Push Updates from HUB
You can update agents from the HUB using /var/awp/bin/atomicorp-api. Command line parameters include:
List agents or groups
-l List Agents
-lg List Groups
Target requires one of the following
-a All agents
-g <group> All agents in group <group>
-i <id> Specified Agent ID
Action requires one of the following
-init <package> Configure package (first time setup)
auditd - configure/update/start auditd
clamav - configure/update/start clamd
fapolicyd - configure/update/start fapolicyd
-install <package> Install package where package is:
auditd - installs auditd
clamav - installs clamav
fapolicyd - installs fapolicyd
-restart <package> Restart package
clamav - restart clamd
ossec-hids - restart ossec
-scan <module> <option> Scan module
clamav - scan <path>
-update <package> Update package where package is:
clamav - update clamav sigantures
ossec-hids - update atomic ossec
Optional
-h Show this help
-r Realtime flag, shows responses in real time
-t <timeout> Timeout in seconds (default 30)
Example:
[root@ossec-hub bin]# /var/awp/bin/atomicorp-api -i 002 -update ossec-hids
Updating ossec-hids on host: 002
Manual Linux
1. Log into the agent machine
2. Stop the ossec agent
systemctl stop ossec-hids
3. As root run the following command (substitute your OS equivalent)
yum update ossec-hids
4. Start the ossec agent and it will reconnect to the OSSEC HUB
systemctl start ossec-hids
Manual Windows
1. Log into the agent machine
2. Stop the ossec service using the Windows services
3. Run Windows PowerShell as Admin
4. Download the most recent agent installer from your HUB (Make sure to download to a folder in which you have permissions)
Invoke-WebRequest http://HUB_ADDRESS/installers/agent_deployV2.ps1 -Outfile .\agent_deployV2.ps1
5. Run the following command to install the newest agent
powershell -executionpolicy bypass -file .\agent_deployV2.ps1 -ossec_exe http://HUB_ADDRESS/channels/awp-hub-repo/windows/ossec-agent-latest.exe -server_ip HUB_ADDRESS
When installing the Windows agent, the following command line parameters are available
-agent_name <name> - (optional) name to use for the agent. Default: windows hostname -port <port> - (optional) Agent registration port. Default: 1515/TCP -password <password> - (optional) password for authenticated agent registration -secure_port <secure_port> - (optional) port for agent traffic. Default: 1514/UDP -prompt_agent_name [0|1] - (optional) interactive mode to prompt for the agent name. Cannot be used in a GPO -use_fqdns [0|1] - (optional) Use the Fully Qualified DNS Name (FQDN) for the agent name -update_agent - (optional) Update agent to specified version. Default: ossec-agent-latest -reinstall [0|1] - (optional) reinstall the agent. Note this will replace the existing key and config -rekey [0|1] - (optional) forces an existing installation to request a new key -default_name - (optional) use <external IP>-<hostname> naming key for the agent. -help - display help