/var/ossec/agentless/ssh_generic_diff “user@remotehost” grep root /etc/shadow | awk -F: ‘{print $2}’

It is not very elegant, any way to improve it a little? Thanks in advance, Carlos.

I have a question, I’m trying to run an agentless check, using either scripts or command lie to verify if the root passwd hash has changed since the last check. Command would be like: grep root /etc/shadow | awk -F: ‘{print $2}’

But is hard to have OSSEC running it without issues, what’s the best approach? Create a simple shell script, distribute it and have expect running it and checking with generic diff perhaps?

Thanks in advance, Carlos.