2016-10-11 8 views

답변

0
#This is to be run on ossec server, path for ossec is /var/ossec/ 

    file=agents.txt 
    /var/ossec/bin/agent_control -l > $file 

#Wipe working tmp files 
    rm remove.txt 
    rm removed.txt 
    echo -n "" > remove.txt 
    echo -n "" > removed.txt 

#Find Disconnected agents 
    while IFS= read -r line 
    do 
    ids=$(echo $line | awk '{print $2}') 
    status=$(echo $line | awk '{print $NF}') 

    if [ "$status" == "Disconnected" ]; then 
    echo $ids >> remove.txt 
    fi 
    done < "$file" 

#Find Never connected agents 
    while IFS= read -r line 
    do 
    ids=$(echo $line | awk '{print $2}') 
    status=$(echo $line | awk '{ if (NF > 1) print $(NF-1),$NF ; else print $NF; }') 

    if [ "$status" == "Never connected" ]; then 
     echo $ids >> remove.txt 
    fi 

    done < "$file" 

#Remove commas 
    sed 's/.$//' remove.txt > removed.txt 

#Remove agents with IDs in removed.txt file 
    file2=removed.txt 

    while IFS= read -r line 
    do 
    /var/ossec/bin/manage_agents -r "$line" 
    done < $file2 

#Restart OSSEC service 
    /var/ossec/bin/ossec-control restart 
#End 
0

을 삭제 인스턴스가 만들어 자동 확장 그룹 /의 경우 비활성 OSSEC 에이전트를 제거하는 것이 무엇인가 당신이 실행할 수있는 빠른 스크립트입니다 제거 '끊김'하고 해결책을 공유하려는 경우, 당신은 다음 질문의 형태로 쓰기 도움말 섹션이 아닌 문제의 해결책을 두어야 에이전트

for OUTPUT in $(/var/ossec/bin/agent_control -l | grep -E 'Disconnected|Never' | tr ':' ',' | cut -d "," -f 2) 
do 
    /var/ossec/bin/manage_agents -r $OUTPUT 
done