On Thu, Oct 11, 2012 at 2:08 PM, Joe Turner
<[email protected]> wrote:
> I changed the ASA-FWSMCONFIG_DIFF.SH script. I didn't think I could run
> it manually as it expected info from ossec.config
>
The closest I have to that is /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Looks like you should be able to run it with:
cd /var/ossec && agentless/ssh_asa-fwsmconfig_diff HOSTNAME COMMANDS
I forgot to ask, did you actually put {SPACE} into the script, or did
you use that a placeholder for an actual space? Have you tried running
the "enable 3" manually?
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of dan (ddp)
> Sent: Thursday, October 11, 2012 1:37 PM
> To: [email protected]
> Subject: Re: [ossec-list] Agentless for Cisco ASA with altered enable
> command
>
> On Thu, Oct 11, 2012 at 1:32 PM, Joe <[email protected]> wrote:
>> I'm trying to get agentless monitoring working on our Cisco ASA 5510
>> firewall. The issue is that our provider manages this for us, and
>> didn't want to give us the enable password. We did however get a
>> locked down enable password, but to get it to work, we had to issue
>> the command "enable 3" instead of enable. I changed the Shell script
>> from 'send "enable\r" ' to 'send "enable{Space}3\r" ' and it doesn't
>> spit out an error, but my provider is telling me that they aren't
>> seeing the command go through, just the initial user login. Does
>> anyone know if I'm just editing the script wrong, or if it's even
> possible to do this with anything but the enable command?
>
> Which expect script did you change? Did you try running it manually?
