If it helps anybody: Prior to installing the agent, I did get this script
to work on the server... but it's rather useless for the agent:
#!/bin/sh
## This script finds the IP on one of my three operating systems, and then
looks for the agent ID
## To execute a manual restart of syscheck and rootcheck. I still have to
work AIX 7 into the script, but this seems to do the trick.
# Get OS name first
OS=`uname`
IO="" # store IP
case $OS in
Linux) IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d:
-f2 | awk '{ print $1}'`;;
FreeBSD|OpenBSD) IP=`ifconfig | grep -E 'inet.[0-9]' | grep -v
'127.0.0.1' | awk '{ print $2}'` ;;
SunOS) IP=`ifconfig -a | grep inet | grep -v '127.0.0.1' | awk '{
print $2} '` ;;
*) IP="Unknown";;
esac
echo "$IP"
ID=`/var/ossec/bin/agent_control -l |grep $IP | awk '{ print $2 }'| cut
-d"," -f1` echo "$ID"
/var/ossec/bin/agent_control -r -u "$ID"
# /var/ossec/bin/agent_control -i "$ID"
On Wednesday, February 13, 2013 8:13:25 AM UTC-6, TWAD wrote:
> Hey There,
>
> I find myself in a situation where all hosts in our network must execute
> syscheck and rootcheck through a manual process vs. a scheduled basis. And
> when I say manual process, I mean each administrator must have the
> capability/choice to run it at the least intrusive time of operations. We
> will still execute both on startup, but thereafter, syscheck and rootcheck
> must be executed manually. I understand this can be executed with
> agent_control –r u <id>; however, the administrator does not outright know
> the agent ID. Has anybody written a procedure that would accomplish this
> manual task on *nix and/or Windows?
>
>
>
> If no, do you know of a way I can write this that ensures the task is
> foolproof for the administrator?
>
>
>
> Thank you
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
