Yes, I have no Windows build environment. Maybe it can cross compile from Linux?
-- James Pulver CLASSE Computer Group Cornell University -----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of dan (ddp) Sent: Tuesday, September 24, 2013 10:58 AM To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Client.keys On Tue, Sep 24, 2013 at 10:54 AM, James M. Pulver <jmp...@cornell.edu> wrote: > The problem is there is (as far as I can tell in 2.7.1 install) no > agent-auth.exe ... so how do we test it? > Build it. > -- > James Pulver > CLASSE Computer Group > Cornell University > > > -----Original Message----- > From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On > Behalf Of dan (ddp) > Sent: Tuesday, September 24, 2013 10:47 AM > To: ossec-list@googlegroups.com > Subject: Re: [ossec-list] Client.keys > > On Tue, Sep 24, 2013 at 7:57 AM, <bjoern.bec...@easycash.de> wrote: >> Hello, >> >> >> >> sorry, when I disturbing the discussion. We have the same problem with >> windows agents. >> >> Under *NIX os we could register the agent automaticly during installation >> using: /var/ossec/bin/agent-auth -m $ossecserver -A $::fqdn -D /var/ossec/ >> and on the server site the ossec-authd. >> >> >> >> Is there still no command for windows os? Is this in planning? >> > > I believe it was mentioned in this thread that the command might be > ready, but no one will test it. > >> >> >> Thanks Jared for the howto, it's should be better as our situation under >> windows now J >> >> >> >> Mit freundlichen Grüßen / Best regards >> Björn >> >> >> >> Von: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] Im >> Auftrag von Jared >> Gesendet: Montag, 23. September 2013 21:42 >> An: ossec-list@googlegroups.com >> Betreff: Re: [ossec-list] Client.keys >> >> >> >> Okay, off line then via email. >> >> Jared >> >> On Friday, September 20, 2013 9:48:10 AM UTC-4, Chris Lauritzen wrote: >> >> Jared, >> >> What I am trying to do it automate the install. We use LANDesk to push out >> apps to over 3500 PC/servers in our company. LANDesk can use batch, msi, >> exe, vbs and Powershell scripts to install. I have the install working, it >> pushes to the PC's and installs the agent. Where it was failing initially >> was importing the Key file. I have resolved that issue and during the >> install the key is being read. What I come to find out is OSSEC requires one >> key file per PC with only one key entry. I under the security reasons for >> this. So what I am looking to do is to find a way to not create 3500 >> Client.keys files. I have a script that works but it does not play well >> because we are running DHCP. I am not the admin for the OSSEC server, I am >> the LANDesk admin so I am dealing with the desktop/server level. Looking >> over your powershell script I see where it could work. If you would like you >> can email me directly.. >> >> Thanks >> >> Chris >> >> On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote: >> >> I am not surer that everyone wants to see the gory details, but with >> Powershell you can accomplish anythign that you would do normally via the >> cmd line or interactively, on linux (ssh) and Windows (WMI). >> >> >> >> Here is an example that will migrate servers from a test OSSEC server to a >> Productin OSSEC server and then register them with the new server (I have >> another script that fixes the "any' in the client.keys): >> >> >> >> # You must download the module and install it per the directions (google) >> Import-Module SSH-Sessions >> # Implies that you have a .csv file with all of your servers in it with the >> following headers (Product,address,Hostname,Key,User) >> # Implies that you have an account on your linux servers with TTY ability >> (google sudoers & TTY) >> # Load data from .csv into a variable called $servers >> $Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv >> # loop throuhg each of the lines in the .CSV file and do "Some work" >> ForEach ($S in $Servers) >> { >> # Get IP address from line in file >> $I = $S.Address; Write-host $I >> #Get Hostname from line in file >> $H = $S.Hostname; Write-host $H >> #Same ... >> $K = $S.key; Write-host $K >> #Same ... >> $U = $S.user; Write-host $U >> >> # Connect to each computer and provide username and Private key >> New-SshSession -ComputerName $I -Username $U -KeyFile $k >> #Stop the agent >> Invoke-SshCommand -ComputerName $i -Command "sudo >> /var/ossec/bin/ossec-control stop" -Verbose >> # Replace the Test Server IP with with the Production server IP >> Invoke-SshCommand -ComputerName $i -Command "sudo sed -i >> 's/1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf" -Verbose >> #Register the server with agent with the Production OSSEC manager server >> with the host name from the .csv file >> Invoke-SshCommand -ComputerName $i -Command "sudo >> /var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose >> # Restart the agent >> Invoke-SshCommand -ComputerName $i -Command "sudo >> /var/ossec/bin/ossec-control start" -Verbose >> # display the status of the agent post restart in the Powershell >> console. >> Invoke-SshCommand -ComputerName $i -Command "sudo >> /var/ossec/bin/ossec-control status" -Verbose >> # Close and clean up the session >> Remove-SshSession $I -Verbose >> # As this is a Foreach Loop, it will parse each line of your .csv file >> and perform this work on every server until the list is ehausted. >> } >> >> >> >> >> >> So, we can take this offline or keep it here, but I would need to get the >> details (requirements) for each process that you are trying to automate. I >> am not following what you are trying to do with the Client.Keys on the >> agent, but I believe that there is a programatic solution. >> >> >> >> Jared >> >> >> On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote: >> >> Jared, >> >> Thanks for the info. I can get Landesk to run powershell so what scripting >> would I need. >> >> On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote: >> >> Chris, >> >> Agent / Client = 1 client.keys file with a single entry in it. >> C:\Program Files (x86)\ossec-agent\client.keys = 1 entry >> >> Server / Manager = 1 client.keys files with an entry for every agent that is >> registered. >> /var/ossec/etc/client.keys >> >> If you are tying to copy the client.keys file from the server to every >> agent, it will not work (only reads the first line). >> >> If you need some scripting automation for installing/configuring OSSEC on >> Windows and Linux, and can run powershell from your Windows Landesk >> instance, I can help. Just need to come up with what "success" would look >> like from requirements perspective and the scripting part is easy. >> >> Jared >> >> >> >> >> >> On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver <jmp...@cornell.edu> >> wrote: >> >> Yes, each client has a unique client.keys. >> >> >> >> -- >> >> James Pulver >> >> CLASSE Computer Group >> >> Cornell University >> >> >> >> From: ossec...@googlegroups.com [mailto:ossec...@googlegroups.com] On Behalf >> Of Chris Lauritzen >> Sent: Thursday, September 19, 2013 9:46 AM >> >> >> To: ossec...@googlegroups.com >> Subject: Re: [ossec-list] Client.keys >> >> >> >> James let get this straight, if I have 3500 pc's to push this out to I need >> 3500 client.keys files? >> >> >> >> On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks wrote: >> >> On 09/18/2013 04:08 PM, Chris Lauritzen wrote: >>> Yes the Key have been made. There is a new twist to this now. The >>> install is reading the client.keys but is only reading in the first key >>> listed. Every install is pulling only the first key. If I manually add >>> the key it works fine. When creating the key I see that the name is >>> optional but is it possible that it's looking for the device name and >>> when not finding it defaulting to the first entry? >> >> There should only be one key in the agent's client.keys file--the key >> for that agent. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> -- >> Thank you, >> >> Jared R. Greene >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
