On Thu, Oct 11, 2012 at 12:53 PM, Lsilverman
<lsilver...@chargeanywhere.com> wrote:
> Thanks for the reply Dan. I am calling the script from /var/ossec/ :)
>
> You are a genius :) I had to take it a step further though... Here is the
> section of bad code:
>
> expect {
> "WARNING: REMOTE HOST" {
> send_user "ERROR: RSA host key for '$hostname' has changed. Unable
> to access.\n"
> exit 1;
> }
> "*sure you want to continue connecting*" {
> send "yes\r"
> expect "* Password:*" {
> send "$pass\r"
>
> expect {
> "Permission denied" {
> send_user "ERROR: Incorrect password to remote host:
> $hostname .\n"
> exit 1;
> }
> timeout {
> send_user "ERROR: Timeout while running on host (too
> long to finish): $hostname .\n"
> exit 1;
> }
> "*>" {
> send_user "\nINFO: Starting.\n"
> }
> }
> }
> }
> "ssh: connect to host*" {
> send_user "ERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "no address associated with name" {
> send_user "ERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "*Connection refused*" {
> send_user "ERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "*Connection closed by remote host*" {
> send_user "ERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "* password:*" {
> send "$pass\r"
>
>
> The bolded section on the bottom had to be changed to "*Password:*"{. Now it
> works perfectly. No one else noticed this bug? :P
>
I'm not a cisco expert, but from the little I know about their
products they're very inconsistent. I wouldn't be surprised if some
versions used password, and others Password.
Glad it helped!
> THANK YOU THANK YOU THANK YOU
>
> Lou
>
>
>
> On Thursday, October 11, 2012 12:32:33 PM UTC-4, dan (ddpbsd) wrote:
>>
>> On Thu, Oct 11, 2012 at 12:23 PM, Lsilverman
>> <lsilv...@chargeanywhere.com> wrote:
>> > Agentless monitoring with a password simply does not work. Can't get it
>> > working for linux or cisco boxes.
>> >
>> > I am running CentOS 5.8 on a ESXi guest. Install went very smooth,
>> > rolling
>> > out agents also works perfectly. Here is my steps for setting up
>> > agentless
>> > config diffs on cisco router:
>> >
>> > 1. I enabled agentless with: /var/ossec/bin/ossec-control enable
>> > agentless
>> > 2. Added the host with: /var/ossec/agentless/register_host.sh add
>> > cisco@x.x.x.x SSHPASS ENABLEPASS
>> > 3. added the appropriate items to ossec.conf:
>> >
>> > <agentless>
>> > <type>ssh_pixconfig_diff</type>
>> > <frequency>120</frequency>
>> > <host>cisco@x.x.x.x</host>
>> > <state>periodic_diff</state>
>> > </agentless>
>> >
>> > 4. restarted ossec server
>> >
>> >
>> > Once I realized this was not working, I started testing. No matter what
>> > I do
>> > it doesnt work:
>> >
>> >
>> > sudo -u ossec ./agentless/ssh_generic_diff cisco@x.x.x.x
>>
>> # NOTE: this script must be called from within /var/ossec for it to work.
>>
>> Just a hunch, since I don't know expect, but it looks like the script
>> is expecting to see "password:", but below it looks like it's seeing
>> "Password." Perhaps changing the line '"* password:*" {' to '"*
>> Password:*" {' might help?
>>
>>
>> > spawn ssh cisco@x.x.x.x
>> > Password:
>> > ERROR: Timeout while connecting to host: cisco@x.x.x.x .
>> >
>> >
>> >
>> > sudo -u ossec ./agentless/ssh_pixconfig_diff cisco@x.x.x.x
>> > spawn ssh -c des cisco@x.x.x.x
>> > No valid ciphers for protocol version 2 given, using defaults.
>> > Password: ERROR: Timeout while connecting to host: cisco@x.x.x.x
>> >
>> >
>> > Please excuse the insane formatting here. Anyone have a recommendation?
>> >
>> >
>> > Thanks
>> >
>> > Lou
