running ossec-authd in the background as a daemon

[Martinouh]

Hello,

I'd like to keep my manager listening to new agent willing to register, because my infrastructure will often change. 

But I've read that ossec-authd should not be running all the time for security.

So how am i supposed to do if I want to add new agent very often, do I have to always launch the ossec-authd on the manager ? 

Best regards.

[Pedro Sanchez]

Hi,

You could use password setting for ossec-authd and/or SSL certificates to validate/authorize incoming requests, using those capabilities could help you justify have the service running all time.

At the end every service listening in a server could by "risky" but it does not mean you MUST have ossec-authd disabled.

Once script that help me out in the past is:

#!/usr/bin/env bash
# Stop previous ossec-authd instances
# Boot ossec-authd
echo "Starting ossec-authd..."
. /etc/ossec-init.conf
echo "Killing previous instances..."
pkill ossec-authd
$DIRECTORY/bin/ossec-authd -f0 -i -P > /dev/null 2>&1 &
echo "ossec-authd started"
ps aux | grep ossec-authd | grep -v grep

 

Maybe you can switch on/off easily ossec-authd server like that.

Best,

Pedro.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Martinouh]

Thank you for your answer.

But to use the `-P` option, I've to use the wazuh fork.  I'm currently on ossec 2.8.3, and I can't seem to get the `-v` option working either ... But in the doc it's says that it was implemented after 2.8.1.

Or is there a way to get the 2.9.0 version via apt-get ?

 

[Jose Luis Ruiz]

Hi Martin

We are working in the 2.9.0 deb packages,  should be ready soon to install by apt-get.

We will post some news soon.

Regards

-----------------------

Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.