On Thu, Nov 3, 2016 at 12:31 PM, dan (ddp) <[email protected]> wrote: > On Thu, Nov 3, 2016 at 12:24 PM, dan (ddp) <[email protected]> wrote: >> On Thu, Nov 3, 2016 at 12:07 PM, dan (ddp) <[email protected]> wrote: >>> On Thu, Nov 3, 2016 at 11:58 AM, Jit Tank <[email protected]> wrote: >>>> Can anyone confirm the ssh_integrity_check_linux agentless script works on >>>> the ESXi 4.x, 5.x and 6.x platforms? >>>> >>> >>> If you have an ESXi box, you can. >>> >> >> After some quick testing, you have to modify ssh.exp adding: >> "Password:" { >> send "$pass\r" >> source $sshloginsrc >> } >> >> >> I haven't figured out sshlogin.exp yet, but something there has to be >> modified as well. >> > > It get farther when I add this, but I haven't verified if it's actually > working: > "*" { > send_user "\nINFO: Started.\n" > } > > I expect my lack of expect knowledge is to blame for my inability to > match the command prompt.
And trying it from the correct host this time... The actual business line in ssh_integrity_check_linux.exp has to be modified. send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail \$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` && sha1=`sha1sum \$i | cut -d \" \" -f 1` && echo FWD: `stat -c \"%s:%a:%u:%g\" \$i`:\$md5:\$sha1 \$i; done; exit\r" I haven't figured out what it needs to be yet, but I'm quickly eating up my free time :-) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
