If you have one OSSEC server, this is actually pretty easy. Do the Binary Install - this creates all the binaries on one machine, and then lets you take that tar.gz to any other machine, run install and it lays down the already built binaries.
The second part is use the etc/preloaded-vars.conf that is part of that bundle and pre-fill in things like the server, the type of install etc etc. You can also select for it to be "silent" and just use the stuff in the preloaded-vars.conf to answer all the questions. We took this a step further and created a RPM that packages the prebuilt binaries from a manual install and recreates the install on a new machine and connects the agent automatically. For just a 100 machines, a simple binary install and a quick bash script to set it up should work. Zate On Wed, Jun 13, 2012 at 8:29 AM, dan (ddp) <[email protected]> wrote: > The install.sh and InstallAgent.sh script have most of this information. > > Did you create all of the directories? Did you make sure permissions > were correct? Did you create the OSSEC users? Did you make sure > ownership/groups were correct? > > On Wed, Jun 13, 2012 at 9:24 AM, Lucas Kauffman <[email protected]> > wrote: > > I have about 100 machines running the same OS. > > > > I want to install ossec agents on all machines but I don't feel like > having > > to press enter on every machine to install it. I read in the book that > you > > can normally copy the binaries easily, so I compiled ossec on one machine > > and want to copy the binary to all my other machines (pushing the correct > > client.keys file already works). > > > > At the moment I seem to be at an impasse because the sockets for ossec > are > > not being created, I keep getting this error after I copy the binary: > > > > 2012/06/13 13:21:38 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > > 2012/06/13 13:21:53 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or > directory'. > > 2012/06/13 13:22:04 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > > 2012/06/13 13:22:19 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or > directory'. > > 2012/06/13 13:22:35 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > > 2012/06/13 13:22:50 ossec-rootcheck(1211): ERROR: Unable to access queue: > > '/var/ossec/queue/ossec/queue'. Giving up.. > > > > > > So I guess when compiling OSSEC, the compile script creates links to or > from > > sockets and when I copy the binary it is not possible to find these. Does > > anyone know how I can manually make these (so I can just add that to my > > distribution script)? Are there maybe any OSSEC repositories for ubuntu > I'm > > not aware of? > > > > Cheers, > > Lucas Kauffman > > > > >
