On Mon, Feb 28, 2011 at 3:18 PM, Tanishk Lakhaani <[email protected]> wrote: > Dan, > R u talking abt whether I am able to take putty on the agentless device or > not ?? >
No, I want you to make sure the OSSEC manager can ssh into the agentless device. > If this is the question, yes I am able to take that. > > What logs do I need to check at the agentless device ?? > > Whichever log holds the SSH information. I don't know what device you're trying to configure, or what logs it holds. > Regards > Tanishk Lakhaani > Sent from BlackBerry® on Airtel > > -----Original Message----- > From: "dan (ddp)" <[email protected]> > Sender: [email protected] > Date: Mon, 28 Feb 2011 15:11:12 > To: <[email protected]> > Reply-To: [email protected] > Subject: Re: [ossec-list] Re: > > Are the ssh packets making it to the agentless device? > Are there any logs on the agentless device mentioning any issues with > the ssh connection? > > On Mon, Feb 28, 2011 at 3:02 PM, Tanishk Lakhaani <[email protected]> > wrote: >> Hi daniel, >> We are using an IP address for the same >> >> Still the same issues >> Regards >> Tanishk Lakhaani >> Sent from BlackBerry® on Airtel >> >> -----Original Message----- >> From: "dan (ddp)" <[email protected]> >> Sender: [email protected] >> Date: Mon, 28 Feb 2011 14:56:32 >> To: <[email protected]> >> Reply-To: [email protected] >> Subject: Re: [ossec-list] Re: >> >> Hi Saboor, >> >> On Mon, Feb 28, 2011 at 11:28 AM, Saboor <[email protected]> wrote: >>> Hi Dan >>> >>> I am trying to install OSSEC Agentless for monitoring .Successfully added >>> the IP of the host in the 'register_host.sh' (in var/ossec/agentless)and the >>> script 'ssh_integrity_check_linux' in the ossec.conf (in >>> var/ossec/etc/ossec.conf). >>> >>> While generating the public/private key using the command in ossec :'sudo -u >>> ossec ssh-keygen -t rsa' >>> I was encountering the error "Could not create directory / var/ossec/.ssh' >>> For rectifying this error I had change the file permission of OSSEC to 777 . >> >> This is a bad fix. Very few things need 777. You have introduced a >> security issue into your environment. >> >>> I have scp the public key from server to the host by running the command >>> scp /var/ossec/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys >>> it has successfully been added to the host >>> Now while restarting the ossec on my server and checking the logs of the >>> same I encounter an error which is : >>> >>> 2011/02/28 18:19:03 ossec-agentlessd: ERROR: >>> ssh_integrity_check_linux: [email protected]: Timeout while connecting to >>> host: [email protected] >>> >> >> Are you using the IP address or the hostname when trying to connect to >> it? I haven't used the agentless in a while, so I can't remember if it >> can resolve hostnames. >> Try registering the IP address instead of the hostname. >> >>> Please Advise >>> >>> -- >>> Regards, >>> Saboor Rafiq >>> >> >
