Here is a copy of my ossec manifest. I've built a RPM to install OSSEC
through puppet, and I use auto-registration to install agents clients on my
unix hosts:
class node_security::ossec::agent {
# Define variables
$ossec_server = extlookup("ossec_server")
# Install RPM
$wantedpackages = [ "ossec" ]
package { $wantedpackages:
ensure => installed,
require => Yumrepo[internal_repos],
}
# Install ossec configuration file
file {"/apps/ossec/etc/ossec.conf":
owner => root,
# OSSEC gid is 11002
group => 11002,
mode => 0644,
content =>
template("node/ossec/agent/ossec.conf.erb"),
require => Package["ossec"],
}
# With OSSEC 2.6 server, autoregistration is enabled
exec { "AutoRegistration process":
command => "/apps/ossec/bin/agent-auth -m
${ossec_server} || true"
,
creates => "/apps/ossec/etc/client.keys",
require => Package["ossec"],
subscribe => File["/apps/ossec/etc/ossec.conf"],
}
# Start OSSEC service at boot
service { ossec:
name => ossec,
enable => true,
ensure => running,
hasrestart => true,
hasstatus => true,
require => [ Package["ossec"],
Exec["AutoRegistration process"] ],
}
}
On Tue, Nov 27, 2012 at 6:17 AM, dan (ddp) <[email protected]> wrote:
> On Tue, Nov 27, 2012 at 6:57 AM, rezgui mohamed <[email protected]>
> wrote:
> > Dear support,
> > have you please a tutorial to automaticate the install of agent on my all
> > machine trough puppet
> >
> > Best regards
>
> We do not have a tutorial, but I can't imagine it would be too hard.
> Use a binary package. Use ossec-agentd on the server and auth-agent on
> the agent. Have the puppet recipe install OSSEC. Then it should check
> for the existence of client.keys, and if that file does not exist run
> agent-auth to get a key. Finally start/restart OSSEC.
>
> It wouldn't be hard to configure puppet to restart the processes when
> agent.conf changes as well.
>
