Hi guys, depending on your needs, I: - created deb package (for ossec 2.6) : https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu - grab rpm package (for ossec 2.6) - create a puppet repo to install everything: https://github.com/nzin/puppet-ossec (with automatic registration via exported ressources)
I guess it is a good start :-) On Tue, Nov 27, 2012 at 10:19 AM, Stephane Rossan <[email protected]>wrote: > Here is a copy of my ossec manifest. I've built a RPM to install OSSEC > through puppet, and I use auto-registration to install agents clients on my > unix hosts: > class node_security::ossec::agent { > # Define variables > $ossec_server = extlookup("ossec_server") > > # Install RPM > $wantedpackages = [ "ossec" ] > package { $wantedpackages: > ensure => installed, > require => Yumrepo[internal_repos], > } > > # Install ossec configuration file > file {"/apps/ossec/etc/ossec.conf": > owner => root, > # OSSEC gid is 11002 > group => 11002, > mode => 0644, > content => > template("node/ossec/agent/ossec.conf.erb"), > require => Package["ossec"], > } > > # With OSSEC 2.6 server, autoregistration is enabled > exec { "AutoRegistration process": > command => "/apps/ossec/bin/agent-auth -m > ${ossec_server} || true" > , > creates => "/apps/ossec/etc/client.keys", > require => Package["ossec"], > subscribe => File["/apps/ossec/etc/ossec.conf"], > } > > # Start OSSEC service at boot > service { ossec: > name => ossec, > enable => true, > ensure => running, > hasrestart => true, > hasstatus => true, > require => [ Package["ossec"], > Exec["AutoRegistration process"] ], > } > > } > > > On Tue, Nov 27, 2012 at 6:17 AM, dan (ddp) <[email protected]> wrote: > >> On Tue, Nov 27, 2012 at 6:57 AM, rezgui mohamed <[email protected]> >> wrote: >> > Dear support, >> > have you please a tutorial to automaticate the install of agent on my >> all >> > machine trough puppet >> > >> > Best regards >> >> We do not have a tutorial, but I can't imagine it would be too hard. >> Use a binary package. Use ossec-agentd on the server and auth-agent on >> the agent. Have the puppet recipe install OSSEC. Then it should check >> for the existence of client.keys, and if that file does not exist run >> agent-auth to get a key. Finally start/restart OSSEC. >> >> It wouldn't be hard to configure puppet to restart the processes when >> agent.conf changes as well. >> > >
