Yeah we built custom binary RPM's, try the newer atomic ones, I hear good things about those. We had a tight deadline to meet and had to improvise. When I get a chance I intend to go back and redo our process with the atomic RPM's.
Zate On Tue, Jun 26, 2012 at 11:51 AM, dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Jun 26, 2012 at 12:47 PM, Brett Y <cgka...@gmail.com> wrote: > > Zate, > > Those RPMs don't work, and cause lots of frustration. > > > > Zate made his own RPMs, in a different way than most had been made > before. Also, I think he and Nate solved the agent auth issues. Newer > atomic rpms should work (I haven't tested so YMMV). > > > > > On Wednesday, June 13, 2012 7:17:55 AM UTC-7, Zate wrote: > >> > >> If you have one OSSEC server, this is actually pretty easy. > >> > >> Do the Binary Install - this creates all the binaries on one machine, > and > >> then lets you take that tar.gz to any other machine, run install and it > lays > >> down the already built binaries. > >> > >> The second part is use the etc/preloaded-vars.conf that is part of that > >> bundle and pre-fill in things like the server, the type of install etc > etc. > >> You can also select for it to be "silent" and just use the stuff in the > >> preloaded-vars.conf to answer all the questions. > >> > >> We took this a step further and created a RPM that packages the prebuilt > >> binaries from a manual install and recreates the install on a new > machine > >> and connects the agent automatically. > >> > >> For just a 100 machines, a simple binary install and a quick bash script > >> to set it up should work. > >> > >> Zate > >> > >> > >> On Wed, Jun 13, 2012 at 8:29 AM, dan (ddp) <ddp...@gmail.com> wrote: > >>> > >>> The install.sh and InstallAgent.sh script have most of this > information. > >>> > >>> Did you create all of the directories? Did you make sure permissions > >>> were correct? Did you create the OSSEC users? Did you make sure > >>> ownership/groups were correct? > >>> > >>> On Wed, Jun 13, 2012 at 9:24 AM, Lucas Kauffman <cloud10...@gmail.com> > >>> wrote: > >>> > I have about 100 machines running the same OS. > >>> > > >>> > I want to install ossec agents on all machines but I don't feel like > >>> > having > >>> > to press enter on every machine to install it. I read in the book > that > >>> > you > >>> > can normally copy the binaries easily, so I compiled ossec on one > >>> > machine > >>> > and want to copy the binary to all my other machines (pushing the > >>> > correct > >>> > client.keys file already works). > >>> > > >>> > At the moment I seem to be at an impasse because the sockets for > ossec > >>> > are > >>> > not being created, I keep getting this error after I copy the binary: > >>> > > >>> > 2012/06/13 13:21:38 ossec-syscheckd(1210): ERROR: Queue > >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > >>> > 2012/06/13 13:21:53 ossec-rootcheck(1210): ERROR: Queue > >>> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or > >>> > directory'. > >>> > 2012/06/13 13:22:04 ossec-syscheckd(1210): ERROR: Queue > >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > >>> > 2012/06/13 13:22:19 ossec-rootcheck(1210): ERROR: Queue > >>> > '/var/ossec/queue/ossec/queue' not accessible: 'No such file or > >>> > directory'. > >>> > 2012/06/13 13:22:35 ossec-syscheckd(1210): ERROR: Queue > >>> > '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'. > >>> > 2012/06/13 13:22:50 ossec-rootcheck(1211): ERROR: Unable to access > >>> > queue: > >>> > '/var/ossec/queue/ossec/queue'. Giving up.. > >>> > > >>> > > >>> > So I guess when compiling OSSEC, the compile script creates links to > or > >>> > from > >>> > sockets and when I copy the binary it is not possible to find these. > >>> > Does > >>> > anyone know how I can manually make these (so I can just add that to > my > >>> > distribution script)? Are there maybe any OSSEC repositories for > ubuntu > >>> > I'm > >>> > not aware of? > >>> > > >>> > Cheers, > >>> > Lucas Kauffman > >>> > > >>> > > >> > >> > > >
