{"id":259,"date":"2019-12-14T20:02:30","date_gmt":"2019-12-14T20:02:30","guid":{"rendered":"http:\/\/snehpatel.com\/?p=259"},"modified":"2019-12-14T20:02:30","modified_gmt":"2019-12-14T20:02:30","slug":"ossec-auto-key-sync-add-ossec-agent-with-ease","status":"publish","type":"post","link":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/","title":{"rendered":"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent"},"content":{"rendered":"\n

As I wrote in my previous post about getting ossec logs on ELK stack, I included part to install ossec server. As to install OSSEC agent there is an same procedure that we performed during OSSEC server. To be honest I am feeling lazy to write it all again to here is a link for previous post \u2013 Link<\/a>. <\/p>\n\n\n\n

But this post will be interesting as we will sync both agent and server automatically without manually inputting agent information on to the server. To make it easy here is a script for installation of ossec server or agent \u2013 Link<\/a>. <\/p>\n\n\n\n

These are two parts of auto-sync, server-side key, and certificate part and agent side sync part.<\/p>\n\n\n\n

NOTE: Here in my case I have used centos as both server and agent. So it’s tested with Centos.<\/p>\n\n\n\n

Let\u2019s get started.<\/p>\n\n\n\n

Let\u2019s cover the server part first. This time I am posting script first and will explain parts of later.<\/p>\n\n\n\n

echo \"Install OpenSSL developer package\"\necho\necho\nyum -y install openssl-devel\necho\necho\necho \"Generating RSA key\"\necho\nopenssl genrsa -out \/var\/ossec\/etc\/sslmanager.key 2048\necho\necho\necho \"Generating Certificate\"\necho\nopenssl req -new -x509 -key \/var\/ossec\/etc\/sslmanager.key -out \/var\/ossec\/etc\/sslmanager.cert -days 365\necho\necho\necho \"OSSEC service restart\"\necho\nsudo \/var\/ossec\/bin\/ossec-control restart\necho\necho\necho \"Enable key sync on port 1515\"\necho\nsudo \/var\/ossec\/bin\/ossec-authd -p 1515 >\/dev\/null 2>&1 &\necho\necho<\/code><\/pre>\n\n\n\n
 First, it will install the OpenSSL developer package. Then generate the RSA key, generate the certificate. And restart the service. Now that all on the server-side, let\u2019s start with agent side sync. <\/p>\n\n\n\n
echo \"Install OpenSSL developer package\"\necho\necho\nyum -y install openssl-devel\necho\necho\necho \"Syncing key with the server\"\necho\nsudo \/var\/ossec\/bin\/agent-auth -m 192.168.140.130 -p 1515\necho\necho\necho \"Ossec service restart\"\necho\nsudo \/var\/ossec\/bin\/ossec-control restart\necho\necho\nsudo systemctl enable ossec\nsudo systemctl restart ossec<\/code><\/pre>\n\n\n\n
 Here again, we will install the OpenSSL developer package. On the agent side, we are using the agent-auth module found in the ossec installation directory. Restart ossec service and we are good to go. To verify there will be the program called \u201clist-agent\u201d in the ossec installation directory. <\/p>\n\n\n\n
For more help: x786@protonmail.ch<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"
As I wrote in my previous post about getting ossec logs on ELK stack, I included part to install ossec server. As to install OSSEC agent there is an same procedure that we performed during OSSEC server. To be honest I am feeling lazy to write it all again to here is a link for … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,3,7,8,9],"tags":[34,43,51],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-linux","category-logging","category-ossec","category-siem","category-systme","tag-linux","tag-ossec","tag-system"],"yoast_head":"\nOSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel\" \/>\n<meta property=\"og:description\" content=\"As I wrote in my previous post about getting ossec logs on ELK stack, I included part to install ossec server. As to install OSSEC agent there is an same procedure that we performed during OSSEC server. To be honest I am feeling lazy to write it all again to here is a link for ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/\" \/>\n<meta property=\"og:site_name\" content=\"Sneh Patel\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-14T20:02:30+00:00\" \/>\n<meta name=\"author\" content=\"Sneh Patel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sneh Patel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/\"},\"author\":{\"name\":\"Sneh Patel\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"headline\":\"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent\",\"datePublished\":\"2019-12-14T20:02:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/\"},\"wordCount\":257,\"commentCount\":7,\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"keywords\":[\"Linux\",\"ossec\",\"System\"],\"articleSection\":[\"Linux\",\"Logging\",\"OSSEC\",\"SIEM\",\"System\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/\",\"name\":\"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\"},\"datePublished\":\"2019-12-14T20:02:30+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/14\\\/ossec-auto-key-sync-add-ossec-agent-with-ease\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/\",\"name\":\"Sneh Patel\",\"description\":\"Cyber Security Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/snehpatel.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\",\"name\":\"Sneh Patel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"width\":672,\"height\":222,\"caption\":\"Sneh Patel\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/snehpatel.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/","og_locale":"en_US","og_type":"article","og_title":"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel","og_description":"As I wrote in my previous post about getting ossec logs on ELK stack, I included part to install ossec server. As to install OSSEC agent there is an same procedure that we performed during OSSEC server. To be honest I am feeling lazy to write it all again to here is a link for ... Read more","og_url":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/","og_site_name":"Sneh Patel","article_published_time":"2019-12-14T20:02:30+00:00","author":"Sneh Patel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sneh Patel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/#article","isPartOf":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/"},"author":{"name":"Sneh Patel","@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"headline":"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent","datePublished":"2019-12-14T20:02:30+00:00","mainEntityOfPage":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/"},"wordCount":257,"commentCount":7,"publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"keywords":["Linux","ossec","System"],"articleSection":["Linux","Logging","OSSEC","SIEM","System"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/","url":"https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/","name":"OSSEC auto key sync. Add the OSSEC agent automatically. Mass deploy OSSEC agent - Sneh Patel","isPartOf":{"@id":"https:\/\/snehpatel.com\/#website"},"datePublished":"2019-12-14T20:02:30+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/snehpatel.com\/index.php\/2019\/12\/14\/ossec-auto-key-sync-add-ossec-agent-with-ease\/"]}]},{"@type":"WebSite","@id":"https:\/\/snehpatel.com\/#website","url":"https:\/\/snehpatel.com\/","name":"Sneh Patel","description":"Cyber Security Blog","publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/snehpatel.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73","name":"Sneh Patel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","url":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","contentUrl":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","width":672,"height":222,"caption":"Sneh Patel"},"logo":{"@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1"},"sameAs":["http:\/\/snehpatel.com"]}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":0,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"wp:attachment":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}