On Thu, Oct 11, 2012 at 3:50 PM, Joe Turner <[email protected]> wrote: > I do have {Space} in the actual script because when I had it as send > "enable 3" it kicked out an error. > > I can give this a try, and HOSTNAME is self explanatory, but what should I > use for COMMANDS? Sorry for the lack of knowledge, but I'm still new at > working with Linux and OSSEC. Would COMMANDS correlate to the agentless > State that I setup in ossec.conf ? >
Whatever commands you want run when the script logs in. Just like you setup... > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Thursday, October 11, 2012 2:16 PM > To: [email protected] > Subject: Re: [ossec-list] Agentless for Cisco ASA with altered enable > command > > On Thu, Oct 11, 2012 at 2:08 PM, Joe Turner <[email protected]> > wrote: >> I changed the ASA-FWSMCONFIG_DIFF.SH script. I didn't think I could >> run it manually as it expected info from ossec.config >> > > The closest I have to that is /var/ossec/agentless/ssh_asa-fwsmconfig_diff > > Looks like you should be able to run it with: > > cd /var/ossec && agentless/ssh_asa-fwsmconfig_diff HOSTNAME COMMANDS > > I forgot to ask, did you actually put {SPACE} into the script, or did you > use that a placeholder for an actual space? Have you tried running the > "enable 3" manually? > > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> On Behalf Of dan (ddp) >> Sent: Thursday, October 11, 2012 1:37 PM >> To: [email protected] >> Subject: Re: [ossec-list] Agentless for Cisco ASA with altered enable >> command >> >> On Thu, Oct 11, 2012 at 1:32 PM, Joe <[email protected]> > wrote: >>> I'm trying to get agentless monitoring working on our Cisco ASA 5510 >>> firewall. The issue is that our provider manages this for us, and >>> didn't want to give us the enable password. We did however get a >>> locked down enable password, but to get it to work, we had to issue >>> the command "enable 3" instead of enable. I changed the Shell script >>> from 'send "enable\r" ' to 'send "enable{Space}3\r" ' and it doesn't >>> spit out an error, but my provider is telling me that they aren't >>> seeing the command go through, just the initial user login. Does >>> anyone know if I'm just editing the script wrong, or if it's even >> possible to do this with anything but the enable command? >> >> Which expect script did you change? Did you try running it manually?
