On Tue, Sep 24, 2013 at 11:10 AM, James M. Pulver <[email protected]> wrote: > Yes, I have no Windows build environment. Maybe it can cross compile from > Linux? >
Based on the current source I'm guessing it's not actually work-able. wait.h isn't a thing on windows? > -- > James Pulver > CLASSE Computer Group > Cornell University > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Tuesday, September 24, 2013 10:58 AM > To: [email protected] > Subject: Re: [ossec-list] Client.keys > > On Tue, Sep 24, 2013 at 10:54 AM, James M. Pulver <[email protected]> wrote: >> The problem is there is (as far as I can tell in 2.7.1 install) no >> agent-auth.exe ... so how do we test it? >> > > Build it. > >> -- >> James Pulver >> CLASSE Computer Group >> Cornell University >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of dan (ddp) >> Sent: Tuesday, September 24, 2013 10:47 AM >> To: [email protected] >> Subject: Re: [ossec-list] Client.keys >> >> On Tue, Sep 24, 2013 at 7:57 AM, <[email protected]> wrote: >>> Hello, >>> >>> >>> >>> sorry, when I disturbing the discussion. We have the same problem with >>> windows agents. >>> >>> Under *NIX os we could register the agent automaticly during installation >>> using: /var/ossec/bin/agent-auth -m $ossecserver -A $::fqdn -D /var/ossec/ >>> and on the server site the ossec-authd. >>> >>> >>> >>> Is there still no command for windows os? Is this in planning? >>> >> >> I believe it was mentioned in this thread that the command might be >> ready, but no one will test it. >> >>> >>> >>> Thanks Jared for the howto, it's should be better as our situation under >>> windows now J >>> >>> >>> >>> Mit freundlichen Grüßen / Best regards >>> Björn >>> >>> >>> >>> Von: [email protected] [mailto:[email protected]] Im >>> Auftrag von Jared >>> Gesendet: Montag, 23. September 2013 21:42 >>> An: [email protected] >>> Betreff: Re: [ossec-list] Client.keys >>> >>> >>> >>> Okay, off line then via email. >>> >>> Jared >>> >>> On Friday, September 20, 2013 9:48:10 AM UTC-4, Chris Lauritzen wrote: >>> >>> Jared, >>> >>> What I am trying to do it automate the install. We use LANDesk to push out >>> apps to over 3500 PC/servers in our company. LANDesk can use batch, msi, >>> exe, vbs and Powershell scripts to install. I have the install working, it >>> pushes to the PC's and installs the agent. Where it was failing initially >>> was importing the Key file. I have resolved that issue and during the >>> install the key is being read. What I come to find out is OSSEC requires one >>> key file per PC with only one key entry. I under the security reasons for >>> this. So what I am looking to do is to find a way to not create 3500 >>> Client.keys files. I have a script that works but it does not play well >>> because we are running DHCP. I am not the admin for the OSSEC server, I am >>> the LANDesk admin so I am dealing with the desktop/server level. Looking >>> over your powershell script I see where it could work. If you would like you >>> can email me directly.. >>> >>> Thanks >>> >>> Chris >>> >>> On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote: >>> >>> I am not surer that everyone wants to see the gory details, but with >>> Powershell you can accomplish anythign that you would do normally via the >>> cmd line or interactively, on linux (ssh) and Windows (WMI). >>> >>> >>> >>> Here is an example that will migrate servers from a test OSSEC server to a >>> Productin OSSEC server and then register them with the new server (I have >>> another script that fixes the "any' in the client.keys): >>> >>> >>> >>> # You must download the module and install it per the directions (google) >>> Import-Module SSH-Sessions >>> # Implies that you have a .csv file with all of your servers in it with the >>> following headers (Product,address,Hostname,Key,User) >>> # Implies that you have an account on your linux servers with TTY ability >>> (google sudoers & TTY) >>> # Load data from .csv into a variable called $servers >>> $Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv >>> # loop throuhg each of the lines in the .CSV file and do "Some work" >>> ForEach ($S in $Servers) >>> { >>> # Get IP address from