On Wednesday, March 13, 2013 10:34:05 AM UTC-4, Nathaniel Bentzinger wrote: > > Have you considered building an MSI to expedite this? I built an MSI > that allows me to make transformation file that contains: > > SSH keys, SSH host name, user and even the OSSEC shared key to customize > the installation via properties. > > > > So on local systems they ssh into our OSSEC via plink.exe run > manage_agents add themselves and pull the key. Remote systems that I only > allow to talk to OSSEC I manually generate them via a script and a csv > (hostname, public IP) and it dumps the shared keys to a file which I then > generate the MST file and publish them via their WSUS server through Local > Update Publisher. > > > I haven't but am very interesting in this. Could you share some more details on how you set this up? Maybe if someone has a website or previous post that details it I would definately look at it. Brett
> > > > > > > *From:* [email protected] <javascript:> [mailto: > [email protected] <javascript:>] *On Behalf Of *simpsonlang > *Sent:* Wednesday, March 13, 2013 10:23 AM > *To:* [email protected] <javascript:> > *Subject:* [ossec-list] Using shared keys > > > > Is it possible to setup shared keys in OSSEC so that if I > have multiple systems I can use the same key on all of them? I'm aware of > the security issues but have some severe deadlines and doing one key per > system is causing delays since we having to add hundreds of keys per month. > If their is an alternative that can streamline it, i.e. a web interface to > help selfserve the creation of the keys, then I would be open to that since > I do limit access to the ossec system via the specific users. > > If it is possible to do a shared key it will obviously improve the ability > for me to deploy the agent via a GPO silently rather than rely on people to > request to keys and then forgetting to install it. > > > > Brett > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
