puppet class ossec::client not register new client to ossec server.
93 views
Skip to first unread message
Nguyễn Đức Thịnh
Feb 25, 2017, 12:33:18 PM2/25/17
to Wazuh mailing list
Hi all,
I got a problem when deploy ossec client through puppet. It seem like my client not send any request to ossec-authd port 1515 by puppet. But everything ok when I execute that command from terminal.
This is screenshot during puppet agent -t apply on client.
As you can see, my client not send any packet to ossec server but still have client.keys content.
Any one got this problem before, or any idea to troubleshoot this issue.
Any one got this problem before, or any idea to troubleshoot this issue.
Thanks for reading this.
Santiago Bassett
Mar 1, 2017, 4:46:11 PM3/1/17
to Nguyễn Đức Thịnh, Wazuh mailing list
Hi Nguyen,
did you figure out what the problem was? It looks to me that the client.keys file already exists, and that is why Puppet is not running agent-auth to register the agent.
Best regards
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d8717809-eb18-4ad7-8057-7373ddbcfd1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jose Luis Ruiz
Mar 1, 2017, 5:10:34 PM3/1/17
to Santiago Bassett, Nguyễn Đức Thịnh, Wazuh mailing list
Hello all,
If you have the ossec-puppet installed properly (with exported resources) and $manage_agent_key = true (which is by default) the agent key is generated in the same agent:
So, if otherwise you like to use the traditional way agent-auth, you need to set $manage_agent_key = false.
i hope it helps.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAEb-Ba8sY4%2BQQu-Z31sDk4Lq_caCuuKBEgyQEMK9jNsV8L-6PA%40mail.gmail.com.
ante
Feb 15, 2018, 11:31:14 AM2/15/18
to Wazuh mailing list
Hi all,
is it possible add agent's manually (bin/manage_agents) and from puppet with $manage_agent_key = true? I have couple windows agent's that are not configured trough puppet and puppet run delete's them from client.keys.
Thank you!
ante
Jose Luis Ruiz
Feb 19, 2018, 12:54:50 PM2/19/18
to ante, Wazuh mailing list
Hi Ante
If you setup manage_agent_key = True puppet will use exported resources so, your client.keys in the manager will be overwritten by Puppet, if you want to setup agents manually; you need to change to false.
We have no option (yet) to use both in the same environment; if you choose Exported Resources all your agents need to be managed by this option; if you use Authd all your agents need to handled by this option.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/260e63e6-c561-4ffa-8b09-9cec16fc9b1a%40googlegroups.com.
ante
Feb 23, 2018, 10:43:11 AM2/23/18
to Wazuh mailing list
Hi Jose,
thank you for response.
I tweaked Wazuh module to add custom keys file to top of the client.keys: https://github.com/lutak-srce/wazuh/commit/0b583c5a8abc373060b183f7c9a60934839f4d4c
ante
Jose Luis Ruiz
Feb 23, 2018, 10:48:31 AM2/23/18
to ante, Wazuh mailing list
Hi Ante,
Is not bad idea, you want to concatenate the client.keys generated by Exported Resources with your own client.keys, like idea looks nice, but take care, we cannot repeat agent.id for example… can you send us a pull request to our repo with your changes?
We will love to look this proposal :))
Very smart!
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/9d6c0c4c-4398-4b57-b664-254ba9e8eb37%40googlegroups.com.
ante
Feb 26, 2018, 10:48:22 AM2/26/18
to Wazuh mailing list
Great, here it is: https://github.com/wazuh/wazuh-puppet/pull/60
What is save area for custom agent.id?
ante
Reply all
Reply to author
Forward
0 new messages