Deploy OSSEC agent using .deb/.rpm packages in conjunction with preloaded-vars.conf (no terminal prompt configuration).

[Mm Dd]

Hello all,

Is it possible to carry out an unattended deployment of the OSSEC agent using .deb/.rpm in conjunction with preloaded-vars.conf? How?

Thanks in advance.

[Alberto Rodriguez]

Hello 

  I think that is not possible out of the box. You can make a script that downloads the package, install ossec, make the changes in ossec.conf with sed or awk, and restart the agent. 
In this repository: https://github.com/wazuh/wazuh-packages a package building tool is provided. Maybe you can adapt the script in order to build ossec and make your own packages with your desired configuration, this cloud be a second option. 

Please, let me know if I can help you with this. 

Regards, 

Alberto R

[marcos]

I thought about going that root, Alberto, but then I realized I need to build the package in local mode. I can write a bit about it if the community is interested.

I just opted to build the OSSEC package from source using a bash script piped into my fleet via AWS systems manager (for AWS Linux and Ubuntu 18.04). It took me a while to debug it, but after some effort it deploys ossec flawesly, so far.

I can share the SSM template if you want to take a look.

Thanks all for the help, and best regards.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/f78a929e-8267-4a2a-a1b8-b14e6687b1a3n%40googlegroups.com.

[marcos]

root = route :)

To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/2fc8024c-da68-40c1-ac31-112092ce36db%40datarecoveryandforensics.com.

[Alberto Rodriguez]

Oh, great! I would like to see the SSM template, I think that it will be interesting for all. (at least for me)