On Mon, Feb 25, 2013 at 7:23 PM, <[email protected]> wrote: > I am trying to test agentless connection to one of my ASAs. I have enabled > agentless, I have added the device with register_host.sh and have added a > ssh_asa-fwsmconfig_diff agentless config for the ASA in ossec.config. I am > now just trying to test the script by running: > > /var/ossec$ sudo ./agentless/ssh_asa-fwsmconfig_diff [email protected] > > Here is the output from that command: > ___________________________________________________________________ > ossec@OSSEC:/var/ossec$ sudo ./agentless/ssh_asa-fwsmconfig_diff > [email protected] > [sudo] password for ossec: > spawn ssh -c des [email protected] > > > No valid ciphers for protocol version 2 given, using defaults. > > > [email protected]'s password: > > This is a privately owned computing system.Access is permitted only by > authorized employees or agents of the company.The system may be used only > for authorized company business.Company management approval is required for > all access privileges.This system is equipped with a security system > intended to prevent and record unauthorized access attempts. Unauthorized > access or use is a crime under the law. > > Type help or '?' for a list of available commands. > > > 10ASA> INFO: Starting. > enable > > Password: ############ > ERROR: Timeout while running enable on host: [email protected] > ossec@OSSEC:/var/ossec$ ######### > -bash: ###: event not found > _________________________________________________________________________ >
It looks like the script is expecting a password, but doesn't receive one, and a bunch of hashes are passed to the OSSEC server's shell. How did you configure the agentless system? Did it ask for an enable password? (I don't use agentless, especially with Cisco products) > The spot where you see the first series of hashes is where the script stops > and prompts me for a password. I'm assuming that it is asking me for the > enable password. I enter the correct enable password and, as you see, I get > a timeout. > > I did modify the ssh_asa-fwsmconfig_diff script a bit after an issue I > encountered with the ssh_pixconfig_diff script. I was having troubles > making the pix script work then came across this post: > http://www.mail-archive.com/[email protected]/msg15464.html > After reading that post and correcting the *password:* bugs, the script > started working perfectly. I opened the ssh_asa-fwsmconfig_diff script and > also found spacing issues everywhere "*password:*" is referenced. After > doing so I was at least able to get as far as you see above but am now stuck > again. > > Here is my ssh_asafwsmconfig_diff script with the "*password:*" corrections. > I have made no other changes. Any script geniuses out there that can > identify any other problems that could be causing this issue for me? > > "ssh_asa-fwsmconfig_diff" [readonly] 210L, 5253C#!/usr/bin/env expect > > # @(#) $Id$ > # Agentless monitoring > # > # Copyright (C) 2009 Trend Micro Inc. > # All rights reserved. > # > # This program is a free software; you can redistribute it > # and/or modify it under the terms of the GNU General Public > # License (version 2) as published by the FSF - Free Software > # Foundation. > > > if {$argc < 1} { > send_user "ERROR: ssh_pixconfig_diff <hostname> <commands>\n"; > exit 1; > } > > > # NOTE: this script must be called from within /var/ossec for it to work. > set passlist "agentless/.passlist" > set hostname [lindex $argv 0]1,1Top2,0-13,1 45678910,1123,0-145,1 67{ > > > }8{ > > > }9,0-1201,1 23 > set commands [lrange $argv 1 end]24,10% > set pass "x"25,11% > set addpass "x"26,11% > set timeout 2027,12% > 28,0-12% > if {[string compare $hostname "test"] == 0} {29,13% > if {[string compare $commands "test"] == 0} {30,13% > exit 0;31,14% > }32,14% > {}33,15% > {}34,0-15% > # Reading the password list.35,16% > if [catch {36,16% > set in [open "$passlist" r]37,17% > { > > } loc_error] {38,18%{ > > } > send_user "ERROR: Password list not present (use \"register_host\" > first).