Hello, sorry, when I disturbing the discussion. We have the same problem with windows agents. Under *NIX os we could register the agent automaticly during installation using: /var/ossec/bin/agent-auth -m $ossecserver -A $::fqdn -D /var/ossec/ and on the server site the ossec-authd.
Is there still no command for windows os? Is this in planning? Thanks Jared for the howto, it's should be better as our situation under windows now :) Mit freundlichen Grüßen / Best regards Björn Von: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] Im Auftrag von Jared Gesendet: Montag, 23. September 2013 21:42 An: ossec-list@googlegroups.com Betreff: Re: [ossec-list] Client.keys Okay, off line then via email. Jared On Friday, September 20, 2013 9:48:10 AM UTC-4, Chris Lauritzen wrote: Jared, What I am trying to do it automate the install. We use LANDesk to push out apps to over 3500 PC/servers in our company. LANDesk can use batch, msi, exe, vbs and Powershell scripts to install. I have the install working, it pushes to the PC's and installs the agent. Where it was failing initially was importing the Key file. I have resolved that issue and during the install the key is being read. What I come to find out is OSSEC requires one key file per PC with only one key entry. I under the security reasons for this. So what I am looking to do is to find a way to not create 3500 Client.keys files. I have a script that works but it does not play well because we are running DHCP. I am not the admin for the OSSEC server, I am the LANDesk admin so I am dealing with the desktop/server level. Looking over your powershell script I see where it could work. If you would like you can email me directly.. Thanks Chris On Friday, September 20, 2013 6:54:49 AM UTC-5, Jared wrote: I am not surer that everyone wants to see the gory details, but with Powershell you can accomplish anythign that you would do normally via the cmd line or interactively, on linux (ssh) and Windows (WMI). Here is an example that will migrate servers from a test OSSEC server to a Productin OSSEC server and then register them with the new server (I have another script that fixes the "any' in the client.keys): # You must download the module and install it per the directions (google) Import-Module SSH-Sessions # Implies that you have a .csv file with all of your servers in it with the following headers (Product,address,Hostname,Key,User) # Implies that you have an account on your linux servers with TTY ability (google sudoers & TTY) # Load data from .csv into a variable called $servers $Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv # loop throuhg each of the lines in the .CSV file and do "Some work" ForEach ($S in $Servers) { # Get IP address from line in file $I = $S.Address; Write-host $I #Get Hostname from line in file $H = $S.Hostname; Write-host $H #Same ... $K = $S.key; Write-host $K #Same ... $U = $S.user; Write-host $U # Connect to each computer and provide username and Private key New-SshSession -ComputerName $I -Username $U -KeyFile $k #Stop the agent Invoke-SshCommand -ComputerName $i -Command "sudo /var/ossec/bin/ossec-control stop" -Verbose # Replace the Test Server IP with with the Production server IP Invoke-SshCommand -ComputerName $i -Command "sudo sed -i 's/1.1.1.1/2.2.2.2/g<http://1.1.1.1/2.2.2.2/g>' /var/ossec/etc/ossec.conf" -Verbose #Register the server with agent with the Production OSSEC manager server with the host name from the .csv file Invoke-SshCommand -ComputerName $i -Command "sudo /var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose # Restart the agent Invoke-SshCommand -ComputerName $i -Command "sudo /var/ossec/bin/ossec-control start" -Verbose # display the status of the agent post restart in the Powershell console. Invoke-SshCommand -ComputerName $i -Command "sudo /var/ossec/bin/ossec-control status" -Verbose # Close and clean up the session Remove-SshSession $I -Verbose # As this is a Foreach Loop, it will parse each line of your .csv file and perform this work on every server until the list is ehausted. } So, we can take this offline or keep it here, but I would need to get the details (requirements) for each process that you are trying to automate. I am not following what you are trying to do with the Client.Keys on the agent, but I believe that there is a programatic solution. Jared On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote: Jared, Thanks for the info. I can get Landesk to run powershell so what scripting would I need. On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote: Chris, Agent / Client = 1 client.keys file with a single entry in it. C:\Program Files (x86)\ossec-agent\client.keys = 1 entry Server / Manager = 1 client.keys files with an entry for every agent that is registered. /var/ossec/etc/client.keys If you are tying to copy the client.keys file from the server to every agent, it will not work (only reads the first line). If you need some scripting automation for installing/configuring OSSEC on Windows and Linux, and can run powershell from your Windows Landesk instance, I can help. Just need to come up with what "success" would look like from requirements perspective and the scripting part is easy. Jared On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver <jmp...@cornell.edu<mailto:jmp...@cornell.edu>> wrote: Yes, each client has a unique client.keys. -- James Pulver CLASSE Computer Group Cornell University From: ossec...@googlegroups.com<mailto:ossec...@googlegroups.com> [mailto:ossec...@googlegroups.com] On Behalf Of Chris Lauritzen Sent: Thursday, September 19, 2013 9:46 AM To: ossec...@googlegroups.com<mailto:ossec...@googlegroups.com> Subject: Re: [ossec-list] Client.keys James let get this straight, if I have 3500 pc's to push this out to I need 3500 client.keys files? On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks wrote: On 09/18/2013 04:08 PM, Chris Lauritzen wrote: > Yes the Key have been made. There is a new twist to this now. The > install is reading the client.keys but is only reading in the first key > listed. Every install is pulling only the first key. If I manually add > the key it works fine. When creating the key I see that the name is > optional but is it possible that it's looking for the device name and > when not finding it defaulting to the first entry? There should only be one key in the agent's client.keys file--the key for that agent. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com<mailto:ossec-list+...@googlegroups.com>. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com<mailto:ossec-list+...@googlegroups.com>. For more options, visit https://groups.google.com/groups/opt_out. -- Thank you, Jared R. Greene -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com<mailto:ossec-list+unsubscr...@googlegroups.com>. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.