Check your agentless directory permissions and ownership too. Should be 0550, root, ossec.
On Tuesday, March 17, 2015 at 11:39:31 AM UTC-4, Gaetan Noel wrote: > > That's what I was afraid of, that's what I have, root/root. > > Would you guys have an idea on where I can loof for ? If I test running > the script directly it finds the password and connects but when it's OSSEC > that runs the script I get password not found > > Do you have an idea ? > > Thanks > > On Tuesday, March 17, 2015 at 11:21:20 AM UTC-4, Brent Morris wrote: >> >> the permissions on .passlist on my system are 744 >> >> >> >> On Tuesday, March 17, 2015 at 5:37:46 AM UTC-7, Gaetan Noel wrote: >>> >>> Thanks for you answer, you were right, the script waits for a ">" and >>> our switchs give us a "#" so I've changed the script accordingly and it >>> works now. >>> >>> Only problem is, when ossec runs that script it doesn't find the >>> passwords I'm thinking it's right issue on the .passlist. Would you mind >>> giving me the rights you have on the file on your environment ? >>> >>> Thanks, >>> Gaetan >>> >>> On Monday, March 16, 2015 at 10:23:29 AM UTC-4, dan (ddpbsd) wrote: >>>> >>>> On Fri, Mar 13, 2015 at 4:04 PM, Gaetan Noel <[email protected]> wrote: >>>> > Hello, >>>> > >>>> > I'm trying to setup agentless on our system but when I run the test >>>> command >>>> > the script successfully connects to my switch but it looks like the >>>> command >>>> > isn't run on it so it times out : >>>> > >>>> > [root@xxxxxxx:/var/ossec]# ./agentless/ssh_pixconfig_diff >>>> > switch_fim@xxxxxxxxxx >>>> > spawn ssh -c des switch_fim@xxxxxxxxx >>>> > No valid ciphers for protocol version 2 given, using defaults. >>>> > C >>>> > >>>> >>>> I don't know for sure, but I'd bet this output is confusing the script. >>>> >>>> > SWITCH_HOSTNAME# >>>> > ERROR: Timeout while running on host (too long to finish): >>>> > switch_fim@xxxxxxxxxx . >>>> > >>>> > All the config seems fine I've added the host using the correct >>>> command and >>>> > the ossec.conf looks like this : >>>> > >>>> > <agentless> >>>> > <type>ssh_pixconfig_diff</type> >>>> > <frequency>60</frequency> >>>> > <host>switch_fim@xxxxxxxxxxxx</host> >>>> > <state>periodic_diff</state> >>>> > <arguments>show conf</arguments> >>>> > </agentless> >>>> > >>>> > Thanks in advance :-) >>>> > >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to [email protected]. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
