Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
net/main/manual/manual-manage_agents-tool/
Home
About
Documentation
Downloads
Support
Our Team
The communication between the server and the agents is secure (encrypted and authenticated). Because
of that, for every “agent” that you want to install, you need to create an “authentication key” for it on the
server. When the key is generated on the server, you need export it from there an import (or push) to the
agent.
**It may sound complicated, but it isn’t. Simply follow the steps bellow.
1. First, you need to add the agent to the server. You just need to run the “manage_agents” command,
provide the IP Address of the agent and choose a name for it (or username).
(server)# /var/ossec/bin/manage_agents
****************************************
* OSSEC HIDS v0.8 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your actions: A,E,R or Q: a
2. After your agent is added, you need to extract the authentication key from your server. In the
“manage_agents”, just choose the “E” option and provide the ID of the agent. The key to be used by the
agent will be printed. Just copy and paste it in the agent side.
(server)# /var/ossec/bin/manage_agents
1 of 3 23/04/2009 11:52 AM
Manual: manage_agents tool http://www.ossec.net/main/manual/manual-manage_agents-tool/
****************************************
* OSSEC HIDS v0.8 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your actions: A,E,R or Q: e
Available agents:
ID: 001, Name: linux1, IP: 192.168.2.32
ID: 002, Name: obsd1, IP: 192.168.2.10
Provide the ID of the agent you want to extract the key: 001
3. After you key is generated, you need to copy it and paste it on the agent side. You need to run the same
“manage_agents” command in the agent (but it will have some different options).
(agent)# /var/ossec/bin/manage_agents
****************************************
* OSSEC HIDS v0.8 Agent manager. *
* The following options are available: *
****************************************
(I)mport key for the server (I).
(Q)uit.
Choose your actions: I or Q: i
Agent information:
ID:001
Name:linux1
IP Address:192.168.2.32
Added.
** Press ENTER to continue.
****************************************
* OSSEC HIDS v0.8 Agent manager. *
* The following options are available: *
****************************************
(I)mport key for the server (I).
(Q)uit.
Choose your actions: I or Q: q
manage_agents: Exiting ..
4. That’s it. If you have more than one agent, just repeat this process for each one. After that, you can just
start the OSSEC HIDS on the server and then on all agents (/var/ossec/bin/ossec-control start).
Recent Entries
>Rootcheck updated to v2.0Mar 6
2 of 3 23/04/2009 11:52 AM
Manual: manage_agents tool http://www.ossec.net/main/manual/manual-manage_agents-tool/
Shortcuts
>Getting Started
>First steps
>Manual | Wiki
>Commercial Support
News/Announcements
>Join OSSEC Linked-in Group
>Join Mailing List
3 of 3 23/04/2009 11:52 AM