I wrote this manifest.
You have to be sure you have an OSSEC user defined, either locally or
through LDAP. In this case, the UID is 11002. You may have to change that.
In my environment, we had several OSSEC server, that's why I defined:
$ossec_server = extlookup("ossec_server")
-Stephane
On Tue, Nov 26, 2013 at 12:42 AM, <[email protected]> wrote:
> hi there,
>
> i know this question has probably been asked a hundred times
> before....i've also done some digging in our beloved ossec google groups,
> but haven't found the right answer yet.
>
> i want to deploy the ossec-agents with puppet, and therefore i'd need a
> puppet manifest. i have already added the atomic rpm's to our local repo.
> so far i found this manifest in the ossec groups.
>
> class node_security::ossec::agent {
> # Define variables
> $ossec_server = extlookup("ossec_server")
>
> # Install RPM
> $wantedpackages = [ "ossec" ]
> package { $wantedpackages:
> ensure => installed,
> require => Yumrepo[internal_repos],
> }
>
> # Install ossec configuration file
> file {"/var/ossec/etc/ossec.conf":
> owner => root,
> # OSSEC gid is 11002
> group => 11002,
> mode => 0644,
> content =>
> template("node/ossec/agent/ossec.conf.erb"),
> require => Package["ossec"],
> }
>
> # With OSSEC 2.6 server, autoregistration is enabled
> exec { "AutoRegistration process":
> command => "/var/ossec/bin/agent-auth -m
> ${ossec_server} || true"
> ,
> creates => "/var/ossec/etc/client.keys",
> require => Package["ossec"],
> subscribe => File["/var/ossec/etc/ossec.conf"],
> }
>
> # Start OSSEC service at boot
> service { ossec:
> name => ossec,
> enable => true,
> ensure => running,
> hasrestart => true,
> hasstatus => true,
> require => [ Package["ossec"],
> Exec["AutoRegistration process"] ],
> }
>
> }
>
> is this sufficient or do I need more?
> ideally i would like to roll out the agent rpm's to my servers....so from
> what I see this puppet manifest also initiates/generates the client keys
> roll-out?! this is superb news....so this means the installation process is
> fully automated?!
> does anything else need to be done manually?
>
> very much looking forward to your advice/help!
>
> thanks,
> theresa
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
