Jared,
What I am trying to do it automate the install. We use LANDesk to push out
apps to over 3500 PC/servers in our company. LANDesk can use batch, msi,
exe, vbs and Powershell scripts to install. I have the install working, it
pushes to the PC's and installs the agent. Where it was failing initially
was importing the Key file. I have resolved that issue and during the
install the key is being read. What I come to find out is OSSEC requires
one key file per PC with only one key entry. I under the security reasons
for this. So what I am looking to do is to find a way to not create 3500
Client.keys files. I have a script that works but it does not play well
because we are running DHCP. I am not the admin for the OSSEC server, I am
the LANDesk admin so I am dealing with the desktop/server level. Looking
over your powershell script I see where it could work. If you would like
you can email me directly..
Thanks
Chris
On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote:
>
> I am not surer that everyone wants to see the gory details, but with
> Powershell you can accomplish anythign that you would do normally via the
> cmd line or interactively, on linux (ssh) and Windows (WMI).
>
> Here is an example that will migrate servers from a test OSSEC server to a
> Productin OSSEC server and then register them with the new server (I have
> another script that fixes the "any' in the client.keys):
>
> # You must download the module and install it per the directions (google)
> Import-Module SSH-Sessions
> # Implies that you have a .csv file with all of your servers in it with
> the following headers (Product,address,Hostname,Key,User)
> # Implies that you have an account on your linux servers with TTY ability
> (google sudoers & TTY)
> # Load data from .csv into a variable called $servers
> $Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv
> # loop throuhg each of the lines in the .CSV file and do "Some work"
> ForEach ($S in $Servers)
> {
> # Get IP address from line in file
> $I = $S.Address; Write-host $I
> #Get Hostname from line in file
> $H = $S.Hostname; Write-host $H
> #Same ...
> $K = $S.key; Write-host $K
> #Same ...
> $U = $S.user; Write-host $U
>
> # Connect to each computer and provide username and Private key
> New-SshSession -ComputerName $I -Username $U -KeyFile $k
> #Stop the agent
> Invoke-SshCommand -ComputerName $i -Command "sudo
> /var/ossec/bin/ossec-control stop" -Verbose
> # Replace the Test Server IP with with the Production server IP
> Invoke-SshCommand -ComputerName $i -Command "sudo sed -i 's/
> 1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf" -Verbose
> #Register the server with agent with the Production OSSEC manager
> server with the host name from the .csv file
> Invoke-SshCommand -ComputerName $i -Command "sudo
> /var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose
> # Restart the agent
> Invoke-SshCommand -ComputerName $i -Command "sudo
> /var/ossec/bin/ossec-control start" -Verbose
> # display the status of the agent post restart in the Powershell
> console.
> Invoke-SshCommand -ComputerName $i -Command "sudo
> /var/ossec/bin/ossec-control status" -Verbose
> # Close and clean up the session
> Remove-SshSession $I -Verbose
> # As this is a Foreach Loop, it will parse each line of your .csv file
> and perform this work on every server until the list is ehausted.
> }
>
>
> So, we can take this offline or keep it here, but I would need to get the
> details (requirements) for each process that you are trying to automate. I
> am not following what you are trying to do with the Client.Keys on the
> agent, but I believe that there is a programatic solution.
>
> Jared
>
> On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote:
>
>> Jared,
>>
>> Thanks for the info. I can get Landesk to run powershell so what
>> scripting would I need.
>>
>> On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote:
>>>
>>> Chris,
>>>
>>> Agent / Client = 1 client.keys file with a single entry in it.
>>> C:\Program Files (x86)\ossec-agent\client.keys = 1 entry
>>>
>>> Server / Manager = 1 client.keys files with an entry for every agent
>>> that is registered.
>>> /var/ossec/etc/client.keys
>>>
>>> If you are tying to copy the client.keys file from the server to every
>>> agent, it will not work (only reads the first line).
>>>
>>> If you need some scripting automation for installing/configuring OSSEC
>>> on Windows and Linux, and can run powershell from your Windows Landesk
>>> instance, I can help. Just need to come up with what "success" would look
>>> like from requirements perspective and the scripting part is easy.
>>>
>>> Jared
>>>
>>>
>>>
>>> On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver <[email protected]>wrote:
>>>
>>>> Yes, each client has a unique client.keys.****
>>>>
>>>> ** **
>>>>
>>>> --****
>>>>
>>>> James Pulver****
>>>>
>>>> CLASSE Computer Group****
>>>>
>>>> Cornell University****
>>>>
>>>> ** **
>>>>
>>>> *From:* [email protected] [mailto:[email protected]] *On
>>>> Behalf Of *Chris Lauritzen
>>>> *Sent:* Thursday, September 19, 2013 9:46 AM
>>>>
>>>> *To:* [email protected]
>>>> *Subject:* Re: [ossec-list] Client.keys****
>>>>
>>>> ** **
>>>>
>>>> James let get this straight, if I have 3500 pc's to push this out to I
>>>> need 3500 client.keys files?
>>>>
>>>>
>>>> On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks wrote:
>>>> ****
>>>>
>>>> On 09/18/2013 04:08 PM, Chris Lauritzen wrote:
>>>> > Yes the Key have been made. There is a new twist to this now. The
>>>> > install is reading the client.keys but is only reading in the first
>>>> key
>>>> > listed. Every install is pulling only the first key. If I manually
>>>> add
>>>> > the key it works fine. When creating the key I see that the name is
>>>> > optional but is it possible that it's looking for the device name and
>>>> > when not finding it defaulting to the first entry?
>>>>
>>>> There should only be one key in the agent's client.keys file--the key
>>>> for that agent. ****
>>>>
>>>> --
>>>>
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "ossec-list" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/groups/opt_out.****
>>>>
>>>> --
>>>>
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "ossec-list" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>
>>>
>>>
>>>
>>> --
>>> Thank you,
>>>
>>> Jared R. Greene
>>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
