OSSEC 3.6.0

ossec.conf: Agentless Options

Overview

Supported types

Agentless options are available in the the following installation types:

  • server
  • local

Location

All agentless options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.

XML excerpt to show location:

<ossec_config>
    <agentless>
        <!--
        agentless options here
        -->
    </agentless>
</ossec_config>

Options

  • agentless

    This is the section that will contain the agentless configuration.

  • type

    The type of check to be run on the agentless system.

    Options: ssh_integrity_check_bsd, ssh_integrity_check_linux, ssh_generic_diff, ssh_pixconfig_diff

  • frequency

    This controls the number of seconds between each run.

  • host

    This defines the username and agentless host.

    Example:

    <host>root@linux.server.example.com</host>

  • state

    This determines whether the checks are periodic or periodic_diff.

    • periodic: The output from the scripts is processed by the OSSEC processes.
    • periodic_diff: The output from the scripts is compared to the output of previous runs.

  • arguments

    This defines the arguments passed to the script.