On Fri, Aug 18, 2017 at 1:58 PM, Tray <tnum...@powermoneyteam.biz> wrote: > Thanks for the response. So is there an account that will ssh into the > target machine? and if so is it using keys instead of a password? >
On the OSSEC manager, the ossec account will ssh to the agentless system using whichever account you've configured it to use. You can use ssh keys for authentication, or a password. > In regards to my second question: We have logs going to splunk to review > changing of files but I am not getting "who" changed the file. > Are these logs coming from the OSSEC system? OSSEC doesn't currently have a way to determine who made the last change via syscheckd (if someone has a way to tell, let me know!), so it cannot pass this information on. > On Friday, August 18, 2017 at 8:40:06 AM UTC-4, dan (ddpbsd) wrote: >> >> >> >> On Aug 18, 2017 8:35 AM, "Tray" <tnu...@powermoneyteam.biz> wrote: >> >> Hello, >> I am new to OSSEC however, it will be set up in my environment and I am >> trying to get an idea of what it takes to set up the agentless ossec. What >> will be needed for the install/configuration on the target system? >> >> >> >> An ssh daemon. >> >> Also in looking at some outputs of OSSEC agentless, I noticed there is >> no user (person who made a change on the system) listed in the output. How >> can this be configured? >> >> >> Setup auditing on the system to monitor changes to files, create rules to >> watch for those log messages. Forward the logs via syslog to the ossec >> manager. >> >> >> Thanks any assistance is greatly appreciated. >> >> Tracy >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.