Okay, off line then via email.
Jared
On Friday, September 20, 2013 9:48:10 AM UTC-4, Chris Lauritzen wrote:
>
> Jared,
>
> What I am trying to do it automate the install. We use LANDesk to push out
> apps to over 3500 PC/servers in our company. LANDesk can use batch, msi,
> exe, vbs and Powershell scripts to install. I have the install working, it
> pushes to the PC's and installs the agent. Where it was failing initially
> was importing the Key file. I have resolved that issue and during the
> install the key is being read. What I come to find out is OSSEC requires
> one key file per PC with only one key entry. I under the security reasons
> for this. So what I am looking to do is to find a way to not create 3500
> Client.keys files. I have a script that works but it does not play well
> because we are running DHCP. I am not the admin for the OSSEC server, I am
> the LANDesk admin so I am dealing with the desktop/server level. Looking
> over your powershell script I see where it could work. If you would like
> you can email me directly..
>
> Thanks
>
> Chris
>
> On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote:
>>
>> I am not surer that everyone wants to see the gory details, but with
>> Powershell you can accomplish anythign that you would do normally via the
>> cmd line or interactively, on linux (ssh) and Windows (WMI).
>>
>> Here is an example that will migrate servers from a test OSSEC server to
>> a Productin OSSEC server and then register them with the new server (I have
>> another script that fixes the "any' in the client.keys):
>>
>> # You must download the module and install it per the directions (google)
>> Import-Module SSH-Sessions
>> # Implies that you have a .csv file with all of your servers in it with
>> the following headers (Product,address,Hostname,Key,User)
>> # Implies that you have an account on your linux servers with TTY ability
>> (google sudoers & TTY)
>> # Load data from .csv into a variable called $servers
>> $Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv
>> # loop throuhg each of the lines in the .CSV file and do "Some work"
>> ForEach ($S in $Servers)
>> {
>> # Get IP address from line in file
>> $I = $S.Address; Write-host $I
>> #Get Hostname from line in file
>> $H = $S.Hostname; Write-host $H
>> #Same ...
>> $K = $S.key; Write-host $K
>> #Same ...
>> $U = $S.user; Write-host $U
>>
>> # Connect to each computer and provide username and Private key
>> New-SshSession -ComputerName $I -Username $U -KeyFile $k
>> #Stop the agent
>> Invoke-SshCommand -ComputerName $i -Command "sudo
>> /var/ossec/bin/ossec-control stop" -Verbose
>> # Replace the Test Server IP with with the Production server IP
>> Invoke-SshCommand -ComputerName $i -Command "sudo sed -i 's/
>> 1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf" -Verbose
>> #Register the server with agent with the Production OSSEC manager
>> server with the host name from the .csv file
>> Invoke-SshCommand -ComputerName $i -Command "sudo
>> /var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose
>> # Restart the agent
>> Invoke-SshCommand -ComputerName $i -Command "sudo
>> /var/ossec/bin/ossec-control start" -Verbose
>> # display the status of the agent post restart in the Powershell
>> console.
>> Invoke-SshCommand -ComputerName $i -Command "sudo
>> /var/ossec/bin/ossec-control status" -Verbose
>> # Close and clean up the session
>> Remove-SshSession $I -Verbose
>> # As this is a Foreach Loop, it will parse each line of your .csv
>> file and perform this work on every server until the list is ehausted.
>> }
>>
>>
>> So, we can take this offline or keep it here, but I would need to get the
>> details (requirements) for each process that you are trying to automate. I
>> am not following what you are trying to do with the Client.Keys on the
>> agent, but I believe that there is a programatic solution.
>>
>> Jared
>>
>> On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote:
>>
>>> Jared,
>>>
>>> Thanks for the info. I can get Landesk to run powershell so what
>>> scripting would I need.
>>>
>>> On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote:
>>>>
>>>> Chris,
>>>>
>>>> Agent / Client = 1 client.keys file with a single entry in it.
>>>> C:\Program Files (x86)\ossec-agent\client.keys = 1 entry
>>>>
>>>> Server / Manager = 1 client.keys files with an entry for every agent
>>>> that is registered.
>>>> /var/ossec/etc/client.keys
>>>>
>>>> If you are tying to copy the client.keys file from the server to every
>>>> agent, it will not work (only reads the first line).
>>>>
>>>> If you need some scripting automation for installing/configuring OSSEC
>>>> on Windows and Linux, and can run powershell from your Windows Landesk
>>>> instance, I can help. Just need to come up with what "success" would look
>>>> like from requirements perspective and the scripting part is easy.
>>>>
>>>> Jared
>>>>
>>>>
>>>>
>>>> On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver
>>>> <[email protected]>wrote:
>>>>
>>>>> Yes, each client has a unique client.keys.****
>>>>>
>>>>> ** **
>>>>>
>>>>> --****
>>>>>
>>>>> James Pulver****
>>>>>
>>>>> CLASSE Computer Group****
>>>>>
>>>>> Cornell University****
>>>>>
>>>>> ** **
>>>>>
>>>>> *From:* [email protected] [mailto:[email protected]] *On
>>>>> Behalf Of *Chris Lauritzen
>>>>> *Sent:* Thursday, September 19, 2013 9:46 AM
>>>>>
>>>>> *To:* [email protected]
>>>>> *Subject:* Re: [ossec-list] Client.keys****
>>>>>
>>>>> ** **
>>>>>
>>>>> James let get this straight, if I have 3500 pc's to push this out to I
>>>>> need 3500 client.keys files?
>>>>>
>>>>>
>>>>> On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks
>>>>> wrote:****
>>>>>
>>>>> On 09/18/2013 04:08 PM, Chris Lauritzen wrote:
>>>>> > Yes the Key have been made. There is a new twist to this now. The
>>>>> > install is reading the client.keys but is only reading in the first
>>>>> key
>>>>> > listed. Every install is pulling only the first key. If I manually
>>>>> add
>>>>> > the key it works fine. When creating the key I see that the name is
>>>>> > optional but is it possible that it's looking for the device name
>>>>> and
>>>>> > when not finding it defaulting to the first entry?
>>>>>
>>>>> There should only be one key in the agent's client.keys file--the key
>>>>> for that agent. ****
>>>>>
>>>>> --
>>>>>
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "ossec-list" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> For more options, visit https://groups.google.com/groups/opt_out.****
>>>>>
>>>>> --
>>>>>
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "ossec-list" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>>
>>>> Jared R. Greene
>>>>
>>>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
