0

According to the help docs of manage_clients:

-f Bulk generate client keys from file. (Manager only). contains lines in IP,NAME format.

So I tried this:

root@ossec-server:/var/ossec/etc# /var/ossec/bin/manage_agents -f /tmp/agent
Bulk load file: /tmp/agent
Opening: [/tmp/agent]
Failed.: No such file or directory
2015/05/16 15:07:34 manage_agents(1103): ERROR: Unable to open file '/tmp/agent'.

Even with full access:

root@ossec-server:/var/ossec/etc# ls -l /tmp/agent 
-rw-r--r-- 1 777 root 16 May 16 14:57 /tmp/agent

Content seems good:

root@ossec-server:/var/ossec/etc# cat /tmp/agent 
127.0.0.1,agent

2 Answers 2

3

Having just cleared this hurdle, maybe I can help. You need to put the file in the /var/ossec directory (mine has owner/group as ossec) and the DO NOT use the full path.

Example

/var/ossec/bin/manage_agents -f /var/ossec/list_to_add.lst

will not work (IDK why but it never worked). However,

/var/ossec/bin/manage_agents -f list_to_add.lst

will work.

1
  • I'm assuming this is correctI. I ended up using the dynamic client registration service (that's inherently insecure until the next version) in the end since it worked a lot better with our dynamic infrastructure and it's all behind a VPN anyways. OSSEC sure is user unfriendly!
    – Kit Sunde
    Commented Jun 9, 2015 at 9:26
0

I can't comment yet, so this has to be an answer. Matt is correct.

IDK why but it never worked

You have to use the path inside the chroot because ossec processes chroot themselves, as addagent.c (which becomes manage_agents) does here.

So, if you put a file in /var/ossec/tmp/foo you need to call manage_agents like

/var/ossec/bin/manage_agents -f /tmp/foo

(tmp/foo also works).

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .