any direction I can take on unattended/silent installs? > > > >Thank You > > > >Brad > > > > > > > >On Nov 9, 2:58 pm, ninefofo <[email protected]> wrote: > >> Hello, > >> > >> noob here. > >> > >> Are there any guidelines on installing the agent unattended, > supplying > >> the server IP, Key and Starting auto-magically? > >> > >> Thanks > >> > >> Brad > > > > > ----------------------------------------- > The information in this message may be proprietary and/or > confidential, and protected from disclosure. If the reader of this > message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have > received this communication in error, please notify First Data > immediately by replying to this message and deleting it from your > computer. > >
