How to automate configuration of OSSEC Agent on Windows?

2,289 views
Skip to first unread message

Igor Gatis

unread,
Jan 26, 2017, 7:11:02 PM1/26/17
to ossec-list
I need to make OSSEC install fully automatic. Installation can be easily done with /S flag to make it silent (https://chocolatey.org/packages/ossec-agent)

My question now is: how do I set server IP and agent key using command line?


Jose Luis Ruiz

unread,
Jan 30, 2017, 5:05:43 PM1/30/17
to Igor Gatis, ossec...@googlegroups.com

Hi Igor,


It's not possible in a windows package to set the Server IP and Key with command line.


Which version is your Ossec Manager?


If by chance you are using wazuh, you can follow this article:


https://blog.wazuh.com/automatically-deploying-ossec-to-windows-using-wazuh-api/


i hope it helps.


Regards
-----------------------
Jose Luis Ruiz
Wazuh Inc.
jo...@wazuh.com

On January 27, 2017 at 1:11:04 AM, Igor Gatis (ig...@esfera5.com.br) wrote:

I need to make OSSEC install fully automatic. Installation can be easily done with /S flag to make it silent (https://chocolatey.org/packages/ossec-agent)

My question now is: how do I set server IP and agent key using command line?


--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Igor Gatis

unread,
Jan 31, 2017, 8:17:31 AM1/31/17
to ossec-list, ig...@esfera5.com.br
I'm using 2.8.3.

I managed to add agent key using the command below:

echo y | "D:\Program Files (x86)\ossec-agent\manage_agents.exe" -i  <long-key-blob>

As for server IP, I used the following PowerShell snippet (it would be nice if manage_agents.exe handled that as well):

$ossec_config_file = "${env:ProgramFiles(x86)}\ossec-agent\ossec.conf"
[xml]$xml = "<fake>$(Get-Content $ossec_config_file)</fake>"
foreach ($ossec_config in $xml.fake.SelectNodes('//ossec_config')) {
$clients = $ossec_config.SelectNodes('client')
if ($clients.Count -eq 0) {
$client = $ossec_config.AppendChild($xml.CreateElement('client'))
$clients = $ossec_config.SelectNodes('client')
}
foreach ($client in $clients) {
$server_ips = $client.SelectNodes('server-ip')
if ($server_ips.Count -eq 0) {
$server_ip = $client.AppendChild($xml.CreateElement('server-ip'))
$server_ips = $client.SelectNodes('server-ip')
}
foreach ($server_ip in $server_ips) {
$server_ip.set_InnerText($ip)
}
}
$xml2 = New-Object System.Xml.XmlDocument
$node = $xml2.AppendChild($xml2.ImportNode($ossec_config, $true))
$xml2.Save($ossec_config_file)
break
}
Reply all
Reply to author
Forward
0 new messages