Sure. I've been sick and I didn't pay attention much to this grouplist.

On Wed, Nov 27, 2013 at 3:34 AM, <[email protected]> wrote:

> thanks for the explanation and for the manifest, Stephane!
>
> yes, i have an ossec user with the uid 33335, so I will adapt this now.
> at the moment i only have one ossec server, but there may be another one
> at some point.
> so for now I will change this to
>
> $ossec_server = hostname of the ossec server
>
> may I contact you directly if I run into any problems with this manifest
> for ossec? :)
>
> thanks,
> theresa
>
>
> On Tuesday, November 26, 2013 7:01:17 PM UTC+1, srossan wrote:
>
>> I wrote this manifest.
>> You have to be sure you have an OSSEC user defined, either locally or
>> through LDAP. In this case, the UID is 11002. You may have to change that.
>> In my environment, we had several OSSEC server, that's why I defined:
>> $ossec_server           = extlookup("ossec_server")
>>
>> -Stephane
>>
>>
>> On Tue, Nov 26, 2013 at 12:42 AM, <[email protected]> wrote:
>>
>>> hi there,
>>>
>>> i know this question has probably been asked a hundred times
>>> before....i've also done some digging in our beloved ossec google groups,
>>> but haven't found the right answer yet.
>>>
>>> i want to deploy the ossec-agents with puppet, and therefore i'd need a
>>> puppet manifest. i have already added the atomic rpm's to our local repo.
>>> so far i found this manifest in the ossec groups.
>>>
>>> class node_security::ossec::agent {
>>>         # Define variables
>>>         $ossec_server           = extlookup("ossec_server")
>>>
>>>         # Install RPM
>>>         $wantedpackages = [ "ossec" ]
>>>         package { $wantedpackages:
>>>                 ensure          => installed,
>>>                 require         => Yumrepo[internal_repos],
>>>         }
>>>
>>>         # Install ossec configuration file
>>>         file {"/var/ossec/etc/ossec.conf":
>>>                 owner           => root,
>>>                 # OSSEC gid is 11002
>>>                 group           => 11002,
>>>                 mode            => 0644,
>>>                 content         => template("node/ossec/agent/
>>> ossec.conf.erb"),
>>>                 require         => Package["ossec"],
>>>         }
>>>
>>>         # With OSSEC 2.6 server, autoregistration is enabled
>>>         exec { "AutoRegistration process":
>>>                 command         => "/var/ossec/bin/agent-auth -m
>>> ${ossec_server} || true"
>>> ,
>>>                 creates         => "/var/ossec/etc/client.keys",
>>>                 require         => Package["ossec"],
>>>                 subscribe       => File["/var/ossec/etc/ossec.conf"],
>>>         }
>>>
>>>         # Start OSSEC service at boot
>>>         service { ossec:
>>>                 name            => ossec,
>>>                 enable          => true,
>>>                 ensure          => running,
>>>                 hasrestart      => true,
>>>                 hasstatus       => true,
>>>                 require         => [ Package["ossec"],
>>> Exec["AutoRegistration process"] ],
>>>         }
>>>
>>> }
>>>
>>> is this sufficient or do I need more?
>>> ideally i would like to roll out the agent rpm's to my servers....so
>>> from what I see this puppet manifest also initiates/generates the client
>>> keys roll-out?! this is superb news....so this means the installation
>>> process is fully automated?!
>>> does anything else need to be done manually?
>>>
>>> very much looking forward to your advice/help!
>>>
>>> thanks,
>>> theresa
>>>
>>>  --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>  --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to