Ah, gotcha. Still, with that being said, anyone know how the key is actually generated in the first place? I could use that to bulk generate my server side client.keys, and replicate that to my DC, which I can then source for my log in script.
My issue is twofold: Many boxes to manage, and they can be re-imaged on a random basis. (hostnames are constant, IP addresses are not) And why then do we have manage-agents bas64 encode it upon extraction, only to decode it upon insertion into the client gui? On Fri, Nov 18, 2011 at 1:33 PM, James M Pulver <[email protected]> wrote: > Oh, and that's what I do, is just grab the line from client.keys and send it > over to the agent install script. I tried using the batch manager output, but > it doesn't work... Another reason sudo is needed on the Linux side (or > changed permissions). > > -- > James Pulver > LEPP Computer Group > Cornell University > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Scott Mace > Sent: Friday, November 18, 2011 12:13 PM > To: [email protected] > Subject: Re: [ossec-list] Re: Unattended Agent Install > > Thanks for the scripts, they look awesome, but as someone pointed out > in another thread, the ossec-batch-manager.pl script will not work > with dhcp scopes, and errors out with duplicate IP msg. > So I started looking at the client.keys file on the server, and it > looks like you can just extract the line for a particular client, dump > that into a client.keys file and place that in C:\Program > Files\ossec-agent and start the agent. Testing confirmed this. Which > begs the question: Why the base64 conversion when you extract the key > using manage-agents? What is being used to generate the key in > client.keys? It seems if that mechanism could be used, a simple bash > script could generate the server side client.keys file, and all the > client side single entry files. > > Scott > > On Wed, Nov 16, 2011 at 3:36 PM, James M Pulver <[email protected]> wrote: >> >> Sure. Autoit + plink + a script on the linux side. >> >> Linux bash script is ossecleppadd.txt, when setting up on Linux remove the >> .txt or alter autoit script appropriately. >> >> >> >> Note, you'll need sudo to allow the user on linux to run the ossecleppadd >> script as root. It calls the existing >> /usr/share/doc/ossec-hids-2.5.1/contrib/ossec-batch-manager.pl script, so >> place it in /usr/share/doc/ossec-hids-2.5.1/contrib/. >> >> >> >> On windows/autoit you'll need to provide the linux user username and >> password details. I complile the autoit script before deploying - will stop >> my users from messing around with it. You also need to have the plink.exe >> to compile into the working autoit script. Also, I have it using 2.5.1, you >> can probably just adjust the directories. >> >> >> >> Anyway I hope the attachments come through. >> >> -- >> >> James Pulver >> >> LEPP Computer Group >> >> Cornell University >> >> >> >> From: [email protected] [mailto:[email protected]] On >> Behalf Of ninefofo >> Sent: Wednesday, November 16, 2011 2:31 PM >> >> To: [email protected] >> Subject: Re: [ossec-list] Re: Unattended Agent Install >> >> >> >> >> >> Scripts for AutoIT? If so can you share? >> >> On Wed, Nov 16, 2011 at 12:10 PM, James M Pulver <[email protected]> wrote: >> >> I assume you could modify the scripts I've created for 2.5 ... Maybe not >> very much if the file formats haven't changed... >> >> -- >> James Pulver >> LEPP Computer Group >> Cornell University >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Barnes, Steven >> Sent: Wednesday, November 16, 2011 1:18 PM >> To: [email protected] >> Subject: RE: [ossec-list] Re: Unattended Agent Install >> >> >> What about windows 2.6 agent installs for auto generating the keys? >> "agent-auth" isn't in the windows agent. >> /opt/ossec/bin/agent-auth -m <ip address of core> -p 1515 >> >> Does anyone have a mass deployment solution for installing the ossec 2.6 >> agent on 5k windows machines? >> >> Steven >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Stephane Rossan >> Sent: Tuesday, November 15, 2011 12:00 PM >> To: [email protected] >> Subject: Re: [ossec-list] Re: Unattended Agent Install >> >> In my environment, I use a combination of OSSEC RPM (I built it) and >> puppet to download, deploy and auto-register my agents. >> I obviously use OSSEC 2.6. >> -Stephane >> >> On 11/15/11 10:53 AM, "ninefofo" <[email protected]> wrote: >> >> > >> >Hey, its noob again. >> > >> >Any direction I can take on unattended/silent installs? >> > >> >Thank You >> > >> >Brad >> > >> > >> > >> >On Nov 9, 2:58 pm, ninefofo <[email protected]> wrote: >> >> Hello, >> >> >> >> noob here. >> >> >> >> Are there any guidelines on installing the agent unattended, >> supplying >> >> the server IP, Key and Starting auto-magically? >> >> >> >> Thanks >> >> >> >> Brad >> > >> >> >> ----------------------------------------- >> The information in this message may be proprietary and/or >> confidential, and protected from disclosure. If the reader of this >> message is not the intended recipient, or an employee or agent >> responsible for delivering this message to the intended recipient, >> you are hereby notified that any dissemination, distribution or >> copying of this communication is strictly prohibited. If you have >> received this communication in error, please notify First Data >> immediately by replying to this message and deleting it from your >> computer. >> >> >
