Actually the hashes are me obscuring my password for this post. Where you see hashes is the script displaying my password in plain text. I have agentless working for my Cisco switches and routers and a successful test of the ssh_pixconfig_diff script grabs the password for the device from the var/ossec/agentless/.passlist file, logs into the device, runs the script then logs out of the device without requiring me to enter in a password (because again, the script grabs the pwd for the device from the .passlist file). So I'm assuming, perhaps unwisely, that when the ssh_asa-fwsmconfig_diff script runs correctly, it also will grab the pwd from the .passlist file, run through the script and finish without ever stopping to prompt me for a pwd.
As for how I configured agentless system I am trying to test, I ran the /var/ossec/agentless/register_host.sh add [email protected] pixpass enablepass and did indeed enter a value for pixpass and enablepass, that I confirmed was correct by opening the .passlist file. On Monday, February 25, 2013 5:23:46 PM UTC-7, [email protected] wrote: > > I am trying to test agentless connection to one of my ASAs. I have > enabled agentless, I have added the device with register_host.sh and have > added a ssh_asa-fwsmconfig_diff agentless config for the ASA in > ossec.config. I am now just trying to test the script by running: > > /var/ossec$ sudo ./agentless/ssh_asa-fwsmconfig_diff [email protected] > > Here is the output from that command: > ___________________________________________________________________ > ossec@OSSEC:/var/ossec$ sudo ./agentless/ssh_asa-fwsmconfig_diff > [email protected] > [sudo] password for ossec: > spawn ssh -c des [email protected] > > > No valid ciphers for protocol version 2 given, using defaults. > > > [email protected]'s password: > > This is a privately owned computing system.Access is permitted only by > authorized employees or agents of the company.The system may be used only > for authorized company business.Company management approval is required for > all access privileges.This system is equipped with a security system > intended to prevent and record unauthorized access attempts. Unauthorized > access or use is a crime under the law. > > Type help or '?' for a list of available commands. > > > 10ASA> INFO: Starting. > enable > > Password: ############ > ERROR: Timeout while running enable on host: [email protected] > ossec@OSSEC:/var/ossec$ ######### > -bash: ###: event not found > _________________________________________________________________________ > > The spot where you see the first series of hashes is where the script > stops and prompts me for a password. I'm assuming that it is asking me for > the enable password. I enter the correct enable password and, as you see, > I get a timeout. > > I did modify the ssh_asa-fwsmconfig_diff script a bit after an issue I > encountered with the ssh_pixconfig_diff script. I was having troubles > making the pix script work then came across this post: > http://www.mail-archive.com/[email protected]/msg15464.html > After reading that post and correcting the *password:* bugs, the script > started working perfectly. I opened the ssh_asa-fwsmconfig_diff script and > also found spacing issues everywhere "*password:*" is referenced. After > doing so I was at least able to get as far as you see above but am now > stuck again. > > Here is my ssh_asafwsmconfig_diff script with the "*password:*" > corrections. I have made no other changes. Any script geniuses out there > that can identify any other problems that could be causing this issue for > me? > > "ssh_asa-fwsmconfig_diff" [readonly] 210L, 5253C#!/usr/bin/env expect > > # @(#) $Id$ > # Agentless monitoring > # > # Copyright (C) 2009 Trend Micro Inc. > # All rights reserved. > # > # This program is a free software; you can redistribute it > # and/or modify it under the terms of the GNU General Public > # License (version 2) as published by the FSF - Free Software > # Foundation. > > > if {$argc < 1} { > send_user "ERROR: ssh_pixconfig_diff <hostname> <commands>\n"; > exit 1; > } > > > # NOTE: this script must be called from within /var/ossec for it to work. > set passlist "agentless/.passlist" > set hostname [lindex $argv 0]1,1Top2,0-13,1 45678910,1123,0-145,1 67{ > > > }8{ > > > }9,0-1201,1 23 > set commands [lrange $argv 1 end]24,10% > set pass "x"25,11% > set addpass "x"26,11% > set timeout 2027,12% > 28,0-12% > if {[string compare $hostname "test"] == 0} {29,13% > if {[string compare $commands "test"] == 0} {30,13% > exit 0;31,14% > }32,14% > {}33,15% > {}34,0-15% > # Reading the password list.35,16% > if [catch {36,16% > set in [open "$passlist" r]37,17% > { > > } loc_error] {38,18%{ > > } > send_user "ERROR: Password list not present (use \"register_host\" > first).