ok .. well maybe i should have explained more of what i hoped to do, but cannot decipher whether or not this is possible .. here is the doc:
http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html it talks about options -- specifically the "-i" option -- which states: "Add agents with a specific IP address instead of using any." well, i figured out what "any" is simply by trial and error .. what i don't/didn't understand simply was HOW TO DEFINE agents with specific IP addresses .. BUT -- what i would REALLY like to do/was hoping for is just to define a subnet (10.159.3.0/24) and not have to worry about the specifics .. so in my journey, while i knew about client.keys before, it wasn't clear to me this is where i should define these agents with specific IP addresses .. and yes, while better than doing server-export/agent-import manually, it would be really sexy if i could just define above subnet and not worry about the rest .. anyway -- really didn't want to stir any trouble within the group -- being i am literally 3 days old in it ;-P but at the same time -- i am too dense on ossec to just "know" what "-i" is and what it means and where the defined agents with IP addresses should go -- which is why i asked, hence the tit-for-tat we are in now .. thanks and have a great weekend, greg On Fri, Aug 8, 2014 at 9:33 AM, dan (ddp) <[email protected]> wrote: > On Fri, Aug 8, 2014 at 9:29 AM, Gregory K. Spranger <[email protected]> wrote: >> haha -- zing !! nice one dan ;-) i figured out what i was looking for .. >> > > Actually I'm completely serious. If people have questions about this > that can be answered in the documentation, I'd love to add it. I just > don't understand what needs to be further documented, probably because > of my closeness to the project and the amount of time I've been using > it. > >> have a great friday !! >> >> greg >> >> >> >> On Fri, Aug 8, 2014 at 7:53 AM, dan (ddp) <[email protected]> wrote: >>> On Thu, Aug 7, 2014 at 5:23 PM, Nick Turley <[email protected]> wrote: >>>> I just tested this in a vagrant environment. On the OSSEC server, I ran: >>>> >>>> /var/ossec/bin/ossec-authd -i -p 1515 >>>> >>>> On my Ubuntu tests box, I ran: >>>> >>>> ./agent-auth -m 192.168.20.25 -p 1515 >>>> >>>> Now, when I run ./agent-control -l or ./manage_agents -l I see: >>>> >>>> Available agents: >>>> ID: 001, Name: test.ucr.edu, IP: 138.23.1.1 >>>> ID: 1047, Name: wheeze.ucr.edu, IP: any >>>> ID: 1048, Name: centsx64.ucr.edu, IP: any >>>> ID: 1049, Name: wheeze, IP: 192.168.20.20 >>>> >>>> You can see agent ID 1049 now includes the IP. ID 1048 (CentOS box) was >>>> registered prior to running ossec-authd with the -i argument. Hope this >>>> helps. >>>> >>> >>> So the question is, what about this really needs to be documented? >>> I'll do the work (since I don't think greg is interested in >>> contributing), but I don't know what about this needs to be in >>> writing. >>> >>>> On Thursday, August 7, 2014 8:40:56 AM UTC-7, gkspranger wrote: >>>>> >>>>> i did .. but that really doesn't tell me anything -- it just runs .. and >>>>> like i said, i am just looking for some documentation about expected >>>>> behavior and hopefully even an example or two .. >>>>> >>>>> >>>>> thanks, >>>>> greg >>>>> >>>>> >>>>> >>>>> >>>>> On Wednesday, August 6, 2014 7:40:46 AM UTC-4, dan (ddpbsd) wrote: >>>>>> >>>>>> On Tue, Aug 5, 2014 at 7:26 PM, gkspranger <[email protected]> wrote: >>>>>> > hi there !! >>>>>> > >>>>>> > i promise i searched the intertubes for examples of this -- but are >>>>>> > there >>>>>> > any good examples out there related to ossec-authd's "-i" option ?? >>>>>> > >>>>>> > http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html >>>>>> > >>>>>> > the only real examples i am seeing are related to creating the cert and >>>>>> > starting the service using the "-p" option -- for example: >>>>>> > >>>>>> > >>>>>> > http://dcid.me/blog/2011/01/automatically-creating-and-setting-up-the-agent-keys/ >>>>>> > >>>>>> > but i would like to learn more about how to limit which agents can >>>>>> > connect >>>>>> > and register .. for example -- can you do entire subnets ?? or are you >>>>>> > defining only ONE IP address that is allowed to connect and register ?? >>>>>> > >>>>>> > your help/examples are super appreciated .. >>>>>> > >>>>>> >>>>>> >>>>>> Have you tried running it with the -i flag? `/var/ossec/bin/ossec-authd >>>>>> -i`? >>>>>> >>>>>> > thanks, >>>>>> > greg >>>>>> > >>>>>> > -- >>>>>> > >>>>>> > --- >>>>>> > You received this message because you are subscribed to the Google >>>>>> > Groups >>>>>> > "ossec-list" group. >>>>>> > To unsubscribe from this group and stop receiving emails from it, send >>>>>> > an >>>>>> > email to [email protected]. >>>>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google Groups >>>> "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "ossec-list" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ossec-list/kgpVimE3dqU/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the Google > Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/kgpVimE3dqU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
