auto register hosts with server?

330 views
Skip to first unread message

Jason Stelzer

unread,
Aug 25, 2016, 10:12:14 AM8/25/16
to wa...@googlegroups.com
I have a wazuh server up.

I'm running ossec-authd on an open tcp port. It is being started via an upstart job. The required ssl certs/etc are generated and in place. The important bits look like this:

exec start-stop-daemon --start --chuid root --exec  /var/ossec/bin/ossec-authd -- -P -D /var/ossec 2>&1 > /var/log/upstart/ossec-authd.log

Server starts up and listens just fine.

Here's where things kind of go sideways. I'm trying to register an agent on an ubuntu box.

echo -e "deb http://ossec.wazuh.com/repos/apt/ubuntu trusty main" >> /etc/apt/sources.list.d/ossec.list

apt-get update

apt-get install ossec-hids-agent

However, when I try to get the agent to authenticate with the shared secret in  /var/ossec/bin/ossec-authd I don't see a workable option to pass along the shared password.
 /var/ossec/bin/agent-auth --help
OSSEC HIDS ossec-authd: Connects to the manager to extract the agent key.
Available options:
-h                  This help message.
-m <manager ip>     Manager IP Address.
-p <port>           Manager port (default 1515).
-A <agent name>     Agent name (default is the hostname).
-D <OSSEC Dir>      Location where OSSEC is installed.

http://ossec-docs.readthedocs.io/en/latest/programs/agent-auth.html#optional-server-authentication leads me to believe the shared secret thing isn't quite usable yet.

So, what's everyone else doing? Unfortunately I'm not in a %100 secure vpc env. I'm going to need to be able to add agents from ec2 classic. Which complicates both the security side of this as well as rules out disabling authentication.



--
J.

Jason Stelzer

unread,
Aug 25, 2016, 11:15:53 AM8/25/16
to wa...@googlegroups.com
To follow up with my own question, I need to use the wazuh fork on clients as well as the server to get the new features like shared secrets, for auto generating client creds etc.

I'm refactoring my playbooks to install a custom built version of the fork with the features I need.
--
J.

Jesus Linares

unread,
Aug 25, 2016, 11:59:42 AM8/25/16
to Wazuh mailing list
Hi Jason,

the installers placed in ossec.wazuh.com are just for OSSEC version. Unfortunately, OSSEC v2.8.3 doesn't support agent-authd with password or certificates.

In order to use authd with password (option -P) you can install Wazuh server/agents from sources. Check out this guide.

Right now we are working in the installers of Wazuh, so you will can install Wazuh (server and agents) using apt-get.

I hope it helps.
Regards.
Reply all
Reply to author
Forward
0 new messages