new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / debian / ossec-hids / var / ossec / agentless / ssh_pixconfig_diff

diff --git a/debian/ossec-hids/var/ossec/agentless/ssh_pixconfig_diff b/debian/ossec-hids/var/ossec/agentless/ssh_pixconfig_diff
new file mode 100755 (executable)
index 0000000..edf992f
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/agentless/ssh_pixconfig_diff
@@ -0,0 +1,205 @@
+#!/usr/bin/env expect
+
+# Agentless monitoring
+#
+# Copyright (C) 2009 Trend Micro Inc.
+# All rights reserved.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+if {$argc < 1} {
+    send_user "ERROR: ssh_pixconfig_diff <hostname> <commands>\n";
+    exit 1;
+}
+
+# NOTE: this script must be called from within /var/ossec for it to work
+set passlist "agentless/.passlist"
+set hostname [lindex $argv 0]
+set commands [lrange $argv 1 end]
+set pass "x"
+set addpass "x"
+set timeout 20
+
+if {[string compare $hostname "test"] == 0} {
+    if {[string compare $commands "test"] == 0} {
+        exit 0;
+    }
+}
+
+# Read the password list
+if [catch {
+    set in [open "$passlist" r]
+} loc_error] {
+    send_user "ERROR: Password list not present (use \"register_host\" first).\n"
+    exit 1;
+}
+
+while {[gets $in line] != -1} {
+        set me [string first "|" $line]
+        set me2 [string last "|" $line]
+        set length [string length $line]
+
+        if {$me == -1} {
+            continue;
+        }
+        if {$me2 == -1} {
+            continue;
+        }
+        if {$me == $me2} {
+            continue;
+        }
+
+        set me [expr $me-1]
+        set me2 [expr $me2-1]
+
+        set host_list [string range $line 0 $me]
+        set me [expr $me+2]
+        set pass_list [string range $line $me $me2]
+        set me2 [expr $me2+2]
+        set addpass_list [string range $line $me2 $length]
+
+        if {[string compare $host_list $hostname] == 0} {
+            set pass "$pass_list"
+            set addpass "$addpass_list"
+            break
+        }
+}
+close $in
+
+if {[string compare $pass "x"] == 0} {
+    send_user "ERROR: Password for '$hostname' not found.\n"
+    exit 1;
+}
+
+# SSH to the box and pass the directories to check
+if [catch {
+    spawn ssh -c des $hostname
+} loc_error] {
+    send_user "ERROR: Opening connection: $loc_error.\n"
+    exit 1;
+}
+
+expect {
+    "WARNING: REMOTE HOST" {
+        send_user "ERROR: RSA host key for '$hostname' has changed. Unable to access.\n"
+        exit 1;
+    }
+    "*sure you want to continue connecting*" {
+        send "yes\r"
+        expect "* password:*" {
+            send "$pass\r"
+
+            expect {
+                "Permission denied" {
+                    send_user "ERROR: Incorrect password to remote host: $hostname .\n"
+                    exit 1;
+                }
+                timeout {
+                    send_user "ERROR: Timeout while running on host (too long to finish): $hostname .\n"
+                    exit 1;
+                }
+                "*>" {
+                    send_user "\nINFO: Starting.\n"
+                }
+            }
+        }
+    }
+    "ssh: connect to host*" {
+        send_user "ERROR: Unable to connect to remote host: $hostname .\n"
+        exit 1;
+    }
+    "no address associated with name" {
+        send_user "ERROR: Unable to connect to remote host: $hostname .\n"
+        exit 1;
+    }
+    "*Connection refused*" {
+        send_user "ERROR: Unable to connect to remote host: $hostname .\n"
+        exit 1;
+    }
+    "*Connection closed by remote host*" {
+        send_user "ERROR: Unable to connect to remote host: $hostname .\n"
+        exit 1;
+    }
+    "*Password:*" {
+        send "$pass\r"
+
+        expect {
+            "Permission denied" {
+                send_user "ERROR: Incorrect password to remote host: $hostname .\n"
+                exit 1;
+            }
+            timeout {
+                send_user "ERROR: Timeout while running on host (too long to finish): $hostname .\n"
+                exit 1;
+            }
+            "*>" {
+                send_user "INFO: Starting.\n"
+            }
+        }
+    }
+    timeout {
+        send_user "ERROR: Timeout while connecting to host: $hostname . \n"
+        exit 1;
+    }
+}
+
+# Go into enable mode
+send "enable\r"
+expect {
+    "Password:" {
+        send "$addpass\r"
+
+        expect {
+            "*asswor*" {
+                send_user "ERROR: Incorrect enable password to remote host: $hostname .\n"
+                exit 1;
+            }
+            "*rror in authenticatio*" {
+                send_user "ERROR: Incorrect enable password to remote host: $hostname .\n"
+                exit 1;
+            }
+            timeout {
+                send_user "ERROR: Timeout while going to enable mode on host: $hostname .\n"
+                exit 1;
+            }
+            "*#" {
+                send_user "ok on enable pass\n"
+            }
+        }
+    }
+    timeout {
+        send_user "ERROR: Timeout while running enable on host: $hostname .\n"
+        exit 1;
+    }
+}
+
+# Send commands
+set timeout 60
+send_user "\nSTORE: now\n"
+
+send "no pager\r"
+send "term len 0\r"
+send "terminal pager 0\r"
+
+# Exclude uptime from the output
+send "show version | grep -v Configuration last| up\r"
+send "show running-config\r"
+send "$commands\r"
+send "exit\r"
+
+expect {
+    timeout {
+        send_user "ERROR: Timeout while running commands on host: $hostname .\n"
+        exit 1;
+    }
+    eof {
+        send_user "\nINFO: Finished.\n"
+        exit 0;
+    }
+}
+
+send_user "ERROR: Unable to finish properly.\n"
+exit 1;