Timeout for agentless monitoring
17 views
Skip to first unread message
Arthur Henrique Oliveira Aparício
Jul 2, 2024, 9:00:49 AM (19 hours ago) Jul 2
to Wazuh | Mailing List
Hello there!
I'm coming here to ask about a situation that I saw in some topics but didn't find the answer: timeout when I try to do agentless monitoring. My step by step was as follows: I created a username and password on the FreeBSD target server, I used the command /var/ossec/agentless/register_host.sh add us...@test.com test_password with the created_user@server_ip and the created_password, I checked with the /var/ossec/agentless/register_host.sh list command, I checked the /var/ossec/agentless/.passlist file and there was a record (the only one created), I edited the ossec.conf file:
<!--agentless-->
<agentless>
<type>ssh_integrity_check_bsd</type>
<frequency>3600</frequency>
<host>user@ip</host>
<state>periodic_diff</state>
<arguments>/file1 /file2</arguments>
</agentless>
and I restarted the manager. It returns timeout error.
After that, I decided to test manually using the command ./agentless/ssh_integrity_check_bsd user@ip /home, and it goes through all the main.exp validators, and still gives a timeout. To be more specific, it appears:
(user@ip) Password for user@dns_name: ERROR: Timeout while connecting to host: user@ip .
I've already tested accessing the user via ssh through the wazuh server, and it connects directly, so I'm really sure it's not a connection issue between the servers. Any ideas on how I can resolve this issue?
I thank you for your attention
Roman Luna
Jul 2, 2024, 11:24:32 AM (16 hours ago) Jul 2
to Wazuh | Mailing List
Hi,
Thanks for the information provided. Have you also checked the ossec.log from the manager to check if it is blocking the connection? To see if there is additional information regarding this timeout.
You can find the log at /var/ossec/logs/ossec.log in the manager. Let me know if you can share with me with sensible information being left out, remember that this is a public forum.
Regards.
Arthur Henrique Oliveira Aparício
Jul 2, 2024, 12:14:21 PM (15 hours ago) Jul 2
to Wazuh | Mailing List
Hi!
I used grep to filter for ssh, and the only thing I think is strange is the fact that there is a space before the period of each line.
I used grep to filter for ssh, and the only thing I think is strange is the fact that there is a space before the period of each line.
Roman Luna
Jul 2, 2024, 1:00:50 PM (15 hours ago) Jul 2
to Wazuh | Mailing List
Hi,
It seems there is a problem with connectivity with the host. Another option could be to install from sources the package in FreeBSD using the following script: https://github.com/wazuh/wazuh/blob/master/install.sh
There are some dependencies that you need to have in order to build it: pkg install automake autoconf libtool cmake gmake
All the features might not be available, but it should work for most cases, it shares some components with MacOS as it is part of the BSD family.
Regards.
Arthur Henrique Oliveira Aparício
Jul 2, 2024, 2:31:24 PM (13 hours ago) Jul 2
to Wazuh | Mailing List
Hi again!
Thanks for the tip, but I discovered the problem: in /var/ossec/agentless/ssh.exp, the search is for "*assword:*", although, on my FreeBSD, the password field is "Password for...", so I changed the file to delete the ":". Now it's working.
Thanks again for your help, and I think I'll try installing the package on some servers I have.
Thanks for the tip, but I discovered the problem: in /var/ossec/agentless/ssh.exp, the search is for "*assword:*", although, on my FreeBSD, the password field is "Password for...", so I changed the file to delete the ":". Now it's working.
Thanks again for your help, and I think I'll try installing the package on some servers I have.
Regards.
Reply all
Reply to author
Forward
0 new messages