Trying to automate the initial OSSEC installation steps

I haven't got around to packaging OSSEC for Debian yet - mainly because I haven't decided how to handle the fact that OSSEC uses a server->agent model that depends on the generation/importing of unique keys for communication (not unlike Puppet with SSL certificates), from an automation/Puppet perspective.

To my knowledge, one person Nicolas Zin is doing something along these lines over on Github but I haven't had time to look at how he's solving this. Likewise for this 'pkg-ossec-devel' mailing list I saw on Debian's Alioth; perhaps people are already working on bringing this into Debian.

In the meantime, I found early on that the manual task of downloading OSSEC tarballs, checking md5sums, extracting and running the OSSEC on each agent, to be a bit painstakingly slow and repetitive. Here is a shell script that at least automates those steps:


# Variables

echo "Downloading packages and checksums"

echo "These are the checksums from the file"
OSSEC_MD5=$(md5sum $TARBALL | awk {'print $1'})
OSSEC_SHA=$(sha1sum $TARBALL | awk {'print $1'})

echo "checking for matching md5/sha sums"
if [ $? -eq 1 ]; then
  echo "md5sum didn't match"!
  exit 1

if [ $? -eq 1 ]; then
  echo "sha1sum didn't match"!
  exit 1

# sums matched, extract and run install
tar zxfv $TARBALL
builtin cd ossec-hids-${VERSION}
sudo bash

Note that it only extracts and kicks off the installer if the md5sum/sha1sums matched.

Next time OSSEC releases a new version, simply edit the VERSION variable and re-run the script.. OSSEC's will ask if you want to upgrade the existing installation.

At the very least, this could be useful to run over CSSHx or similar, to bulk-upgrade a whole heap of agents.

My next step is to try and package OSSEC for Debian based on a compiled 'binary only' version of OSSEC, which contains preseeded settings per the source code's etc/preloaded-vars.conf (see this howto). And then, Puppet!