Hi Abhi,
I fixed it like this.
->1. Change the following lines in /opt/splunk/etc/apps/ossec/bin/pyOSSEC.py
Original:
cfg = parse_config_file('../local/ossec_servers.conf', cfg)
New:
cfg = parse_config_file(os.environ['SPLUNK_HOME'] + '/etc/apps/ossec/local /ossec_servers.conf')
->2. Create a file /opt/splunk/etc/apps/ossec/bin/sshwrap
#!/bin/sh
LD_LIBRARY_PATH=/lib/x86_64-linux-gnu:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
/usr/bin/ssh "$@"
And make is executable :
chmod 755 /opt/splunk/etc/apps/ossec/bin/sshwrap
->3. Adapt the ssh executable in /opt/splunk/etc/apps/ossec/local/ossec_servers.conf to point to the wrappers script.
Old:
AGENT_CONTROL = ssh ossec -t -l splunk sudo /var/ossec/bin/agent_control -l
MANAGE_AGENTS = ssh ossec -t -l splunk sudo /var/ossec/bin/manage_agents
New:
AGENT_CONTROL = /opt/splunk/etc/apps/ossec/bin/sshwrap ossec -t -l splunk sudo /var/ossec/bin/agent_control -l
MANAGE_AGENTS = /opt/splunk/etc/apps/ossec/bin/sshwrap ossec -t -l splunk sudo /var/ossec/bin/manage_agents
That did the trick for me.
Best regards,
Thomas Elsen
... View more