On Thu, Feb 16, 2012 at 1:51 PM, AlexD <[email protected]> wrote: > Hi, > > I have made a script to grab the keys from the HIDS server and push it > out to the client to automate the installation process. Here is the > script: > > #!/bin/bash > usage(){ > echo "Usage: $0 hostname" > exit 1 > } > [[ $# -eq 0 ]] && usage > > HOST=$1 > SSH="ssh admin@${HOST}" > KEY=`ssh admin@ossec-server "sudo grep ${HOST} /var/ossec_server/etc/ > client.keys"` > ${SSH} "echo ${KEY} > /tmp/client.keys" > ${SSH} "sudo cp /tmp/client.keys /var/ossec/etc/client.keys" > ${SSH} "sudo chmod 600 /var/ossec/etc/client.keys" > ${SSH} "rm /tmp/client.keys" > ( ${SSH} "sudo service ossec restart" < /dev/null > /dev/null 2>1 & ) >> /dev/null > > This script works and generates a client.keys file on the agent > grepping it from the master server. When I look at the logs for the > agent though, the service doesn't start and gives me this error: > > 2008/04/29 15:40:39 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2008/04/29 15:40:39 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2008/04/29 15:40:45 ossec-logcollector(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2008/04/29 15:40:45 ossec-logcollector(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. > 2008/04/29 15:41:00 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2008/04/29 15:41:00 ossec-rootcheck(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. >
Anything in the ossec.log? Are the permissions/ownership of your client.keys on the agent correct? > If I do the installation process manually, go to the agent, run ./ > manage_agents, copy and paste the key in, everything works. > Any ideas? > > Thanks!
