OSSEC 3.3

ossec.conf: Agentless Options

Overview

Supported types

Agentless options are available in the the following installation types:

  • server
  • local

Location

All agentless options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.

XML excerpt to show location:

<ossec_config>
    <agentless>
        <!--
        agentless options here
        -->
    </agentless>
</ossec_config>

Options

agentless

This is the section that will contain the agentless configuration.

type

The type of check to be run on the agentless system.

Options: ssh_integrity_check_bsd, ssh_integrity_check_linux, ssh_generic_diff, ssh_pixconfig_diff

frequency

This controls the number of seconds between each run.

host

This defines the username and agentless host.

Example:

<host>root@linux.server.example.com</host>
state

This determines whether the checks are periodic or periodic_diff.

  • periodic: The output from the scripts is processed by the OSSEC processes.
  • periodic_diff: The output from the scripts is compared to the output of previous runs.
arguments

This defines the arguments passed to the script.