True is does make sense to just connect in, take a hash, then leave. (Yeah sorry that was my bad wording I meant that by understanding that agentless required SSH credentials and I didn't provide any for agent configuration (or other types of login authentication) that must mean the server doesn't connect in and the agent takes the hashes) Okay, I think I'm on the right wavelength now :) Thanks for your time and help.
Patrick. On Wednesday, August 20, 2014 2:50:36 PM UTC+1, dan (ddpbsd) wrote: > > On Wed, Aug 20, 2014 at 9:49 AM, dan (ddp) <[email protected] <javascript:>> > wrote: > > On Wed, Aug 20, 2014 at 9:44 AM, Patrick S <[email protected] > <javascript:>> wrote: > >> Thanks for your reply, Dan. I was under the impression that the server > >> generated the hashes, through one of these agentless types. > >> > >> ssh_integrity_check_bsd > >> ssh_integrity_check_linux > >> ssh_generic_diff > >> ssh_pixconfig_diff > >> > > > > It probably depends on which one you choose. I can't imagine the linux > > or bsd scripts transferring every file you've configured to be checked > > to the manager. I could be wrong, I haven't looked at the scripts > > much. > > > >> The docs state that ssh authentication details for the host are > required. > >> Doesn't a machine doing the work go against what agentless appears to > be? > >> My understanding was that nothing was installed? > >> > > > > The scripts are supposed to use what is already installed on the system, > so no? > > > >> Hmm I seem to have inadvertently also answered my question, as I didn't > >> provide any SSH authentication details for the agent based monitoring. > >> > > There wasn't a question related to this, and you shouldn't need SSH > authentication credentials for agents. > > >> > >> On Wednesday, August 20, 2014 1:29:29 PM UTC+1, dan (ddpbsd) wrote: > >>> > >>> On Wed, Aug 20, 2014 at 8:17 AM, Patrick S <[email protected]> > wrote: > >>> > I understand that in agentless monitoring the server takes the > baseline > >>> > of > >>> > files, but what about when an agent is installed on a machine - does > the > >>> > agent take the baseline or does the server? > >>> > > >>> > >>> The agent generates the hashes of the files on the system and sends > >>> that information to the manager. I believe it works the same way for > >>> agentless. > >>> > >>> > Many thanks, > >>> > Patrick > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to [email protected]. > >>> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
