Re: [ossec-list] install ossec-agent trough puppet

[Nicolas Zin]

Hi guys,

depending on your needs, I:
- created deb package (for ossec 2.6) :
https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu
- grab rpm package (for ossec 2.6)
- create a puppet repo to install everything:
https://github.com/nzin/puppet-ossec (with automatic registration via
exported ressources)


I guess it is a good start :-)




On Tue, Nov 27, 2012 at 10:19 AM, Stephane Rossan <steph...@rossan4.com>wrote:

> Here is a copy of my ossec manifest. I've built a RPM to install OSSEC
> through puppet, and I use auto-registration to install agents clients on my
> unix hosts:
> class node_security::ossec::agent {
>         # Define variables
>         $ossec_server           = extlookup("ossec_server")
>
>         # Install RPM
>         $wantedpackages = [ "ossec" ]
>         package { $wantedpackages:
>                 ensure          => installed,
>                 require         => Yumrepo[internal_repos],
>         }
>
>         # Install ossec configuration file
>         file {"/apps/ossec/etc/ossec.conf":
>                 owner           => root,
>                 # OSSEC gid is 11002
>                 group           => 11002,
>                 mode            => 0644,
>                 content         =>
> template("node/ossec/agent/ossec.conf.erb"),
>                 require         => Package["ossec"],
>         }
>
>         # With OSSEC 2.6 server, autoregistration is enabled
>         exec { "AutoRegistration process":
>                 command         => "/apps/ossec/bin/agent-auth -m
> ${ossec_server} || true"
> ,
>                 creates         => "/apps/ossec/etc/client.keys",
>                 require         => Package["ossec"],
>                 subscribe       => File["/apps/ossec/etc/ossec.conf"],
>         }
>
>         # Start OSSEC service at boot
>         service { ossec:
>                 name            => ossec,
>                 enable          => true,
>                 ensure          => running,
>                 hasrestart      => true,
>                 hasstatus       => true,
>                 require         => [ Package["ossec"],
> Exec["AutoRegistration process"] ],
>         }
>
> }
>
>
> On Tue, Nov 27, 2012 at 6:17 AM, dan (ddp) <ddp...@gmail.com> wrote:
>
>> On Tue, Nov 27, 2012 at 6:57 AM, rezgui mohamed <rezgui...@gmail.com>
>> wrote:
>> > Dear support,
>> > have you please a tutorial to automaticate the install of agent on my
>> all
>> > machine trough puppet
>> >
>> > Best regards
>>
>> We do not have a tutorial, but I can't imagine it would be too hard.
>> Use a binary package. Use ossec-agentd on the server and auth-agent on
>> the agent. Have the puppet recipe install OSSEC. Then it should check
>> for the existence of client.keys, and if that file does not exist run
>> agent-auth to get a key. Finally start/restart OSSEC.
>>
>> It wouldn't be hard to configure puppet to restart the processes when
>> agent.conf changes as well.
>>
>
>