I think I’ve posted before, but I wrote an autoit script to use plink to log in to the ossec server and run a script there that passes the agent key for install. I’d personally love to see authd on Windows, but I quickly got out of my compiler knowledge trying to compile that for testing.
-- James Pulver CLASSE Computer Group Cornell University From: [email protected] [mailto:[email protected]] On Behalf Of Lars Petrey Sent: Friday, February 14, 2014 5:14 PM To: [email protected] Subject: [ossec-list] Re: python scripts for auto agent install & registration Very nice work, much appreciated. Any way to do this for windows agents or not require a key at all for those systems? Or have every windows agent use the same key? Thanks in advance. On Thursday, February 13, 2014 7:03:47 PM UTC-5, Sam Shores wrote: I had some difficulty with the authd process, particularly with configuring open-ssl-dev support on ubuntu. Also, I wanted to have something running more permanently for enterprise use. I wanted the entire agent installation and registration process to be completely automated. So, I wrote some python scripts that listen on the server via apache/ssl and reply with a key. Additionally, I have some auto-install/configure/register scripts. If this is something the group is interested in, they are attached. There are some prereqs for making the whole thing work. You'll need apache configured with mod_cgi and pexpect for the python portion. To run the installer on systems without python or pexpect, you'll need pyinstaller (or something similar) to package the python scripts. Basically, this takes the ossec installation binary and wraps python around it to automate your install. Python isn't necessary on the target systems, as part of the process is using pyinstaller to include all the python modules and executables required to run it from the installation folder. You'll need to edit the install.sh script to include the hostname/ip of your server. Also, you probably want to put a real email address in your scripts for error messages. The README file has some instructions on how to set it up and use it. You should probably consider this a project, rather than a click and run setup. As ever, this is provided free of charge - but don't expect me to fix it if you break it. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
