Dan - thanks for your time ... which version of ESXi are you testing against?
On Thu, Nov 3, 2016 at 4:44 PM, dan (ddp) <[email protected]> wrote: > On Thu, Nov 3, 2016 at 12:31 PM, dan (ddp) <[email protected]> wrote: > > On Thu, Nov 3, 2016 at 12:24 PM, dan (ddp) <[email protected]> wrote: > >> On Thu, Nov 3, 2016 at 12:07 PM, dan (ddp) <[email protected]> wrote: > >>> On Thu, Nov 3, 2016 at 11:58 AM, Jit Tank <[email protected]> wrote: > >>>> Can anyone confirm the ssh_integrity_check_linux agentless script > works on > >>>> the ESXi 4.x, 5.x and 6.x platforms? > >>>> > >>> > >>> If you have an ESXi box, you can. > >>> > >> > >> After some quick testing, you have to modify ssh.exp adding: > >> "Password:" { > >> send "$pass\r" > >> source $sshloginsrc > >> } > >> > >> > >> I haven't figured out sshlogin.exp yet, but something there has to be > >> modified as well. > >> > > > > It get farther when I add this, but I haven't verified if it's actually > working: > > "*" { > > send_user "\nINFO: Started.\n" > > } > > > > I expect my lack of expect knowledge is to blame for my inability to > > match the command prompt. > > > And trying it from the correct host this time... > The actual business line in ssh_integrity_check_linux.exp has to be > modified. > send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do > tail \$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` && > sha1=`sha1sum \$i | cut -d \" \" -f 1` && echo FWD: `stat -c > \"%s:%a:%u:%g\" \$i`:\$md5:\$sha1 \$i; done; exit\r" > > I haven't figured out what it needs to be yet, but I'm quickly eating > up my free time :-) > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/ossec-list/OT0WKGWdQD4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
