Sure. I've been sick and I didn't pay attention much to this grouplist.
On Wed, Nov 27, 2013 at 3:34 AM, <[email protected]> wrote: > thanks for the explanation and for the manifest, Stephane! > > yes, i have an ossec user with the uid 33335, so I will adapt this now. > at the moment i only have one ossec server, but there may be another one > at some point. > so for now I will change this to > > $ossec_server = hostname of the ossec server > > may I contact you directly if I run into any problems with this manifest > for ossec? :) > > thanks, > theresa > > > On Tuesday, November 26, 2013 7:01:17 PM UTC+1, srossan wrote: > >> I wrote this manifest. >> You have to be sure you have an OSSEC user defined, either locally or >> through LDAP. In this case, the UID is 11002. You may have to change that. >> In my environment, we had several OSSEC server, that's why I defined: >> $ossec_server = extlookup("ossec_server") >> >> -Stephane >> >> >> On Tue, Nov 26, 2013 at 12:42 AM, <[email protected]> wrote: >> >>> hi there, >>> >>> i know this question has probably been asked a hundred times >>> before....i've also done some digging in our beloved ossec google groups, >>> but haven't found the right answer yet. >>> >>> i want to deploy the ossec-agents with puppet, and therefore i'd need a >>> puppet manifest. i have already added the atomic rpm's to our local repo. >>> so far i found this manifest in the ossec groups. >>> >>> class node_security::ossec::agent { >>> # Define variables >>> $ossec_server = extlookup("ossec_server") >>> >>> # Install RPM >>> $wantedpackages = [ "ossec" ] >>> package { $wantedpackages: >>> ensure => installed, >>> require => Yumrepo[internal_repos], >>> } >>> >>> # Install ossec configuration file >>> file {"/var/ossec/etc/ossec.conf": >>> owner => root, >>> # OSSEC gid is 11002 >>> group => 11002, >>> mode => 0644, >>> content => template("node/ossec/agent/ >>> ossec.conf.erb"), >>> require => Package["ossec"], >>> } >>> >>> # With OSSEC 2.6 server, autoregistration is enabled >>> exec { "AutoRegistration process": >>> command => "/var/ossec/bin/agent-auth -m >>> ${ossec_server} || true" >>> , >>> creates => "/var/ossec/etc/client.keys", >>> require => Package["ossec"], >>> subscribe => File["/var/ossec/etc/ossec.conf"], >>> } >>> >>> # Start OSSEC service at boot >>> service { ossec: >>> name => ossec, >>> enable => true, >>> ensure => running, >>> hasrestart => true, >>> hasstatus => true, >>> require => [ Package["ossec"], >>> Exec["AutoRegistration process"] ], >>> } >>> >>> } >>> >>> is this sufficient or do I need more? >>> ideally i would like to roll out the agent rpm's to my servers....so >>> from what I see this puppet manifest also initiates/generates the client >>> keys roll-out?! this is superb news....so this means the installation >>> process is fully automated?! >>> does anything else need to be done manually? >>> >>> very much looking forward to your advice/help! >>> >>> thanks, >>> theresa >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
