On Tue, Dec 22, 2015 at 11:48 AM, Chris <cbrown...@3dsi.com> wrote: > Thanks for letting me know. I'll keep an eye on the project to see if future > releases add support for the agent-auth application for Windows. > > The use case is a hybrid environment hosted by Amazon Web Services (AWS) > where auto-scaling groups cause instances (servers) to come and go. > Automation technology, such as AWS CloudFormation, allow fully automated > configuration of the entire server without any manual interaction. The Linux > version of agent-auth allows this to work well for Linux agents. Not having > the Windows version prevents OSSEC from being viable in a large-scale cloud > environment where automation is required. Use of third-party tools such as > Chef, Puppet, Ansible, etc. can overcome this limitation, but add additional > considerations. >
That's a space I'm kinda sorta playing with (although less windows). If you get the chance to test the windows agent-auth stuff (even in non-prod stuff), let me know how it works out. > Thanks, > Chris > > > On Tuesday, December 22, 2015 at 7:04:55 AM UTC-6, dan (ddpbsd) wrote: >> >> On Mon, Dec 21, 2015 at 4:34 PM, Chris <cbro...@3dsi.com> wrote: >> > I have successfully configured an OSSEC server running on Ubuntu in AWS. >> > >> > >> > I have also successfully automated Ubuntu AWS instances automatically >> > installing the OSSEC agent and connecting to the OSSEC server via this >> > command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515 >> > >> > >> > I am working on automating the installation of the OSSEC agent for >> > Windows >> > instances including automating the Windows instances connecting to the >> > OSSEC >> > server. I understand that the OSSEC agent for Windows can be downloaded >> > from >> > the OSSEC site's "Downloads" page and that it can be silently installed >> > using this command line: ossec-agent-win32-2.8.3.exe /S >> > >> > >> > Despite much research, I cannot find out how to get a version of the >> > OSSEC >> > agent-auth executable that will run on Windows to allow me to automate >> > the >> > Windows instances connecting to the OSSEC server. >> > >> > >> > The closest thing I can find to any mention of the agent-auth >> > application >> > being available for Windows is from this blog: >> > https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 ... >> > where a comment states ... >> > >> > The Windows version of agent-auth was compiled on Linux (Fedora 20) and >> > tested on Windows 7 Home Premium 64-bit. >> > >> > None of the tutorials that talk about compiling the OSSEC agent for >> > Windows >> > on Linux address how to compile the agent-auth application for Windows. >> > >> > >> > How/where does one get a version of the OSSEC agent-auth application >> > that >> > will run on Windows? >> > >> >> I have a currently untested branch for this at >> https://github.com/ddpbsd/ossec-hids/tree/winauthd >> >> It's using the current development master as its base. I haven't had >> the time or motivation to actually test it yet. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.