On Thu, Sep 15, 2016 at 10:35 AM, Keith <
enfor...@gmail.com> wrote:
> Hey Everyone,
>
> I have two questions related to agentless configurations. I can't seem to
> find a good answer on either.
>
> First Question:
>
> How do I removed a host from the ossecagentless config. I did remove it
> from ossec.conf and from .passlist but the hosts are still showing. Two of
> them were typos I'd like to remove..output from syscheck:
>
> # ./bin/syscheck_control -l
>
> OSSEC HIDS syscheck_control. List of available agents:
> <hosts removed>
>
> List of agentless devices:
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ssecb...@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_pixconfig_diff) ssecb...@X.X.X.X, IP: X.X.X.X,
> agentless
> ID: na, Name: (ssh_asa-fwsmconfig_diff) ossecb...@X.X.X.X, IP:
> X.X.X.X, agentless
>
> The red devices I need to remove as they are typo's.
>
Do files exist for these systems in /var/ossec/queue/syscheck? If so,
remove the files (you may have to restart the OSSEC processes on the
server).
> Second Question:
>
> The final host in the agentless output is correct but ossec is not logging
> into the host. I am getting the following error:
> # ./agentless/ssh_asa-fwsmconfig_diff ossecb...@X.X.X.X
> ERROR: Password for 'ossecb...@X.X.X.X' not found.
>
> Output from the .passlist file
> # cat agentless/.passlist
> ossecb...@X.X.X.X|<passwordwasherebutIremovedit>
>
Is there a pipe ("|") at the end of that line? If not, that seems to
provide that error for me.
> Manually logging into the target switch using the ossec account
> # ssh ossecb...@X.X.X.X
> <warning banner here but removed for brevity>
> Password:
> router# exit
> Connection to X.X.X.X closed.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
ossec-list+...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.