2012/10/24 dan (ddp) <[email protected]>
> On Wed, Oct 24, 2012 at 2:44 PM, Daniel Flores
> <[email protected]> wrote:
> > Hi, I am using agentless to monitor one server running Red Hat, but the
> > problem is that when ossec user executes the ssh_integrity_check_linux I
> get
> > this:
> >
> > SGAMONITORL:/var/ossec# sudo -u ossec
> ./agentless/ssh_integrity_check_linux
> > [email protected] /etc
> > spawn ssh [email protected]
> >
> ===============================================================================
> > "Estas accediendo a un servidor propiedad de Adserti.
> > El usuario autorizado es responsable de proteger la informacion,
> > mantener el secreto profesional e informar del mal uso de los sistemas.
> >
> > El acceso no autorizado a este sistema o el uso indebido del mismo
> > estan prohibidos y es contrario a las politicas de Adserti.
> > Adserti se reserva el derecho de monitoreo mediante el uso de la
> tecnologia.
> > En caso de que sea detectada o revelada una posible actividad delictiva
> > o no etica, el personal de seguridad puede proporcionar la evidencia para
> > aplicar las medidas diciplinarias pertinentes."
> >
> ==============================================================================
> > Last login: Wed Oct 24 13:23:50 2012 from 11.10.1.114
> > [root@sgasrv7l ~]#
> > ERROR: Timeout while connecting to host: [email protected] .
> > SGAMONITORL:/var/ossec#
> >
> >
> > the first part is mi ssh banner, and it logs in with root user as I'm
> > expecting, but then it doesn't executes commands and logs me off
> >
> > I don't know why with the ossec user is not executing the next commands
> >
> > Can you help me please???
> >
> > Daniel Flores
>
> Without looking at the script, I'm guessing the lack of a password
> prompt is causing the issue.
>
mi ssh.exp script is the next:
#!/usr/bin/env expect
# @(#) $Id$
# Agentless monitoring
#
# Copyright (C) 2009 Trend Micro Inc.
# All rights reserved.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
if {[string compare $pass "NOPASS"] == 0} {
source $sshnopasssrc
return
}
expect {
"WARNING: REMOTE HOST" {
send_user "\nERROR: RSA host key for '$hostname' has changed.
Unable to access.\n"
exit 1;
}
"*sure you want to continue connecting*" {
send "yes\r"
expect "* Password:*" {
send "$pass\r"
source $sshloginsrc
}
}
"ssh: connect to host*" {
send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"no address associated with name" {
send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"*Connection refused*" {
send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"*Connection closed by remote host*" {
send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"* Password:*" {
send "$pass\r"
source $sshloginsrc
}
timeout {
send_user "\nERROR: Timeout while connecting to host: $hostname .
\n"
exit 1;
}
}
And the ssh_integrity_check_linux:
#!/usr/bin/env expect
# @(#) $Id$
# Agentless monitoring
#
# Copyright (C) 2009 Trend Micro Inc.
# All rights reserved.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
# Main script.
source "/var/ossec/agentless/main.exp"
# SSHing to the box and passing the directories to check.
if [catch {
spawn ssh $hostname
} loc_error] {
send_user "ERROR: Opening connection: $loc_error.\n"
exit 1;
}
source $sshsrc
source $susrc
set timeout 600
send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail
\$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` &&
sha1=`sha1sum \$i | cut -d \" \" -f 1` && echo FWD: `stat --printf
\"%s:%a:%u:%g\" \$i`:\$md5:\$sha1 \$i; done; exit\r"
send "exit\r"
expect {
timeout {
send_user "ERROR: Timeout while running commands on host: $hostname
.\n"
exit 1;
}
eof {
send_user "\nINFO: Finished.\n"
exit 0;
}
}
exit 0;
Thanks
--
Daniel Flores
