I'm trying to verify that my updated agents are working properly
Is there a way to actively query them?
Not sure what ./agent_control actually does but it seems to come back too
quickly to have actually checked all the agents in real time
[root@newman bin]# ./agent_control
OSSEC HIDS agent_control: Control remote agents.
Available options:
-h This help message.
-l List available (active or not) agents.
-lc List active agents.
-i <id> Extracts information from an agent.
-R <id> Restarts agent.
-r -a Runs the integrity/rootkit checking on all agents now.
-r -u <id> Runs the integrity/rootkit checking on one agent now.
-b <ip> Blocks the specified ip address.
-f <ar> Used with -b, specifies which response to run.
-L List available active responses.
-s Changes the output to CSV (comma delimited).
[root@newman bin]#./agent_control -lc
ID: 812, Name: vw8webtest, IP: 172.24.192.27, Active
ID: 813, Name: vw8sql2k8test, IP: 172.24.192.13, Active
ID: 814, Name: vw8defsqlqa, IP: 172.24.193.57, Active
ID: 815, Name: cvw8captest, IP: 172.24.192.10, Active
ID: 819, Name: w3vmon, IP: 144.122.218.24, Active
ID: 820, Name: cvw3essbaset, IP: 172.24.192.39, Active
ID: 821, Name: w8vrectst, IP: 172.22.200.1, Active
ID: 823, Name: w3vrecqa, IP: 144.122.219.61, Active
____________________________________________
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
1.888.601.4440 | * [email protected]
This message is intended for use only by the person(s) addressed above and
may contain privileged and confidential information. Disclosure or use of
this message by any other person is strictly prohibited. If this message
is received in error, please notify the sender immediately and delete this
message.
