Bug 218633

Summary: security/ossec-hids-local host-deny.sh add ip's to hosts.allow permanent
Product: Ports & Packages Reporter: Gian-Simon Purkert <gspurki>
Component: Individual Port(s)Assignee: Brad Davis <brd>
Status: Closed FIXED    
Severity: Affects Many People CC: brd, dominik.lisiak, gspurki
Priority: --- Keywords: needs-patch, needs-qa
Version: LatestFlags: koobs: maintainer-feedback? (brd)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
Bug Depends on: 226465, 229716, 232794    
Bug Blocks:    

Description Gian-Simon Purkert 2017-04-13 14:55:22 UTC 
/usr/local/ossec-hids/active-response/bin/host-deny.sh dosent delete entries in /etc/hosts.allow
Mktemp /var/ossec/ossec-hosts.XXXXXXXXXX is the problem i think, maybe /tmp/ossec-hosts.XXXXXXXXXX ?

cat host-deny.sh:

# Deleting from hosts.deny   
elif [ "x${ACTION}" = "xdelete" ]; then   
   lock;
   TMP_FILE = `mktemp /var/ossec/ossec-hosts.XXXXXXXXXX` 
   if [ "X${TMP_FILE}" = "X" ]; then 
     # Cheap fake tmpfile, but should be harder then no random data 
     TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `"
   fi
   if [ "X$UNAME" = "XFreeBSD" ]; then
    cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE}
    mv ${TMP_FILE} /etc/hosts.allow
   else
    cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE}
    cat ${TMP_FILE} > /etc/hosts.deny
    rm ${TMP_FILE}
   fi 
   unlock;
   exit 0;


Mktemp /var/ossec/
Comment 1 Gian-Simon Purkert 2017-04-14 14:00:45 UTC 
To add a ip to hosts.allow works perfectly, but delete one results in this:

root@mail:/ # /usr/local/ossec-hids/active-response/bin/host-deny.sh delete - 123.123.123.123
/usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found
/usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found
/usr/local/ossec-hids/active-response/bin/host-deny.sh: cannot create : No such file or directory
usage: mv [-f | -i | -n] [-hv] source target
               mv [-f | -i | -n] [-v] source ... directory
Comment 2 Gian-Simon Purkert 2017-07-31 12:40:50 UTC 
Same problem with fresh installation
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2017-08-01 09:47:40 UTC 
Assign to maintainer (incorrect category/portname on issue creation)
Comment 4 Gian-Simon Purkert 2018-06-11 14:09:21 UTC 
No update to 2.9.3?
Comment 5 Dominik Lisiak 2018-11-10 22:32:18 UTC 
Problem has been fixed in 3.1.0. This bug can be closed.