Hi,
I have made a script to grab the keys from the HIDS server and push it
out to the client to automate the installation process. Here is the
script:
#!/bin/bash
usage(){
echo "Usage: $0 hostname"
exit 1
}
[[ $# -eq 0 ]] && usage
HOST=$1
SSH="ssh admin@${HOST}"
KEY=`ssh admin@ossec-server "sudo grep ${HOST} /var/ossec_server/etc/
client.keys"`
${SSH} "echo ${KEY} > /tmp/client.keys"
${SSH} "sudo cp /tmp/client.keys /var/ossec/etc/client.keys"
${SSH} "sudo chmod 600 /var/ossec/etc/client.keys"
${SSH} "rm /tmp/client.keys"
( ${SSH} "sudo service ossec restart" < /dev/null > /dev/null 2>1 & )
> /dev/null
This script works and generates a client.keys file on the agent
grepping it from the master server. When I look at the logs for the
agent though, the service doesn't start and gives me this error:
2008/04/29 15:40:39 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2008/04/29 15:40:39 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2008/04/29 15:40:45 ossec-logcollector(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2008/04/29 15:40:45 ossec-logcollector(1211): ERROR: Unable to access
queue: '/var/ossec/queue/ossec/queue'. Giving up..
2008/04/29 15:41:00 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2008/04/29 15:41:00 ossec-rootcheck(1211): ERROR: Unable to access
queue: '/var/ossec/queue/ossec/queue'. Giving up..
If I do the installation process manually, go to the agent, run ./
manage_agents, copy and paste the key in, everything works.
Any ideas?
Thanks!
