Agentless mode in AIX
76 views
Skip to first unread message
Adiel Jesus Navarro Rosado
Jan 20, 2021, 2:30:37 PM1/20/21
to wa...@googlegroups.com
Can i use agentless mode in AIX system?
Este mensaje (incluidos sus anexos) es exclusivamente para el uso de la persona o entidad a quien esta dirigido; contiene informacion estrictamente confidencial y legalmente protegida, cuya divulgacion es sancionada por la ley. Si el lector de este mensaje no es a quien esta dirigido, ni se trata del empleado o agente responsable de esta informacion, se le notifica por medio del presente, que su reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio este comunicado por error, favor de notificarlo inmediatamente al remitente y destruir el mensaje. Es responsabilidad del destinatario asegurarse que este correo electrónico y sus anexos no contengan virus. Todas las opiniones contenidas en este mail son propias del autor del mensaje y no necesariamente coinciden con las de [Radiomóvil Dipsa S.A. de C.V.] o alguna de sus empresas controladas, controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no contiene acentos.
This message (including attachments) is for the sole use of the person or entity to whom it is being sent. Therefore, it contains strictly confidential and legally protected material whose disclosure is subject to penalty by law. If the person reading this message is not the one to whom it is being sent and/or is not an employee or the responsible agent for this information, this person is herein notified that any unauthorized dissemination, distribution or copying of the materials included in this facsimile is strictly prohibited. If you received this document by mistake please notify immediately to the subscriber and destroy the message. It is the recipient’s responsibility to ensure that this message (including attachments) is virus free. Any opinions contained in this e-mail are those of the author of the message and do not necessarily coincide with those of [Radiomóvil Dipsa S.A. de C.V.] or any of its control, controlled, affiliates and subsidiaries companies. No part of this message or attachments may be used or reproduced in any manner whatsoever.
Matias Pereyra
Jan 21, 2021, 8:04:58 AM1/21/21
to Wazuh mailing list
Hello Adiel!
Wazuh is compatible with AIX systems. The agent is capable of many things, for example: Log data analysis, File integrity monitoring, System inventory and more.
Regards.
Wazuh is compatible with AIX systems. The agent is capable of many things, for example: Log data analysis, File integrity monitoring, System inventory and more.
On the other hand, the Agentless monitoring allows to monitor devices via SSH, such as routers, firewalls y switches.
It allows different modes, like Integrity check or Generic Diff for example, but it isn't as flexible as an agent.
So if you need something in particular, you can describe your problem and we'll help you to solve it!
I'll be waiting your comments.Regards.
Adiel Jesus Navarro Rosado
Jan 21, 2021, 10:22:21 AM1/21/21
to Matias Pereyra, Wazuh mailing list
Tks for the info, Matias., but I wanna know if its posible to use agentless mode in AIX.
The scripts for linux/bds systems could work with AIX system?
Regards.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
wazuh+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/wazuh/8e79c55f-b319-4539-be98-5280809d542en%40googlegroups.com.
Matias Pereyra
Jan 21, 2021, 3:59:52 PM1/21/21
to Wazuh mailing list
Hello again!
Well, in that case, it is possible. I have tested it in a Debian host, but the steps are the same.
I'll be following the instructions in Agentless monitoring.
For example, we can monitor the output of some commands and check if there is a difference with a Generic Diff:
- First, add the host your going to monitor with this command. Check if the SSH connection works from the manager to client to discard any network issue
/var/ossec/agentless/register_host.sh add wazuh@example_address.com example_password
- Then, create a new section in your ossec.conf file with the desired commands and restart the Manager
<agentless>
<type>ssh_generic_diff</type>
<frequency>20000</frequency>
<host>wazuh@example_address.com</host>
<state>periodic_diff</state>
<arguments>ls -la /etc; cat /etc/passwd</arguments>
</agentless>
<type>ssh_generic_diff</type>
<frequency>20000</frequency>
<host>wazuh@example_address.com</host>
<state>periodic_diff</state>
<arguments>ls -la /etc; cat /etc/passwd</arguments>
</agentless>
- You should see some entries in your ossec.log file that confirm everything is working
...
2021/01/21 20:15:52 ossec-agentlessd: INFO: Test passed for 'ssh_generic_diff'.
2021/01/21 20:16:53 ossec-agentlessd: INFO: ssh_generic_diff: wa...@192.168.0.88: Started.
2021/01/21 20:16:53 ossec-agentlessd: INFO: ssh_generic_diff: wa...@192.168.0.88: Starting.
2021/01/21 20:16:53 ossec-agentlessd: INFO: ssh_generic_diff: wa...@192.168.0.88: Finished.
2021/01/21 20:16:53 ossec-agentlessd: INFO: ssh_generic_diff: wa...@192.168.0.88: Starting.
2021/01/21 20:16:53 ossec-agentlessd: INFO: ssh_generic_diff: wa...@192.168.0.88: Finished.
...
- If something changes in these folders, you'll see an alert like this one (extracted from alerts.log)
2021 Jan 21 20:17:54 (ssh_generic_diff) wa...@192.168.0.88->agentless
Rule: 555 (level 7) -> 'Integrity checksum for agentless device changed.'
ossec: agentless: Change detected:
Rule: 555 (level 7) -> 'Integrity checksum for agentless device changed.'
ossec: agentless: Change detected:
If you have any problem with this configuration, don't hesitate contacting us again.
Regards.
Reply all
Reply to author
Forward
0 new messages