'Re: [ossec-list] OSSEC Agentless Questions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] OSSEC Agentless Questions
From:       "dan (ddp)" <ddpbsd () gmail ! com>
Date:       2016-09-15 14:45:39
Message-ID: CAMyQvMq6H6sWQJDL=u+wOqECRaZam0rKL85CvLCe7pHy59iSYw () mail ! gmail ! com
[Download RAW message or body]

On Thu, Sep 15, 2016 at 10:35 AM, Keith <enforce570@gmail.com> wrote:
> Hey Everyone,
> 
> I have two questions related to agentless configurations. I can't seem to
> find a good answer on either.
> 
> First Question:
> 
> How do I removed a host from the ossecagentless  config. I did remove it
> from ossec.conf and from .passlist but the hosts are still showing. Two of
> them were typos I'd like to remove..output from syscheck:
> 
> # ./bin/syscheck_control -l
> 
> OSSEC HIDS syscheck_control. List of available agents:
> <hosts removed>
> 
> List of agentless devices:
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ssecbackups@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_pixconfig_diff) ssecbackups@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ossecbackups@X.X.X.X, IP:
> X.X.X.X, agentless
> 
> The red devices I need to remove as they are typo's.
> 

Do files exist for these systems in /var/ossec/queue/syscheck? If so,
remove the files (you may have to restart the OSSEC processes on the
server).

> Second Question:
> 
> The final host in the agentless output is correct but ossec is not logging
> into the host. I am getting the following error:
> # ./agentless/ssh_asa-fwsmconfig_diff ossecbacksup@X.X.X.X
> ERROR: Password for 'ossecbacksup@X.X.X.X' not found.
> 
> Output from the .passlist file
> # cat agentless/.passlist
> ossecbacksups@X.X.X.X|<passwordwasherebutIremovedit>
> 

Is there a pipe ("|") at the end of that line? If not, that seems to
provide that error for me.

> Manually logging into the target switch using the ossec account
> # ssh ossecbackups@X.X.X.X
> <warning banner here but removed for brevity>
> Password:
> router# exit
> Connection to X.X.X.X closed.
> 
> --
> 
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic