Hello Currently, OSSEC is smart enough when using ossec-authd to gen keys that it prevents a duplicate by renaming the host (normally adding a 2 to the end of the host name). But it does not warn you in any way that it detected a duplicate and therefore generated a new key. Maybe a new "feature" would be to change this behavior -- generate an alert saying that it has created a new key for whatever reason, and then invalidating the old key.
An example of this might be if you lost a server hard, and had to rebuild it - you have the option of re-installing the OLD key in a manual process, but if you have automated everything, then this causes a problem. Also, perhaps I am missing something and there is already a way to deal with authd and duplicate hosts/keys? ~J -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
