[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] RE : RE : Installing a pre-compiled agent on another machine
- Subject: [Ossec-list] RE : RE : Installing a pre-compiled agent on another machine
- From: oahmet at metu.edu.tr (ahmet ozturk)
- Date: Fri, 24 Mar 2006 14:40:34 +0200
Hi Fred,
Considering your previous e-mail, you should add "ossec" user
on agent systems. So please be sure about that.
In addition to that "ossec-agentd", "ossec-logcollector" and
"ossec-execd" should be running.
File permissions on one of my systems look like:
queen:/var/ossec # ls -al
total 72
dr-xr-x--- 9 root ossec 512 Feb 18 14:55 .
drwxr-xr-x 25 root system 512 Feb 18 14:55 ..
dr-xr-x--- 3 root ossec 512 Feb 18 14:55 active-response
dr-xr-x--- 2 root ossec 512 Feb 18 14:55 bin
dr-xr-x--- 2 root ossec 512 Feb 21 09:11 checksum_db
dr-xr-x--- 3 root ossec 512 Feb 18 14:57 etc
drwxr-x--- 2 ossec ossec 512 Feb 18 14:55 logs
dr-xr-x--- 4 root ossec 512 Feb 18 14:55 queue
dr-xr-x--- 3 root ossec 512 Feb 18 14:55 var
Can you send us ossec.conf and ossec.log files of the agent
and server?
Regards,
~ahmet.
On Fri, Mar 24, 2006 at 01:17:19PM +0100, Fred wrote:
> I exported following on new machine:
>
> /var/ossec
> /etc/rc.d/init.d/ossec
>
> .....and tried to run Ossec, but I have a problem:
>
> #./bin/ossec-control status
> ossec-execd is running...
> ossec-agentd not running...
> ossec-logcollector not running...
> ossec-syscheckd not running...
>
> In /var/ossec/logs, there are several messages like this:
>
> ossec-syscheckd(1210): Queue '/var/ossec/queue/ossec/queue' not
> accessible.
>
> If somebody could help me, please.
>
> Thanks
>
> Fred
>
>
> -----Original Message-----
> From: ossec-list-bounces at ossec.net [mailto:ossec-list-bounces at ossec.net] On
> Behalf Of Fred
> Sent: Friday, March 24, 2006 12:24 PM
> To: ossec-list at ossec.net
> Subject: [Ossec-list] RE : Installing a pre-compiled agent on another
> machine
>
>
> Thanks for the answer.
>
> Another question: should/must I create a user and a group "ossec" on servers
> ? If yes, how should I use them (to be secure):
>
> - give root user rights to /var/ossec (default)
> - give ossec group rights to /var/ossec (default)
> - other...?
>
> Thanks.
>
> Fred
>
> PS: I'll write a small "how to export pre-compiled agent"
>
>
> -----Original Message-----
> From: ahmet ozturk [mailto:oahmet at metu.edu.tr]
> Sent: Thursday, March 23, 2006 4:17 PM
> To: Fred
> Cc: ossec-list at ossec.net
> Subject: Re: [Ossec-list] Installing a pre-compiled agent on another machine
>
>
> Hi Fred,
>
> ossec client-installation installes the following binaries:
>
> - manage_agents
> - ossec-control
> - ossec-logcollector
> - ossec-agentd
> - ossec-execd
> - ossec-syscheckd
>
> I think easiest way to do what you want would be make a prototype
> installation on a client and copy the entire /var/ossec directory
> on to other client machines.
>
> then you should add the new client on server, extract its key and
> import it in the client.
> (please see: http://www.ossec.net/en/manual.html#manageagents)
>
> also don't forget to customize the /var/ossec/etc/ossec.conf file
> for localfiles, active responses, etc.
>
> Regards,
>
> ~ahmet.
>
>
>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3364 bytes
Desc: not available
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060324/afe4dd20/attachment.bin
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.