line in file >>> $I = $S.Address; Write-host $I >>> #Get Hostname from line in file >>> $H = $S.Hostname; Write-host $H >>> #Same ... >>> $K = $S.key; Write-host $K >>> #Same ... >>> $U = $S.user; Write-host $U >>> >>> # Connect to each computer and provide username and Private key >>> New-SshSession -ComputerName $I -Username $U -KeyFile $k >>> #Stop the agent >>> Invoke-SshCommand -ComputerName $i -Command "sudo >>> /var/ossec/bin/ossec-control stop" -Verbose >>> # Replace the Test Server IP with with the Production server IP >>> Invoke-SshCommand -ComputerName $i -Command "sudo sed -i >>> 's/1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf" -Verbose >>> #Register the server with agent with the Production OSSEC manager server >>> with the host name from the .csv file >>> Invoke-SshCommand -ComputerName $i -Command "sudo >>> /var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose >>> # Restart the agent >>> Invoke-SshCommand -ComputerName $i -Command "sudo >>> /var/ossec/bin/ossec-control start" -Verbose >>> # display the status of the agent post restart in the Powershell >>> console. >>> Invoke-SshCommand -ComputerName $i -Command "sudo >>> /var/ossec/bin/ossec-control status" -Verbose >>> # Close and clean up the session >>> Remove-SshSession $I -Verbose >>> # As this is a Foreach Loop, it will parse each line of your .csv file >>> and perform this work on every server until the list is ehausted. >>> } >>> >>> >>> >>> >>> >>> So, we can take this offline or keep it here, but I would need to get the >>> details (requirements) for each process that you are trying to automate. I >>> am not following what you are trying to do with the Client.Keys on the >>> agent, but I believe that there is a programatic solution. >>> >>> >>> >>> Jared >>> >>> >>> On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote: >>> >>> Jared, >>> >>> Thanks for the info. I can get Landesk to run powershell so what scripting >>> would I need. >>> >>> On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote: >>> >>> Chris, >>> >>> Agent / Client = 1 client.keys file with a single entry in it. >>> C:\Program Files (x86)\ossec-agent\client.keys = 1 entry >>> >>> Server / Manager = 1 client.keys files with an entry for every agent that is >>> registered. >>> /var/ossec/etc/client.keys >>> >>> If you are tying to copy the client.keys file from the server to every >>> agent, it will not work (only reads the first line). >>> >>> If you need some scripting automation for installing/configuring OSSEC on >>> Windows and Linux, and can run powershell from your Windows Landesk >>> instance, I can help. Just need to come up with what "success" would look >>> like from requirements perspective and the scripting part is easy. >>> >>> Jared >>> >>> >>> >>> >>> >>> On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver <[email protected]> >>> wrote: >>> >>> Yes, each client has a unique client.keys. >>> >>> >>> >>> -- >>> >>> James Pulver >>> >>> CLASSE Computer Group >>> >>> Cornell University >>> >>> >>> >>> From: [email protected] [mailto:[email protected]] On Behalf >>> Of Chris Lauritzen >>> Sent: Thursday, September 19, 2013 9:46 AM >>> >>> >>> To: [email protected] >>> Subject: Re: [ossec-list] Client.keys >>> >>> >>> >>> James let get this straight, if I have 3500 pc's to push this out to I need >>> 3500 client.keys files? >>> >>> >>> >>> On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks wrote: >>> >>> On 09/18/2013 04:08 PM, Chris Lauritzen wrote: >>>> Yes the Key have been made. There is a new twist to this now. The >>>> install is reading the client.keys but is only reading in the first key >>>> listed. Every install is pulling only the first key. If I manually add >>>> the key it works fine. When creating the key I see that the name is >>>> optional but is it possible that it's looking for the device name and >>>> when not finding it defaulting to the first entry? >>> >>> There should only be one key in the agent's client.keys file--the key >>> for that agent. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >>> >>> -- >>> Thank you, >>> >>> Jared R. Greene >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
