Disclaimer: I'm working with ossec for the first time.
Is it possible to set up agentless monitoring with non-standard SSH ports?
For example this configuration works as the server I'm monitoring is in the
same LAN as the OSSEC server
<agentless>
<type>ssh_integrity_check_linux</type>
<frequency>36</frequency>
<host>[email protected]</host>
<state>periodic</state>
<arguments>/bin /etc/ /sbin</arguments>
</agentless>
However using the syntax that I would normally use to connect to a Linux
machine from the command line does not work
<agentless>
<type>ssh_integrity_check_linux</type>
<frequency>36</frequency>
<host>[email protected] -p 1234</host>
<state>periodic</state>
<arguments>/bin /etc/ /sbin</arguments>
</agentless>
I see this in the ossec log:
2016/01/22 16:02:55 ossec-agentlessd: ERROR: ssh_integrity_check_linux:
[email protected] -p 1234: Password for '[email protected] -p 1234'
not found.
This is what the .passlist file entry looks like:
[email protected]|NOPASS|-p|1234
(pubic IP address replaced with xxx.xxx.xxx.xxx)
Is there a way to configure OSSEC to connect over a non-standard SSH port?
if so how would it be done?
Thank you
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
