On Wed, Oct 24, 2012 at 2:54 PM, Daniel Flores
<[email protected]> wrote:
>
>
> 2012/10/24 dan (ddp) <[email protected]>
>
>> On Wed, Oct 24, 2012 at 2:44 PM, Daniel Flores
>> <[email protected]> wrote:
>> > Hi, I am using agentless to monitor one server running Red Hat, but the
>> > problem is that when ossec user executes the ssh_integrity_check_linux I
>> > get
>> > this:
>> >
>> > SGAMONITORL:/var/ossec# sudo -u ossec
>> > ./agentless/ssh_integrity_check_linux
>> > [email protected] /etc
>> > spawn ssh [email protected]
>> >
>> > ===============================================================================
>> > "Estas accediendo a un servidor propiedad de Adserti.
>> > El usuario autorizado es responsable de proteger la informacion,
>> > mantener el secreto profesional e informar del mal uso de los sistemas.
>> >
>> > El acceso no autorizado a este sistema o el uso indebido del mismo
>> > estan prohibidos y es contrario a las politicas de Adserti.
>> > Adserti se reserva el derecho de monitoreo mediante el uso de la
>> > tecnologia.
>> > En caso de que sea detectada o revelada una posible actividad delictiva
>> > o no etica, el personal de seguridad puede proporcionar la evidencia
>> > para
>> > aplicar las medidas diciplinarias pertinentes."
>> >
>> > ==============================================================================
>> > Last login: Wed Oct 24 13:23:50 2012 from 11.10.1.114
>> > [root@sgasrv7l ~]#
>> > ERROR: Timeout while connecting to host: [email protected] .
>> > SGAMONITORL:/var/ossec#
>> >
>> >
>> > the first part is mi ssh banner, and it logs in with root user as I'm
>> > expecting, but then it doesn't executes commands and logs me off
>> >
>> > I don't know why with the ossec user is not executing the next commands
>> >
>> > Can you help me please???
>> >
>> > Daniel Flores
>>
>> Without looking at the script, I'm guessing the lack of a password
>> prompt is causing the issue.
>
>
> mi ssh.exp script is the next:
>
> #!/usr/bin/env expect
>
> # @(#) $Id$
> # Agentless monitoring
> #
> # Copyright (C) 2009 Trend Micro Inc.
> # All rights reserved.
> #
> # This program is a free software; you can redistribute it
> # and/or modify it under the terms of the GNU General Public
> # License (version 2) as published by the FSF - Free Software
> # Foundation.
>
>
> if {[string compare $pass "NOPASS"] == 0} {
> source $sshnopasssrc
> return
> }
>
>
Was the user setup with NOPASS as the password when you ran register_host?
> expect {
> "WARNING: REMOTE HOST" {
> send_user "\nERROR: RSA host key for '$hostname' has changed. Unable
> to access.\n"
> exit 1;
> }
> "*sure you want to continue connecting*" {
> send "yes\r"
> expect "* Password:*" {
> send "$pass\r"
> source $sshloginsrc
> }
> }
> "ssh: connect to host*" {
> send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "no address associated with name" {
> send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "*Connection refused*" {
> send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "*Connection closed by remote host*" {
> send_user "\nERROR: Unable to connect to remote host: $hostname .\n"
> exit 1;
> }
> "* Password:*" {
> send "$pass\r"
> source $sshloginsrc
> }
> timeout {
> send_user "\nERROR: Timeout while connecting to host: $hostname .
> \n"
> exit 1;
> }
> }
>
> And the ssh_integrity_check_linux:
>
> #!/usr/bin/env expect
>
> # @(#) $Id$
> # Agentless monitoring
> #
> # Copyright (C) 2009 Trend Micro Inc.
> # All rights reserved.
> #
> # This program is a free software; you can redistribute it
> # and/or modify it under the terms of the GNU General Public
> # License (version 2) as published by the FSF - Free Software
> # Foundation.
>
>
> # Main script.
> source "/var/ossec/agentless/main.exp"
>
>
> # SSHing to the box and passing the directories to check.
> if [catch {
> spawn ssh $hostname
> } loc_error] {
> send_user "ERROR: Opening connection: $loc_error.\n"
> exit 1;
> }
>
>
> source $sshsrc
> source $susrc
>
> set timeout 600
> send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail
> \$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` && sha1=`sha1sum
> \$i | cut -d \" \" -f 1` && echo FWD: `stat --printf \"%s:%a:%u:%g\"
> \$i`:\$md5:\$sha1 \$i; done; exit\r"
> send "exit\r"
>
> expect {
> timeout {
> send_user "ERROR: Timeout while running commands on host: $hostname
> .\n"
> exit 1;
> }
> eof {
> send_user "\nINFO: Finished.\n"
> exit 0;
> }
> }
>
> exit 0;
>
> Thanks
>
> --
> Daniel Flores
