On Tue, Jun 26, 2012 at 12:47 PM, Brett Y <[email protected]> wrote: > Zate, > Those RPMs don't work, and cause lots of frustration. >
Zate made his own RPMs, in a different way than most had been made before. Also, I think he and Nate solved the agent auth issues. Newer atomic rpms should work (I haven't tested so YMMV). > > On Wednesday, June 13, 2012 7:17:55 AM UTC-7, Zate wrote: >> >> If you have one OSSEC server, this is actually pretty easy. >> >> Do the Binary Install - this creates all the binaries on one machine, and >> then lets you take that tar.gz to any other machine, run install and it lays >> down the already built binaries. >> >> The second part is use the etc/preloaded-vars.conf that is part of that >> bundle and pre-fill in things like the server, the type of install etc etc. >> You can also select for it to be "silent" and just use the stuff in the >> preloaded-vars.conf to answer all the questions. >> >> We took this a step further and created a RPM that packages the prebuilt >> binaries from a manual install and recreates the install on a new machine >> and connects the agent automatically. >> >> For just a 100 machines, a simple binary install and a quick bash script >> to set it up should work. >> >> Zate >> >> >> On Wed, Jun 13, 2012 at 8:29 AM, dan (ddp) <[email protected]> wrote: >>> >>> The install.sh and InstallAgent.sh script have most of this information. >>> >>> Did you create all of the directories? Did you make sure permissions >>> were correct? Did you create the OSSEC users? Did you make sure >>> ownership/groups were correct? >>> >>> On Wed, Jun 13, 2012 at 9:24 AM, Lucas Kauffman <[email protected]> >>> wrote: >>> > I have about 100 machines running the same OS. >>> > >>> > I want to install ossec agents on all machines but I don't feel like >>> > having >>> > to press enter on every machine to install it. I read in the book that >>> > you >>> > can normally copy the binaries easily, so I compiled ossec on one >>> > machine >>> > and want to copy the binary to all my other machines (pushing the >>> > correct >>> > client.keys file already works). >>> > >>> > At the moment I seem to be at an impasse because the sockets for ossec >>> > are >>> > not being created, I keep getting this error after I copy the binary: >>> > >>> > 2012/06/13 13:21:38 ossec-syscheckd(1210): ERROR: Queue >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >>> > 2012/06/13 13:21:53 ossec-rootcheck(1210): ERROR: Queue >>> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or >>> > directory'. >>> > 2012/06/13 13:22:04 ossec-syscheckd(1210): ERROR: Queue >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >>> > 2012/06/13 13:22:19 ossec-rootcheck(1210): ERROR: Queue >>> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or >>> > directory'. >>> > 2012/06/13 13:22:35 ossec-syscheckd(1210): ERROR: Queue >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. >>> > 2012/06/13 13:22:50 ossec-rootcheck(1211): ERROR: Unable to access >>> > queue: >>> > '/var/ossec/queue/ossec/queue'. Giving up.. >>> > >>> > >>> > So I guess when compiling OSSEC, the compile script creates links to or >>> > from >>> > sockets and when I copy the binary it is not possible to find these. >>> > Does >>> > anyone know how I can manually make these (so I can just add that to my >>> > distribution script)? Are there maybe any OSSEC repositories for ubuntu >>> > I'm >>> > not aware of? >>> > >>> > Cheers, >>> > Lucas Kauffman >>> > >>> > >> >> >
