Hello,
sorry, when I disturbing the discussion. We have the same problem with windows
agents.
Under *NIX os we could register the agent automaticly during installation
using: /var/ossec/bin/agent-auth -m $ossecserver -A $::fqdn -D /var/ossec/ and
on the server site the ossec-authd.
Is there still no command for windows os? Is this in planning?
Thanks Jared for the howto, it's should be better as our situation under
windows now :)
Mit freundlichen Grüßen / Best regards
Björn
Von: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] Im
Auftrag von Jared
Gesendet: Montag, 23. September 2013 21:42
An: ossec-list@googlegroups.com
Betreff: Re: [ossec-list] Client.keys
Okay, off line then via email.
Jared
On Friday, September 20, 2013 9:48:10 AM UTC-4, Chris Lauritzen wrote:
Jared,
What I am trying to do it automate the install. We use LANDesk to push out apps
to over 3500 PC/servers in our company. LANDesk can use batch, msi, exe, vbs
and Powershell scripts to install. I have the install working, it pushes to
the PC's and installs the agent. Where it was failing initially was importing
the Key file. I have resolved that issue and during the install the key is
being read. What I come to find out is OSSEC requires one key file per PC with
only one key entry. I under the security reasons for this. So what I am looking
to do is to find a way to not create 3500 Client.keys files. I have a script
that works but it does not play well because we are running DHCP. I am not the
admin for the OSSEC server, I am the LANDesk admin so I am dealing with the
desktop/server level. Looking over your powershell script I see where it could
work. If you would like you can email me directly..
Thanks
Chris
On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote:
I am not surer that everyone wants to see the gory details, but with Powershell
you can accomplish anythign that you would do normally via the cmd line or
interactively, on linux (ssh) and Windows (WMI).
Here is an example that will migrate servers from a test OSSEC server to a
Productin OSSEC server and then register them with the new server (I have
another script that fixes the any' in the client.keys):
# You must download the module and install it per the directions (google)
Import-Module SSH-Sessions
# Implies that you have a .csv file with all of your servers in it with the
following headers (Product,address,Hostname,Key,User)
# Implies that you have an account on your linux servers with TTY ability
(google sudoers TTY)
# Load data from .csv into a variable called $servers
$Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv
# loop throuhg each of the lines in the .CSV file and do Some work
ForEach ($S in $Servers)
{
# Get IP address from line in file
$I = $S.Address; Write-host $I
#Get Hostname from line in file
$H = $S.Hostname; Write-host $H
#Same ...
$K = $S.key; Write-host $K
#Same ...
$U = $S.user; Write-host $U
# Connect to each computer and provide username and Private key
New-SshSession -ComputerName $I -Username $U -KeyFile $k
#Stop the agent
Invoke-SshCommand -ComputerName $i -Command sudo
/var/ossec/bin/ossec-control stop -Verbose
# Replace the Test Server IP with with the Production server IP
Invoke-SshCommand -ComputerName $i -Command sudo sed -i
's/1.1.1.1/2.2.2.2/ghttp://1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf
-Verbose
#Register the server with agent with the Production OSSEC manager server
with the host name from the .csv file
Invoke-SshCommand -ComputerName $i -Command sudo /var/ossec/bin/agent-auth
-m 2.2.2.2-p 1515 -A $H -Verbose
# Restart the agent
Invoke-SshCommand -ComputerName $i -Command sudo
/var/ossec/bin/ossec-control start -Verbose
# display the status of the agent post restart in the Powershell console.
Invoke-SshCommand -ComputerName $i -Command sudo
/var/ossec/bin/ossec-control status -Verbose
# Close and clean up the session
Remove-SshSession $I -Verbose
# As this is a Foreach Loop, it will parse each line of your .csv file and
perform this work on every server until the list is ehausted.
}
So, we can take this offline or keep it here, but I would need to get the
details (requirements) for each process that you are trying to automate. I am
not following what you are trying to do with the Client.Keys on the agent, but
I believe that there is a programatic solution.
Jared
On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote:
Jared,
Thanks for the info. I can get Landesk to run powershell so what scripting
would I need.
On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote:
Chris,
Agent / Client = 1 client.keys file with a single entry in it.
C:\Program Files (x86)\ossec-agent\client.keys = 1 entry
Server / Manager = 1 client.keys files with an entry for every agent that is
registered.
/var/ossec/etc/client.keys
If you are tying to copy