On Thu, Nov 3, 2016 at 12:44 PM, dan (ddp) <[email protected]> wrote: > On Thu, Nov 3, 2016 at 12:31 PM, dan (ddp) <[email protected]> wrote: >> On Thu, Nov 3, 2016 at 12:24 PM, dan (ddp) <[email protected]> wrote: >>> On Thu, Nov 3, 2016 at 12:07 PM, dan (ddp) <[email protected]> wrote: >>>> On Thu, Nov 3, 2016 at 11:58 AM, Jit Tank <[email protected]> wrote: >>>>> Can anyone confirm the ssh_integrity_check_linux agentless script works on >>>>> the ESXi 4.x, 5.x and 6.x platforms? >>>>> >>>> >>>> If you have an ESXi box, you can. >>>> >>> >>> After some quick testing, you have to modify ssh.exp adding: >>> "Password:" { >>> send "$pass\r" >>> source $sshloginsrc >>> } >>> >>> >>> I haven't figured out sshlogin.exp yet, but something there has to be >>> modified as well. >>> >> >> It get farther when I add this, but I haven't verified if it's actually >> working: >> "*" { >> send_user "\nINFO: Started.\n" >> } >> >> I expect my lack of expect knowledge is to blame for my inability to >> match the command prompt. > > > And trying it from the correct host this time... > The actual business line in ssh_integrity_check_linux.exp has to be modified. > send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do > tail \$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` && > sha1=`sha1sum \$i | cut -d \" \" -f 1` && echo FWD: `stat -c > \"%s:%a:%u:%g\" \$i`:\$md5:\$sha1 \$i; done; exit\r" >
I think the "--printf" in stat might be the only necessary change: send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail \$i >/dev/null 2>&1 && md5=`md5sum \$i | cut -d \" \" -f 1` && sha1=`sha1sum \$i | cut -d \" \" -f 1` && echo FWD: `stat -c \"%s:%a:%u:%g\" \$i`:\$md5:\$sha1 \$i; done; exit\r" > I haven't figured out what it needs to be yet, but I'm quickly eating > up my free time :-) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
