https:\/\/bitbucket.org\/dcid\/ossec-hids<\/a> (click on get source)).<\/p>\n\n\n\nOnce you have the new version running, you need to create the certificate \/ private key for SSL (note that OSSEC will look at \/var\/ossec\/etc\/sslmanager.cert and \/var\/ossec\/etc\/sslmanager.key for them).<\/p>\n\n\n\n
# openssl genrsa -out \/var\/ossec\/etc\/sslmanager.key 2048\n# openssl req -new -x509 -key \/var\/ossec\/etc\/sslmanager.key -out \/var\/ossec\/etc\/sslmanager.cert -days 365<\/code><\/pre>\n\n\n\n*note that you only need to run this command on the manager (not on the agents)<\/em><\/p>\n\n\n\nOnce the keys are created, you can start the ossec-authd:<\/p>\n\n\n\n
# \/var\/ossec\/bin\/ossec-authd -p 1515 >\/dev\/null 2>&1 &<\/code><\/pre>\n\n\n\nSetting up the agents<\/h3>\n\n\n\n
On the agents, the work is minimal. All you have to do is to run the following command:<\/p>\n\n\n\n
# \/var\/ossec\/bin\/agent-auth -m 192.168.1.1 -p 1515\n\nINFO: Connected to 192.168.1.1:1515\nINFO: Using agent name as: melancia\nINFO: Send request to manager. Waiting for reply.\nINFO: Received response with agent key\nINFO: Valid key created. Finished.\nINFO: Connection closed.<\/code><\/pre>\n\n\n\nWhere 192.168.1.1 is your manager IP address. Inside the manager, you will also see the logs:<\/p>\n\n\n\n
2011\/01\/19 15:04:40 ossec-authd: INFO: New connection from 192.168.10.5\n2011\/01\/19 15:04:41 ossec-authd: INFO: Received request for a new agent (melancia) from: 192.168.10.5\n2011\/01\/19 15:04:41 ossec-authd: INFO: Agent key generated for melancia (requested by 192.168.10.5)\n2011\/01\/19 15:04:41 ossec-authd: INFO: Agent key created for melancia (requested by 192.168.10.5)<\/code><\/pre>\n\n\n\nThat\u2019s it. The keys are now exchanged and you can start your agent. Note that I don\u2019t recommend to keep the ossec-authd running during \u201cnormal\u201d operations, only when you are setting up your agents.<\/p>\n\n\n\n
The code is still in alpha\/beta mode, so let us know if you find any issues (I have been using for a little while, so should be stable).<\/p>\n","protected":false},"excerpt":{"rendered":"
The complain I hear more often about OSSEC is related to how hard it is to setup the authentication keys between the agents and the manager. Each agent share a key-pair with the manager, so if you have a thousand agents, you need a thousand keys. To make life easier, we added a new daemon […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/36"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":37,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/36\/revisions\/37"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}