thanks for the explanation and for the manifest, Stephane!

yes, i have an ossec user with the uid 33335, so I will adapt this now.
at the moment i only have one ossec server, but there may be another one at 
some point.
so for now I will change this to

$ossec_server = hostname of the ossec server

may I contact you directly if I run into any problems with this manifest 
for ossec? :)

thanks,
theresa

On Tuesday, November 26, 2013 7:01:17 PM UTC+1, srossan wrote:
>
> I wrote this manifest.
> You have to be sure you have an OSSEC user defined, either locally or 
> through LDAP. In this case, the UID is 11002. You may have to change that.
> In my environment, we had several OSSEC server, that's why I defined:
> $ossec_server           = extlookup("ossec_server")
>
> -Stephane
>
>
> On Tue, Nov 26, 2013 at 12:42 AM, <[email protected] <javascript:>>wrote:
>
>> hi there,
>>
>> i know this question has probably been asked a hundred times 
>> before....i've also done some digging in our beloved ossec google groups, 
>> but haven't found the right answer yet.
>>
>> i want to deploy the ossec-agents with puppet, and therefore i'd need a 
>> puppet manifest. i have already added the atomic rpm's to our local repo.
>> so far i found this manifest in the ossec groups.
>>
>> class node_security::ossec::agent { 
>>         # Define variables
>>         $ossec_server           = extlookup("ossec_server")
>>
>>         # Install RPM 
>>         $wantedpackages = [ "ossec" ]
>>         package { $wantedpackages:
>>                 ensure          => installed,
>>                 require         => Yumrepo[internal_repos],
>>         }
>>
>>         # Install ossec configuration file
>>         file {"/var/ossec/etc/ossec.conf":
>>                 owner           => root,
>>                 # OSSEC gid is 11002
>>                 group           => 11002,
>>                 mode            => 0644,
>>                 content         => 
>> template("node/ossec/agent/ossec.conf.erb"),
>>                 require         => Package["ossec"],
>>         }
>>
>>         # With OSSEC 2.6 server, autoregistration is enabled
>>         exec { "AutoRegistration process":
>>                 command         => "/var/ossec/bin/agent-auth -m 
>> ${ossec_server} || true"
>> ,
>>                 creates         => "/var/ossec/etc/client.keys",
>>                 require         => Package["ossec"],
>>                 subscribe       => File["/var/ossec/etc/ossec.conf"],
>>         }
>>
>>         # Start OSSEC service at boot
>>         service { ossec:
>>                 name            => ossec,
>>                 enable          => true,
>>                 ensure          => running,
>>                 hasrestart      => true,
>>                 hasstatus       => true,
>>                 require         => [ Package["ossec"], 
>> Exec["AutoRegistration process"] ],
>>         }
>>
>> }
>>
>> is this sufficient or do I need more?
>> ideally i would like to roll out the agent rpm's to my servers....so from 
>> what I see this puppet manifest also initiates/generates the client keys 
>> roll-out?! this is superb news....so this means the installation process is 
>> fully automated?!
>> does anything else need to be done manually?
>>
>> very much looking forward to your advice/help!
>>
>> thanks,
>> theresa
>>
>>  -- 
>>  
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to