/usr/local/ossec-hids/active-response/bin/host-deny.sh dosent delete entries in /etc/hosts.allow Mktemp /var/ossec/ossec-hosts.XXXXXXXXXX is the problem i think, maybe /tmp/ossec-hosts.XXXXXXXXXX ? cat host-deny.sh: # Deleting from hosts.deny elif [ "x${ACTION}" = "xdelete" ]; then lock; TMP_FILE = `mktemp /var/ossec/ossec-hosts.XXXXXXXXXX` if [ "X${TMP_FILE}" = "X" ]; then # Cheap fake tmpfile, but should be harder then no random data TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `" fi if [ "X$UNAME" = "XFreeBSD" ]; then cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE} mv ${TMP_FILE} /etc/hosts.allow else cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE} cat ${TMP_FILE} > /etc/hosts.deny rm ${TMP_FILE} fi unlock; exit 0; Mktemp /var/ossec/
To add a ip to hosts.allow works perfectly, but delete one results in this: root@mail:/ # /usr/local/ossec-hids/active-response/bin/host-deny.sh delete - 123.123.123.123 /usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found /usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found /usr/local/ossec-hids/active-response/bin/host-deny.sh: cannot create : No such file or directory usage: mv [-f | -i | -n] [-hv] source target mv [-f | -i | -n] [-v] source ... directory
Same problem with fresh installation
Assign to maintainer (incorrect category/portname on issue creation)
No update to 2.9.3?
Problem has been fixed in 3.1.0. This bug can be closed.