On Fri, Aug 8, 2014 at 9:53 AM, Gregory K. Spranger <[email protected]> wrote: > ok .. well maybe i should have explained more of what i hoped to do, > but cannot decipher whether or not this is possible .. here is the > doc: > > http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html > > it talks about options -- specifically the "-i" option -- which > states: "Add agents with a specific IP address instead of using any." > well, i figured out what "any" is simply by trial and error .. what i
I thought that "any" was mentioned in some part of the managing agents documentation, but I'll double check. > don't/didn't understand simply was HOW TO DEFINE agents with specific > IP addresses .. BUT -- what i would REALLY like to do/was hoping for If you want to define the agents, you'd looking at the wrong thing. ossec-authd makes it so you don't have to define the agents. > is just to define a subnet (10.159.3.0/24) and not have to worry about > the specifics .. > > so in my journey, while i knew about client.keys before, it wasn't > clear to me this is where i should define these agents with specific > IP addresses .. and yes, while better than doing > server-export/agent-import manually, it would be really sexy if i > could just define above subnet and not worry about the rest .. > > anyway -- really didn't want to stir any trouble within the group -- > being i am literally 3 days old in it ;-P but at the same time -- i am > too dense on ossec to just "know" what "-i" is and what it means and > where the defined agents with IP addresses should go -- which is why i > asked, hence the tit-for-tat we are in now .. > Thanks for the info. I think this will help me make the documentation more clear. Having used OSSEC for so long, it's sometimes difficult for me to write documentation that is accessible to newer users. I make a lot of assumptions that I shouldn't, so I definitely appreciate the detailed feedback. > thanks and have a great weekend, > greg > > > > > On Fri, Aug 8, 2014 at 9:33 AM, dan (ddp) <[email protected]> wrote: >> On Fri, Aug 8, 2014 at 9:29 AM, Gregory K. Spranger <[email protected]> wrote: >>> haha -- zing !! nice one dan ;-) i figured out what i was looking for .. >>> >> >> Actually I'm completely serious. If people have questions about this >> that can be answered in the documentation, I'd love to add it. I just >> don't understand what needs to be further documented, probably because >> of my closeness to the project and the amount of time I've been using >> it. >> >>> have a great friday !! >>> >>> greg >>> >>> >>> >>> On Fri, Aug 8, 2014 at 7:53 AM, dan (ddp) <[email protected]> wrote: >>>> On Thu, Aug 7, 2014 at 5:23 PM, Nick Turley <[email protected]> wrote: >>>>> I just tested this in a vagrant environment. On the OSSEC server, I ran: >>>>> >>>>> /var/ossec/bin/ossec-authd -i -p 1515 >>>>> >>>>> On my Ubuntu tests box, I ran: >>>>> >>>>> ./agent-auth -m 192.168.20.25 -p 1515 >>>>> >>>>> Now, when I run ./agent-control -l or ./manage_agents -l I see: >>>>> >>>>> Available agents: >>>>> ID: 001, Name: test.ucr.edu, IP: 138.23.1.1 >>>>> ID: 1047, Name: wheeze.ucr.edu, IP: any >>>>> ID: 1048, Name: centsx64.ucr.edu, IP: any >>>>> ID: 1049, Name: wheeze, IP: 192.168.20.20 >>>>> >>>>> You can see agent ID 1049 now includes the IP. ID 1048 (CentOS box) was >>>>> registered prior to running ossec-authd with the -i argument. Hope this >>>>> helps. >>>>> >>>> >>>> So the question is, what about this really needs to be documented? >>>> I'll do the work (since I don't think greg is interested in >>>> contributing), but I don't know what about this needs to be in >>>> writing. >>>> >>>>> On Thursday, August 7, 2014 8:40:56 AM UTC-7, gkspranger wrote: >>>>>> >>>>>> i did .. but that really doesn't tell me anything -- it just runs .. and >>>>>> like i said, i am just looking for some documentation about expected >>>>>> behavior and hopefully even an example or two .. >>>>>> >>>>>> >>>>>> thanks, >>>>>> greg >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wednesday, August 6, 2014 7:40:46 AM UTC-4, dan (ddpbsd) wrote: >>>>>>> >>>>>>> On Tue, Aug 5, 2014 at 7:26 PM, gkspranger <[email protected]> wrote: >>>>>>> > hi there !! >>>>>>> > >>>>>>> > i promise i searched the intertubes for examples of this -- but are >>>>>>> > there >>>>>>> > any good examples out there related to ossec-authd's "-i" option ?? >>>>>>> > >>>>>>> > http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html >>>>>>> > >>>>>>> > the only real examples i am seeing are related to creating the cert >>>>>>> > and >>>>>>> > starting the service using the "-p" option -- for example: >>>>>>> > >>>>>>> > >>>>>>> > http://dcid.me/blog/2011/01/automatically-creating-and-setting-up-the-agent-keys/ >>>>>>> > >>>>>>> > but i would like to learn more about how to limit which agents can >>>>>>> > connect >>>>>>> > and register .. for example -- can you do entire subnets ?? or are you >>>>>>> > defining only ONE IP address that is allowed to connect and register >>>>>>> > ?? >>>>>>> > >>>>>>> > your help/examples are super appreciated .. >>>>>>> > >>>>>>> >>>>>>> >>>>>>> Have you tried running it with the -i flag? `/var/ossec/bin/ossec-authd >>>>>>> -i`? >>>>>>> >>>>>>> > thanks, >>>>>>> > greg >>>>>>> > >>>>>>> > -- >>>>>>> > >>>>>>> > --- >>>>>>> > You received this message because you are subscribed to the Google >>>>>>> > Groups >>>>>>> > "ossec-list" group. >>>>>>> > To unsubscribe from this group and stop receiving emails from it, send >>>>>>> > an >>>>>>> > email to [email protected]. >>>>>>> > For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "ossec-list" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/ossec-list/kgpVimE3dqU/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/kgpVimE3dqU/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
