I do have {Space} in the actual script because when I had it as send
"enable 3" it kicked out an error.I can give this a try, and HOSTNAME is self explanatory, but what should I use for COMMANDS? Sorry for the lack of knowledge, but I'm still new at working with Linux and OSSEC. Would COMMANDS correlate to the agentless State that I setup in ossec.conf ? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Thursday, October 11, 2012 2:16 PM To: [email protected] Subject: Re: [ossec-list] Agentless for Cisco ASA with altered enable command On Thu, Oct 11, 2012 at 2:08 PM, Joe Turner <[email protected]> wrote: > I changed the ASA-FWSMCONFIG_DIFF.SH script. I didn't think I could > run it manually as it expected info from ossec.config > The closest I have to that is /var/ossec/agentless/ssh_asa-fwsmconfig_diff Looks like you should be able to run it with: cd /var/ossec && agentless/ssh_asa-fwsmconfig_diff HOSTNAME COMMANDS I forgot to ask, did you actually put {SPACE} into the script, or did you use that a placeholder for an actual space? Have you tried running the "enable 3" manually? > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of dan (ddp) > Sent: Thursday, October 11, 2012 1:37 PM > To: [email protected] > Subject: Re: [ossec-list] Agentless for Cisco ASA with altered enable > command > > On Thu, Oct 11, 2012 at 1:32 PM, Joe <[email protected]> wrote: >> I'm trying to get agentless monitoring working on our Cisco ASA 5510 >> firewall. The issue is that our provider manages this for us, and >> didn't want to give us the enable password. We did however get a >> locked down enable password, but to get it to work, we had to issue >> the command "enable 3" instead of enable. I changed the Shell script >> from 'send "enable\r" ' to 'send "enable{Space}3\r" ' and it doesn't >> spit out an error, but my provider is telling me that they aren't >> seeing the command go through, just the initial user login. Does >> anyone know if I'm just editing the script wrong, or if it's even > possible to do this with anything but the enable command? > > Which expect script did you change? Did you try running it manually?
