[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] RE : RE : RE : RE : Installing a pre-compiled agent on another machine

Subject: [Ossec-list] RE : RE : RE : RE : Installing a pre-compiled agent on another machine
From: daniel.cid at gmail.com (Daniel Cid)
Date: Fri, 24 Mar 2006 21:09:23 -0400

Hi,

I just made a change to make sure the "disabled" element works for the active
response. For now, if you just remove any "active-response" entry it is not
going to be executed.

*If you really want to make sure that nothing gets executed, just remove the
call for ossec-execd on the init script (or kill it later).

Btw, just adding to the previous discussion.There is another way to
install an agent without the compiler (I have done it before):

1- Compile the ossec in a box that has a compiler.
   # tar -zxvf ossec-hids-xx.tar.gz
   # cd ossec-hids-xx
   # ./install.sh
2- There will be all the binaries inside ./bin/
3- Edit the file ./install.sh and remove these two commands:
    -make all and make build (just add a # before them).
4- Compress your changes and move it anywhere you want to install the ossec
   # cd ../
   # tar -cvzf ossec-hids-xx-modifed.tar.gz ossec-hids-xx


*We should probably thing in a way to make it easier :)


Daniel

On 3/24/06, Fred <fcr-mailings at nerim.net> wrote:
> Coooool, agents are working now ! Ahmet, I had not forgotten authentication
> keys on agents, but I was prefering to test running agents before going
> further. I did not think that agents would not start without auth keys !
>
> So, thanks !
>
> But now, I have another problem, with server. I don't want active responses
> (too dangerous on production servers), and "install.sh" puts following in
> config file:
>
>         <active-response>
>                 <disabled>yes</disabled>
>         </active-response>
>
> But when I start:
>
> 2006/03/24 16:13:03 ossec-analysisd(1229): Invalid element 'disabled' on the
> 'active-response' config.
> 2006/03/24 16:13:03 ossec-analysisd(1202): Configuration problem. Exiting.
>
> As server is a prod machine, I don't want to do tests... What is exact
> syntax ?
>
> ==> Note to Daniel B. Cid: don't forget to correct this (very) little bug in
> next release !
>
> As usual, thanks very much for your help.
>
> Fred
>

Follow-Ups:
- [Ossec-list] RE : RE : RE : RE : RE : Installing a pre-compiledagent on another machine
  - From: Fred

References:
- [Ossec-list] RE : RE : RE : Installing a pre-compiled agent on another machine
  - From: ahmet ozturk
- [Ossec-list] RE : RE : RE : RE : Installing a pre-compiled agent on another machine
  - From: Fred

Prev by Date: [Ossec-list] RE : RE : RE : RE : Installing a pre-compiled agent on another machine
Next by Date: [Ossec-list] Version 0.7 of the OSSEC HIDS is now available
Previous by thread: [Ossec-list] RE : RE : RE : RE : Installing a pre-compiled agent on another machine
Next by thread: [Ossec-list] RE : RE : RE : RE : RE : Installing a pre-compiledagent on another machine
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.