thanks for the explanation and for the manifest, Stephane!
yes, i have an ossec user with the uid 33335, so I will adapt this now.
at the moment i only have one ossec server, but there may be another one at
some point.
so for now I will change this to
$ossec_server = hostname of the ossec server
may I contact you directly if I run into any problems with this manifest
for ossec? :)
thanks,
theresa
On Tuesday, November 26, 2013 7:01:17 PM UTC+1, srossan wrote:
>
> I wrote this manifest.
> You have to be sure you have an OSSEC user defined, either locally or
> through LDAP. In this case, the UID is 11002. You may have to change that.
> In my environment, we had several OSSEC server, that's why I defined:
> $ossec_server = extlookup("ossec_server")
>
> -Stephane
>
>
> On Tue, Nov 26, 2013 at 12:42 AM, <[email protected] <javascript:>>wrote:
>
>> hi there,
>>
>> i know this question has probably been asked a hundred times
>> before....i've also done some digging in our beloved ossec google groups,
>> but haven't found the right answer yet.
>>
>> i want to deploy the ossec-agents with puppet, and therefore i'd need a
>> puppet manifest. i have already added the atomic rpm's to our local repo.
>> so far i found this manifest in the ossec groups.
>>
>> class node_security::ossec::agent {
>> # Define variables
>> $ossec_server = extlookup("ossec_server")
>>
>> # Install RPM
>> $wantedpackages = [ "ossec" ]
>> package { $wantedpackages:
>> ensure => installed,
>> require => Yumrepo[internal_repos],
>> }
>>
>> # Install ossec configuration file
>> file {"/var/ossec/etc/ossec.conf":
>> owner => root,
>> # OSSEC gid is 11002
>> group => 11002,
>> mode => 0644,
>> content =>
>> template("node/ossec/agent/ossec.conf.erb"),
>> require => Package["ossec"],
>> }
>>
>> # With OSSEC 2.6 server, autoregistration is enabled
>> exec { "AutoRegistration process":
>> command => "/var/ossec/bin/agent-auth -m
>> ${ossec_server} || true"
>> ,
>> creates => "/var/ossec/etc/client.keys",
>> require => Package["ossec"],
>> subscribe => File["/var/ossec/etc/ossec.conf"],
>> }
>>
>> # Start OSSEC service at boot
>> service { ossec:
>> name => ossec,
>> enable => true,
>> ensure => running,
>> hasrestart => true,
>> hasstatus => true,
>> require => [ Package["ossec"],
>> Exec["AutoRegistration process"] ],
>> }
>>
>> }
>>
>> is this sufficient or do I need more?
>> ideally i would like to roll out the agent rpm's to my servers....so from
>> what I see this puppet manifest also initiates/generates the client keys
>> roll-out?! this is superb news....so this means the installation process is
>> fully automated?!
>> does anything else need to be done manually?
>>
>> very much looking forward to your advice/help!
>>
>> thanks,
>> theresa
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
