[ossec-list] Re: A standard procedure for manually starting rootcheck and syscheck

Sun, 17 Feb 2013 18:19:23 -0800 

If it helps anybody: Prior to installing the agent, I did get this script 
to work on the server... but it's rather useless for the agent:
 
#!/bin/sh
## This script finds the IP on one of my three operating systems, and then 
looks for the agent ID 
## To execute a manual restart of syscheck and rootcheck. I still have to 
work AIX 7 into the script, but this seems to do the trick.

# Get OS name first

OS=`uname`
IO="" # store IP
case $OS in 

     Linux) IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: 
-f2 | awk '{ print $1}'`;;
     FreeBSD|OpenBSD) IP=`ifconfig | grep -E 'inet.[0-9]' | grep -v 
'127.0.0.1' | awk '{ print $2}'` ;;
     SunOS) IP=`ifconfig -a | grep inet | grep -v '127.0.0.1' | awk '{ 
print $2} '` ;;
     *) IP="Unknown";;
esac
echo "$IP" 
ID=`/var/ossec/bin/agent_control -l |grep $IP | awk '{ print $2 }'| cut 
-d"," -f1` echo "$ID"
/var/ossec/bin/agent_control -r -u "$ID"
# /var/ossec/bin/agent_control -i "$ID"

On Wednesday, February 13, 2013 8:13:25 AM UTC-6, TWAD wrote:

> Hey There,
>
> I find myself in a situation where all hosts in our network must execute 
> syscheck and rootcheck through a manual process vs. a scheduled basis. And 
> when I say manual process, I mean each administrator must have the 
> capability/choice to run it at the least intrusive time of operations. We 
> will still execute both on startup, but thereafter, syscheck and rootcheck 
> must be executed manually.  I understand this can be executed with 
> agent_control –r u <id>; however, the administrator does not outright know 
> the agent ID. Has anybody written a procedure that would accomplish this 
> manual task on *nix and/or Windows?
>
>  
>
> If no, do you know of a way I can write this that ensures the task is 
> foolproof for the administrator?
>
>  
>
> Thank you
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to