\nn"39,19% > exit 1;40,19% > {}41,110% > {}42,0-110% > while {[gets $in line] != -1} {43,111% > set me [string first "|" $line]44,111% > set me2 [string last "|" $line]45,112% > set length [string length $line]46,112% > 47,113% > if {$me == -1} {48,113% > continue;49,114% > }50,114% > if {$me2 == -1} {51,115% > continue;52,115% > }53,116% > if {$me == $me2} {54,117% > continue;55,117% > }56,118% > 57,118% > set me [expr $me-1]58,119% > set me2 [expr $me2-1]59,119% > 60,120% set host_list [string range $line 0 $me] set me [expr $me+2]61,120%2 > set pass_list [string range $line $me $me2]63,121% > set me2 [expr $me2+2]64,121% > set addpass_list [string range $line $me2 $length]65,122% > 66,0-122% > if {[string compare $host_list $hostname] == 0} {67,123% > set pass "$pass_list"68,124% > set addpass "$addpass_list"69,124% > break70,125% > }71,125% > }72,126% > close $in73,126% > 74,0-127% > 75,0-127% > if {[string compare $pass "x"] == 0} {76,128% > send_user "ERROR: Password for '$hostname' not found.\n"77,128% > exit 1;78,129% > { > > > }79,129% > { > > > }80,0-130% > 81,0-131% > # SSHing to the box and passing the directories to check.82,131% > if [catch {83,132% > spawn ssh -c des $hostname84,132% > { > > } loc_error] {85,133% > { > > } > send_user "ERROR: Opening connection: $loc_error.\n"86,133% > exit 1;87,134% > { > > > }88,134% > { > > > }89,0-135% > expect {90,135% > "WARNING: REMOTE HOST" {91,136% send_user "ERROR: RSA host key for > '$hostname' has changed. Unable to acccess.\n"92,137% > exit 1;93,137% > }94,138% > "*sure you want to continue connecting*" {95,138% > send "yes\r"96,139% > expect "*password:*" {97,139% > send "$pass\r"98,140% > 99,0-140% > expect {100,141% > "Permission denied" {101,142% send_user "ERROR: Incorrect password to > remote host: $hostnaame .\n"102,142% > exit 1;103,143% > }104,143% > timeout {105,144% send_user "ERROR: Timeout while running on host (too long > too finish): $hostname .\n"106,145% > exit 1;107,145% > }108,146% > "*>" {109,146% > send_user "\nINFO: Starting.\n"110,147% > }111,147% } }112,148%3 > }114,149% > "ssh: connect to host*" {115,149% > send_user "ERROR: Unable to connect to remote host: $hostname .\n"116,150% > exit 1;117,150% > }118,151% > "no address associated with name" {119,151% > send_user "ERROR: Unable to connect to remote host: $hostname .\n"120,152% > exit 1;121,152% > }122,153% "*Connection refused*" { send_user "ERROR: Unable to connect to > remote host: $hostname .\n"123,154%4 > exit 1;125,154% > }126,155% > "*Connection closed by remote host*" {127,155% send_user "ERROR: Unable to > connect to remote host: $hostname .\n" exit 1;128,156%9 > }130,157% > "*password:*" {131,157% > send "$pass\r"132,158% > 133,158% > expect {134,159% > "Permission denied" {135,159% send_user "ERROR: Incorrect password to > remote host: $hostname ..\n"136,160% > exit 1;137,161% > }138,161% > timeout {139,162% send_user "ERROR: Timeout while running on host (too long > to finnish): $hostname .\n"140,162% > exit 1;141,163% > }142,164% > "*>" {143,164% > send_user "INFO: Starting.\n"144,165% > }145,165% > }146,166% > }147,166% > timeout {148,167% > send_user "ERROR: Timeout while connecting to host: $hostname . \n"149,167% > exit 1;150,168% > }151,168% > }152,169% > 153,0-169% > # Going into enable mode.154,170% > send "enable\r"155,170% > expect {156,171% "password:" { send "$addpass\r"157,172%8 > 159,0-172% > expect {160,173% > "*asswor*" {161,173% send_user "ERROR: Incorrect enable password to remote > host: $hosstname .\n"162,174% > exit 1;163,175% > }164,175% > "*rror in authenticatio*" {165,176% send_user "ERROR: Incorrect enable > password to remote host: $hosstname .\n"166,176% > exit 1;167,177% > }168,177% > timeout {169,178% send_user "ERROR: Timeout while going to enable mode on > host: $hhostname .\n"170,178% > exit 1;171,179% > }172,180% > "*#" {173,180% > send_user "ok on enable pass\n"174,181% > }175,181% > }176,182% > }177,182% > timeout {178,183% > send_user "ERROR: Timeout while running enable on host: $hostname > .\n"179,183% > exit 1;180,184% > }181,184%}182,185%3,0-1 > 184,0-186% > 185,0-186% > # Sending commands186,187%set timeout 60 > send_user "\nSTORE: now\n"187,188%8 > 189,0-188% > send "term pager 0\r"190,189% > 191,0-189%# Excluding uptime from the output > send "show version | grep -v Configuration last| up\r"192,190%3 > send "show running-config\r"194,191% > send "$commands\r"195,191% > send "exit\r"196,192% > 197,0-193% > expect {198,193% > timeout {199,194% > send_user "ERROR: Timeout while running commands on host: $hostname > .\n"200,194% > exit 1;201,195% > }202,195% > eof {203,196% > send_user "\nINFO: Finished.\n"204,196% > exit 0;205,197% > }206,197% > {}207,198% > {}208,0-198% > send_user "ERROR: Unable to finish properly.\n"209,199% > exit 1 > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
