On Thu, Jan 31, 2019 at 12:03 PM <[email protected]> wrote: > > Hi, > > I have situation where any time I reimport OSSEC 3.1 configuration to a > client on Red Hat, it creates automatically a file in > /opt/ossec/etc/shared/agent.conf which I have to delete every time. > Because I am going to get a message: > > Starting OSSEC HIDS v3.1.0 (by Trend Micro Inc.)... > Started ossec-execd... > 2019/01/29 11:24:23 ossec-agentd: INFO: Using notify time: 600 and max time > to reconnect: 1800 > Started ossec-agentd... > 2019/01/29 11:24:23 ossec-logcollector: Remote commands are not accepted from > the manager. Ignoring it on the agent.conf > 2019/01/29 11:24:23 ossec-logcollector(1202): ERROR: Configuration error at > '/opt/ossec/etc/shared/agent.conf'. Exiting. > Started ossec-logcollector... > 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory given: > '/etc'. > 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory given: > '/bin'. > Started ossec-syscheckd... > Completed. > > > If I understand correctly, this file is allows to override global > configuration. > > 1. However why OSSEC client need these two files, I always put the same > config in both of them > /var/ossec/etc/ossec-agent.conf > /var/ossec/etc/ossec.conf >
It should only need ossec/etc/ossec.conf. > 2. There is any way to configure ossec configuration on MASTER, and it will > be pulled automatically by clients or I have to reconfigure every client > separably for every system: Windows, Red Hat and Ubuntu. > ossec/etc/shared/agent.conf can help you configure agents from the OSSEC server, but not all of the configuration options are available there. Edit the file on the OSSEC server, and it will be pushed to the agents. You'll have to restart the agents after the file is updated, but that's not too tough using active response. > Thx in advance > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
