Hi, I have situation where any time I reimport OSSEC 3.1 configuration to a client on Red Hat, it creates automatically a file in */opt/ossec/etc/shared/agent.conf* which I have to delete every time. Because I am going to get a message:
Starting OSSEC HIDS v3.1.0 (by Trend Micro Inc.)... Started ossec-execd... 2019/01/29 11:24:23 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800 Started ossec-agentd... 2019/01/29 11:24:23 ossec-logcollector: Remote commands are not accepted from the manager. Ignoring it on the agent.conf 2019/01/29 11:24:23 ossec-logcollector(1202): ERROR: Configuration error at '/opt/ossec/etc/shared/agent.conf'. Exiting. Started ossec-logcollector... 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory given: '/etc'. 2019/01/29 11:24:23 ossec-syscheckd(1756): ERROR: Duplicated directory given: '/bin'. Started ossec-syscheckd... Completed. If I understand correctly, this file is allows to override global configuration. 1. However why OSSEC client need these two files, I always put the same config in both of them * /var/ossec/etc/ossec-agent.conf * * /var/ossec/etc/ossec.con*f 2. There is any way to configure ossec configuration on MASTER, and it will be pulled automatically by clients or I have to reconfigure every client separably for every system: Windows, Red Hat and Ubuntu. Thx in advance -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
