If it helps anybody: Prior to installing the agent, I did get this script to work on the server... but it's rather useless for the agent: #!/bin/sh ## This script finds the IP on one of my three operating systems, and then looks for the agent ID ## To execute a manual restart of syscheck and rootcheck. I still have to work AIX 7 into the script, but this seems to do the trick.
# Get OS name first OS=`uname` IO="" # store IP case $OS in Linux) IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;; FreeBSD|OpenBSD) IP=`ifconfig | grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'` ;; SunOS) IP=`ifconfig -a | grep inet | grep -v '127.0.0.1' | awk '{ print $2} '` ;; *) IP="Unknown";; esac echo "$IP" ID=`/var/ossec/bin/agent_control -l |grep $IP | awk '{ print $2 }'| cut -d"," -f1` echo "$ID" /var/ossec/bin/agent_control -r -u "$ID" # /var/ossec/bin/agent_control -i "$ID" On Wednesday, February 13, 2013 8:13:25 AM UTC-6, TWAD wrote: > Hey There, > > I find myself in a situation where all hosts in our network must execute > syscheck and rootcheck through a manual process vs. a scheduled basis. And > when I say manual process, I mean each administrator must have the > capability/choice to run it at the least intrusive time of operations. We > will still execute both on startup, but thereafter, syscheck and rootcheck > must be executed manually. I understand this can be executed with > agent_control –r u <id>; however, the administrator does not outright know > the agent ID. Has anybody written a procedure that would accomplish this > manual task on *nix and/or Windows? > > > > If no, do you know of a way I can write this that ensures the task is > foolproof for the administrator? > > > > Thank you > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.