Bug 218633 - security/ossec-hids-local host-deny.sh add ip's to hosts.allow permanent
Summary: security/ossec-hids-local host-deny.sh add ip's to hosts.allow permanent
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Brad Davis
URL:
Keywords: needs-patch, needs-qa
Depends on: 226465 229716 232794
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-13 14:55 UTC by Gian-Simon Purkert
Modified: 2018-11-10 23:18 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (brd)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gian-Simon Purkert 2017-04-13 14:55:22 UTC
/usr/local/ossec-hids/active-response/bin/host-deny.sh dosent delete entries in /etc/hosts.allow
Mktemp /var/ossec/ossec-hosts.XXXXXXXXXX is the problem i think, maybe /tmp/ossec-hosts.XXXXXXXXXX ?

cat host-deny.sh:

# Deleting from hosts.deny   
elif [ "x${ACTION}" = "xdelete" ]; then   
   lock;
   TMP_FILE = `mktemp /var/ossec/ossec-hosts.XXXXXXXXXX` 
   if [ "X${TMP_FILE}" = "X" ]; then 
     # Cheap fake tmpfile, but should be harder then no random data 
     TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `"
   fi
   if [ "X$UNAME" = "XFreeBSD" ]; then
    cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE}
    mv ${TMP_FILE} /etc/hosts.allow
   else
    cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE}
    cat ${TMP_FILE} > /etc/hosts.deny
    rm ${TMP_FILE}
   fi 
   unlock;
   exit 0;


Mktemp /var/ossec/
Comment 1 Gian-Simon Purkert 2017-04-14 14:00:45 UTC
To add a ip to hosts.allow works perfectly, but delete one results in this:

root@mail:/ # /usr/local/ossec-hids/active-response/bin/host-deny.sh delete - 123.123.123.123
/usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found
/usr/local/ossec-hids/active-response/bin/host-deny.sh: TMP_FILE: not found
/usr/local/ossec-hids/active-response/bin/host-deny.sh: cannot create : No such file or directory
usage: mv [-f | -i | -n] [-hv] source target
               mv [-f | -i | -n] [-v] source ... directory
Comment 2 Gian-Simon Purkert 2017-07-31 12:40:50 UTC
Same problem with fresh installation
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2017-08-01 09:47:40 UTC
Assign to maintainer (incorrect category/portname on issue creation)
Comment 4 Gian-Simon Purkert 2018-06-11 14:09:21 UTC
No update to 2.9.3?
Comment 5 Dominik Lisiak 2018-11-10 22:32:18 UTC
Problem has been fixed in 3.1.0. This bug can be closed.