You will indeed need the bash script as it has to run on the Linux side with my AutoIT script for it to work.
This should help out. I don’t mass generate keys though. This generates them on demand. Read the comments in the autoit script for details. -- James Pulver CLASSE Computer Group Cornell University From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Chris Hughes Sent: Tuesday, March 25, 2014 9:37 AM To: ossec-list@googlegroups.com Subject: RE: [ossec-list] Auto-register windows clients I looked and found a post where you posted Auto-IT as an attachment but the attachment no longer was there. The environment is almost exclusively Windows so I wont need the bash script. Can you post Auto-IT? My scripting is pretty crusty but I can usually figure them out. Chris Hughes (m) (240)460-7283 From: ossec-list@googlegroups.com<mailto:ossec-list@googlegroups.com> [mailto:ossec-list@googlegroups.com] On Behalf Of James M. Pulver Sent: Tuesday, March 25, 2014 8:05 AM To: ossec-list@googlegroups.com<mailto:ossec-list@googlegroups.com> Subject: RE: [ossec-list] Auto-register windows clients I think if you search the list you should find some options. I know I posted generic versions of the two scripts I use to do this (one is AutoIT on Windows, the other is on Linux in bash if I recall correctly and it needs a sudo permission)… -- James Pulver CLASSE Computer Group Cornell University From: ossec-list@googlegroups.com<mailto:ossec-list@googlegroups.com> [mailto:ossec-list@googlegroups.com] On Behalf Of C Hughes Sent: Monday, March 24, 2014 8:33 PM To: ossec-list@googlegroups.com<mailto:ossec-list@googlegroups.com> Subject: [ossec-list] Auto-register windows clients I've been searching for days and can't find how to do this. I tried running "/var/ossec/bin/ossec-authd -p 1515 >/dev/null 2>&1 &" and installing the win32 client on XP systems but that doesn't work. Other solutions for mass deployment I've found are above my Linux pay grade. I have the server working on Ubuntu Server and can manually register clients so I'm confident my install is ok. Anyone out there able to lend a hand? Thanks... -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com<mailto:ossec-list+unsubscr...@googlegroups.com>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com<mailto:ossec-list+unsubscr...@googlegroups.com>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com<mailto:ossec-list+unsubscr...@googlegroups.com>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
#!/bin/bash addr=`host $1 | awk ' /address/ {print $4} '` search=$addr\$ val=`perl ossec-batch-manager.pl -l | awk -v pat="$search" '$3 ~ pat { print $1 }'` #addr=`host $1 | awk ' /address/ {print $4} '` if [ $val -ge 0 ]; then perl ossec-batch-manager.pl -r $val perl ossec-batch-manager.pl -a -n $1 -p $addr -i $val else perl ossec-batch-manager.pl -a -n $1 -p $addr val=`perl ossec-batch-manager.pl -l | awk -v pat="$search" '$2 ~ pat { print $1 }'` fi #key=`perl ossec-batch-manager.pl -e $val` #line=`awk -v pat="$search" '$3 ~ pat { print $1,$2,$3 }' /var/ossec/etc/client.keys` #echo $line $key awk -v pat="$search" '$3 ~ pat { print $0 }' /var/ossec/etc/client.keys
ConfigureOSSECpublic.au3
Description: ConfigureOSSECpublic.au3