Hi guys (and girls),
quick story : opensource is here to be shared, and for these of you who are interested I packaged ossec 2.6 for our internal use, you can find them : - lucid debian package: https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu (but works for more recent ubuntu distribution) - puppet module (based on these deb): https://github.com/nzin/puppet-ossec (and http://forge.puppetlabs.com/nzin/ossec) Long story: - my main goal is to be able to deploy ossec on a lot of host (we have several clients with 100+ machine on ubuntu) - we mainly use puppet to admin these park so I need a puppet module for that, with a server and agents. We began to deploy it, it works fine, but it is pretty new (so maybe you will find bugs). and I don't have tested yet fully the "local" version. - when meeting Daniel 2 months ago (at hackfest in Quebec), I talked to other with the same needs, so I was tempted to share my works with you. - about the deb: *if you are only interested in the deb, they do the job but are not perfect, I didn't put dialog box asking for server ip, options... you have to change the ossec.conf file manually (but if someone fluent with debconf want to have a look, it is quite easy :-) ), because i do this extra job with puppet. * if you feel inconfortable with binary version (for puppet or simply the deb), you can download the deb src (from launchpad) and recompile the package yourself. it should be quite straightforward. - about the puppet module * come with its .deb files. I hate to have too much dependancies. * The clients registered themselves automatically on the server. I use "hostid" for identify client, this is not perfect, but for me it was a good tradeoff, if you find better (without relying on external tool/database), please submit. * i developed 3 functions (for email alert, active/response def, and command), they will need to be adapted/reworked to fit your needs. I wrote them quickly - if you want to contribute, you are welcome, but I do it on my free time mostly, so I will answer, but maybe not in the second :-( Hope it can help you (and that it will works fine)... Nicolas Zin
