# /var/ossec/bin/manage_agents

****************************************
* OSSEC HIDS v0.8 Agent manager.       *
* The following options are available: *
****************************************
   (A)dd an agent (A).
   (E)xtract key for an agent (E).
   (L)ist already added agents (L).
   (R)emove an agent (R).
   (Q)uit.
Choose your actions: A,E,L,R or Q: a

- Adding a new agent (use '\'' to return to main menu).
  Please provide the following:
   * A name for the new agent: spek
   * The IP Address for the new agent: 192.168.0.62
   * An ID for the new agent[001]:
Agent information:
   ID:001
   Name:spek
   IP Address:192.168.0.62

Confirm adding it?(y/n): y
Added.
-------------------------
...
Choose your actions: A,E,L,R or Q: e

Available agents:
   ID: 001, Name: spek, IP: 192.168.0.62
Provide the ID of the agent to extract the key (or '\'' to quit): 1
Agent key information for '001' is:
MDAxIHNwZWsgMTkyLjE2OC4wLjYyIDhhNzVmNGY1ZjBmNTIzNzI5NzAzMTRjMTFmNGVlOWZhZDEzY2QxZWY1ODQyZDEyMmFjYjM2YzVmY2JmYTg5OGM=

** Press ENTER to return main menu.
-------------------------
# /var/ossec/bin/manage_agents


****************************************
* OSSEC HIDS v0.8 Agent manager.       *
* The following options are available: *
****************************************
   (I)mport key for the server (I).
   (Q)uit.
Choose your actions: I or Q: i

* Provide the Key generated from the server.
* The best approach is to cut and paste it.
*** OBS: Do not include spaces or new lines.

Paste it here (or '\'' to quit): MDAxIHNwZWsgMTkyLjE2OC4wLjYyIDhhNzVmNGY1ZjBmNTIzNzI5NzAzMTRjMTFmNGVlOWZhZDEzY2QxZWY1ODQyZDEyMmFjYjM2YzVmY2JmYTg5OGM=

Agent information:
   ID:001
   Name:spek
   IP Address:192.168.0.62

Confirm adding it?(y/n): y
Added.
** Press ENTER to return main menu.
-------------------------
# /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v0.8 (by Daniel B. Cid)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Completed.
-------------------------
# /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v0.8 (by Daniel B. Cid)...
Started ossec-execd...
Started ossec-agentd...
Started ossec-logcollector...
Started ossec-syscheckd...
Completed.
-------------------------
<server-ip>a.b.c.d</server-ip>
-------------------------
<frequency>7200</frequency>
-------------------------
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
-------------------------
<ignore>/etc/mtab</ignore>
-------------------------
<alerts>
    <log_alert_level>1</log_alert_level>
    <email_alert_level>7</email_alert_level>
  </alerts>
-------------------------
<white_list>10.0.0.123</white_list>
-------------------------
<command>
    <name>disable-account</name>
    <executable>disable-account.sh</executable>
    <expect>user</expect>
    <timeout_allowed>yes</timeout_allowed>
</command>  
-------------------------
<active-response>
    <command>disable-account</command>
    <location>local</location>
    <level>10</level>
    <rules_id>402</rules_id>
    <timeout>900</timeout>
</active-response>
