Hi Dan, Thank you very much is clear. Regards
700gr On Thu, Jan 31, 2019 at 5:45 PM dan (ddp) <[email protected]> wrote: > On Thu, Jan 31, 2019 at 12:03 PM <[email protected]> wrote: > > > > Hi, > > > > I have situation where any time I reimport OSSEC 3.1 configuration to a > client on Red Hat, it creates automatically a file in > /opt/ossec/etc/shared/agent.conf which I have to delete every time. > > Because I am going to get a message: > > > > Starting OSSEC HIDS v3.1.0 (by Trend Micro Inc.)... > > Started ossec-execd... > > 2019/01/29 11:24:23 ossec-agentd: INFO: Using notify time: 600 and max > time to reconnect: 1800 > > Started ossec-agentd... > > 2019/01/29 11:24:23 ossec-logcollector: Remote commands are not accepted > from the manager. Ignoring it on the agent.conf > > 2019/01/29 11:24:23 ossec-logcollector(1202): ERROR: Configuration error > at '/opt/ossec/etc/shared/agent.conf'. Exiting. > > Started ossec-logcollector... > > 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory > given: '/etc'. > > 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory > given: '/bin'. > > Started ossec-syscheckd... > > Completed. > > > > > > If I understand correctly, this file is allows to override global > configuration. > > > > 1. However why OSSEC client need these two files, I always put the same > config in both of them > > /var/ossec/etc/ossec-agent.conf > > /var/ossec/etc/ossec.conf > > > > It should only need ossec/etc/ossec.conf. > > > 2. There is any way to configure ossec configuration on MASTER, and it > will be pulled automatically by clients or I have to reconfigure every > client separably for every system: Windows, Red Hat and Ubuntu. > > > > ossec/etc/shared/agent.conf can help you configure agents from the > OSSEC server, but not all of the configuration options are available > there. > Edit the file on the OSSEC server, and it will be pushed to the > agents. You'll have to restart the agents after the file is updated, > but that's not too tough using active response. > > > > Thx in advance > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