\nn"39,19% > exit 1;40,19% > {}41,110% > {}42,0-110% > while {[gets $in line] != -1} {43,111% > set me [string first "|" $line]44,111% > set me2 [string last "|" $line]45,112% > set length [string length $line]46,112% > 47,113% > if {$me == -1} {48,113% > continue;49,114% > }50,114% > if {$me2 == -1} {51,115% > continue;52,115% > }53,116% > if {$me == $me2} {54,117% > continue;55,117% > }56,118% > 57,118% > set me [expr $me-1]58,119% > set me2 [expr $me2-1]59,119% > 60,120% set host_list [string range $line 0 $me] set me [expr > $me+2]61,120%2 > set pass_list [string range $line $me $me2]63,121% > set me2 [expr $me2+2]64,121% > set addpass_list [string range $line $me2 $length]65,122% > 66,0-122% > if {[string compare $host_list $hostname] == 0} {67,123% > set pass "$pass_list"68,124% > set addpass "$addpass_list"69,124% > break70,125% > }71,125% > }72,126% > close $in73,126% > 74,0-127% > 75,0-127% > if {[string compare $pass "x"] == 0} {76,128% > send_user "ERROR: Password for '$hostname' not found.\n"77,128% > exit 1;78,129% > { > > > }79,129% > { > > > }80,0-130% > 81,0-131% > # SSHing to the box and passing the directories to check.82,131% > if [catch {83,132% > spawn ssh -c des $hostname84,132% > { > > } loc_error] {85,133% > { > > } > send_user "ERROR: Opening connection: $loc_error.\n"86,133% > exit 1;87,134% > { > > > }88,134% > { > > > }89,0-135% > expect {90,135% > "WARNING: REMOTE HOST" {91,136% send_user "ERROR: RSA host key for > '$hostname' has changed. Unable to acccess.\n"92,137% > exit 1;93,137% > }94,138% > "*sure you want to continue connecting*" {95,138% > send "yes\r"96,139% > expect "*password:*" {97,139% > send "$pass\r"98,140% > 99,0-140% > expect {100,141% > "Permission denied" {101,142% send_user "ERROR: Incorrect password to > remote host: $hostnaame .\n"102,142% > exit 1;103,143% > }104,143% > timeout {105,144% send_user "ERROR: Timeout while running on host (too > long too finish): $hostname .\n"106,145% > exit 1;107,145% > }108,146% > "*>" {109,146% > send_user "\nINFO: Starting.\n"110,147% > }111,147% } }112,148%3 > }114,149% > "ssh: connect to host*" {115,149% > send_user "ERROR: Unable to connect to remote host: $hostname .\n"116,150% > exit 1;117,150% > }118,151% > "no address associated with name" {119,151% > send_user "ERROR: Unable to connect to remote host: $hostname .\n"120,152% > exit 1;121,152% > }122,153% "*Connection refused*" { send_user "ERROR: Unable to connect to > remote host: $hostname .\n"123,154%4 > exit 1;125,154% > }126,155% > "*Connection closed by remote host*" {127,155% send_user "ERROR: Unable > to connect to remote host: $hostname .\n" exit 1;128,156%9 > }130,157% > "*password:*" {131,157% > send "$pass\r"132,158% > 133,158% > expect {134,159% > "Permission denied" {135,159% send_user "ERROR: Incorrect password to > remote host: $hostname ..\n"136,160% > exit 1;137,161% > }138,161% > timeout {139,162% send_user "ERROR: Timeout while running on host (too > long to finnish): $hostname .\n"140,162% > exit 1;141,163% > }142,164% > "*>" {143,164% > send_user "INFO: Starting.\n"144,165% > }145,165% > }146,166% > }147,166% > timeout {148,167% > send_user "ERROR: Timeout while connecting to host: $hostname . > \n"149,167% > exit 1;150,168% > }151,168% > }152,169% > 153,0-169% > # Going into enable mode.154,170% > send "enable\r"155,170% > expect {156,171% "password:" { send "$addpass\r"157,172%8 > 159,0-172% > expect {160,173% > "*asswor*" {161,173% send_user "ERROR: Incorrect enable password to > remote host: $hosstname .\n"162,174% > exit 1;163,175% > }164,175% > "*rror in authenticatio*" {165,176% send_user "ERROR: Incorrect enable > password to remote host: $hosstname .\n"166,176% > exit 1;167,177% > }168,177% > timeout {169,178% send_user "ERROR: Timeout while going to enable mode on > host: $hhostname .\n"170,178% > exit 1;171,179% > }172,180% > "*#" {173,180% > send_user "ok on enable pass\n"174,181% > }175,181% > }176,182% > }177,182% > timeout {178,183% > send_user "ERROR: Timeout while running enable on host: $hostname > .\n"179,183% > exit 1;180,184% > }181,184%}182,185%3,0-1 > 184,0-186% > 185,0-186% > # Sending commands186,187%set timeout 60 > send_user "\nSTORE: now\n"187,188%8 > 189,0-188% > send "term pager 0\r"190,189% > 191,0-189%# Excluding uptime from the output > send "show version | grep -v Configuration last| up\r"192,190%3 > send "show running-config\r"194,191% > send "$commands\r"195,191% > send "exit\r"196,192% > 197,0-193% > expect {198,193% > timeout {199,194% > send_user "ERROR: Timeout while running commands on host: $hostname > .\n"200,194% > exit 1;201,195% > }202,195% > eof {203,196% > send_user "\nINFO: Finished.\n"204,196% > exit 0;205,197% > }206,197% > {}207,198% > {}208,0-198% > send_user "ERROR: Unable to finish properly.\n"209,199% > exit 1 > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
