[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] OSSEC Agentless Questions
From: "dan (ddp)" <ddpbsd () gmail ! com>
Date: 2016-09-15 14:45:39
Message-ID: CAMyQvMq6H6sWQJDL=u+wOqECRaZam0rKL85CvLCe7pHy59iSYw () mail ! gmail ! com
[Download RAW message or body]
On Thu, Sep 15, 2016 at 10:35 AM, Keith <enforce570@gmail.com> wrote:
> Hey Everyone,
>
> I have two questions related to agentless configurations. I can't seem to
> find a good answer on either.
>
> First Question:
>
> How do I removed a host from the ossecagentless config. I did remove it
> from ossec.conf and from .passlist but the hosts are still showing. Two of
> them were typos I'd like to remove..output from syscheck:
>
> # ./bin/syscheck_control -l
>
> OSSEC HIDS syscheck_control. List of available agents:
> <hosts removed>
>
> List of agentless devices:
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ssecbackups@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_pixconfig_diff) ssecbackups@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ossecbackups@X.X.X.X, IP:
> X.X.X.X, agentless
>
> The red devices I need to remove as they are typo's.
>
Do files exist for these systems in /var/ossec/queue/syscheck? If so,
remove the files (you may have to restart the OSSEC processes on the
server).
> Second Question:
>
> The final host in the agentless output is correct but ossec is not logging
> into the host. I am getting the following error:
> # ./agentless/ssh_asa-fwsmconfig_diff ossecbacksup@X.X.X.X
> ERROR: Password for 'ossecbacksup@X.X.X.X' not found.
>
> Output from the .passlist file
> # cat agentless/.passlist
> ossecbacksups@X.X.X.X|<passwordwasherebutIremovedit>
>
Is there a pipe ("|") at the end of that line? If not, that seems to
provide that error for me.
> Manually logging into the target switch using the ossec account
> # ssh ossecbackups@X.X.X.X
> <warning banner here but removed for brevity>
> Password:
> router# exit
> Connection to X.X.X.X closed.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic