4

I have successfully configured an OSSEC server running on Ubuntu in AWS.

I have also successfully automated Ubuntu AWS instances automatically installing the OSSEC agent and connecting to the OSSEC server via this command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515

I am working on automating the installation of the OSSEC agent for Windows instances including automating the Windows instances connecting to the OSSEC server. I understand that the OSSEC agent for Windows can be downloaded from the OSSEC site's "Downloads" page and that it can be silently installed using this command line: ossec-agent-win32-2.8.3.exe /S

Despite much research, I cannot find out how to get a version of the OSSEC agent-auth executable that will run on Windows to allow me to automate the Windows instances connecting to the OSSEC server.

The closest thing I can find to any mention of the agent-auth application being available for Windows is from this blog: https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 ... where a comment states ...

The Windows version of agent-auth was compiled on Linux (Fedora 20) and tested on Windows 7 Home Premium 64-bit.

How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

1
  • It looks to me like the code changes to add the agent-auth.exe file to the repository are still in an (unmerged) pull request on Github. So you can either wait for them to merge the code in and issue a release, or download that branch and compile it yourself with Visual Studio.
    – soapergem
    Commented Sep 9, 2016 at 18:19

1 Answer 1

0
# Variables
$ossecAgentInstaller = "ossec-agent-win32-2.8.3.exe"
$ossecServer = "ossec.myprivatedomain.local"
$agentAuth = "agent-auth.exe"
$ossecInstallPath = "C:\Program Files (x86)\ossec-agent\"

# Download OSSEC Agent Installer
Invoke-WebRequest -Uri "https://www.ossec.net/files/$ossecAgentInstaller" -OutFile $ossecAgentInstaller

# Silent Install OSSEC Agent
Start-Process -FilePath $ossecAgentInstaller -ArgumentList "/S" -Wait

# Download agent-auth.exe (Assuming it is hosted somewhere accessible)
Invoke-WebRequest -Uri "https://example.com/path/to/$agentAuth" -OutFile "$ossecInstallPath\bin\$agentAuth"

# Register Agent with OSSEC Server
Start-Process -FilePath "$ossecInstallPath\bin\$agentAuth" -ArgumentList "-m $ossecServer -p 1515" -Wait

# Cleanup
Remove-Item -Path $ossecAgentInstaller

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .