Zate, Those RPMs don't work, and cause lots of frustration.
On Wednesday, June 13, 2012 7:17:55 AM UTC-7, Zate wrote: > > If you have one OSSEC server, this is actually pretty easy. > > Do the Binary Install - this creates all the binaries on one machine, and > then lets you take that tar.gz to any other machine, run install and it > lays down the already built binaries. > > The second part is use the etc/preloaded-vars.conf that is part of that > bundle and pre-fill in things like the server, the type of install etc etc. > You can also select for it to be "silent" and just use the stuff in the > preloaded-vars.conf to answer all the questions. > > We took this a step further and created a RPM that packages the prebuilt > binaries from a manual install and recreates the install on a new machine > and connects the agent automatically. > > For just a 100 machines, a simple binary install and a quick bash script > to set it up should work. > > Zate > > > On Wed, Jun 13, 2012 at 8:29 AM, dan (ddp) <[email protected]> wrote: > >> The install.sh and InstallAgent.sh script have most of this information. >> >> Did you create all of the directories? Did you make sure permissions >> were correct? Did you create the OSSEC users? Did you make sure >> ownership/groups were correct? >> >> On Wed, Jun 13, 2012 at 9:24 AM, Lucas Kauffman <[email protected]> >> wrote: >> > I have about 100 machines running the same OS. >> > >> > I want to install ossec agents on all machines but I don't feel like >> having >> > to press enter on every machine to install it. I read in the book that >> you >> > can normally copy the binaries easily, so I compiled ossec on one >> machine >> > and want to copy the binary to all my other machines (pushing the >> correct >> > client.keys file already works). >> > >> > At the moment I seem to be at an impasse because the sockets for ossec >> are >> > not being created, I keep getting this error after I copy the binary: >> > >> > 2012/06/13 13:21:38 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >> > 2012/06/13 13:21:53 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or >> directory'. >> > 2012/06/13 13:22:04 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >> > 2012/06/13 13:22:19 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or >> directory'. >> > 2012/06/13 13:22:35 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >> > 2012/06/13 13:22:50 ossec-rootcheck(1211): ERROR: Unable to access >> queue: >> > '/var/ossec/queue/ossec/queue'. Giving up.. >> > >> > >> > So I guess when compiling OSSEC, the compile script creates links to or >> from >> > sockets and when I copy the binary it is not possible to find these. >> Does >> > anyone know how I can manually make these (so I can just add that to my >> > distribution script)? Are there maybe any OSSEC repositories for ubuntu >> I'm >> > not aware of? >> > >> > Cheers, >> > Lucas Kauffman >> > >> > >> > >
