[ossec-list] Blank /etc/hosts.deny
Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: > Hi, > > Before installing OSSEC on a Debian 8 server, I took a look at the > hosts.deny and hosts.allow files and noted that they were not blank. After > installing OSSEC, however, the hosts.deny file is blank, not even a comment > or # character. > > Is that expected, or did something go wrong during installation? > > TIA, > > > > -- > finid > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Yes, active-response is enabled, but is it designed to delete all the contents of that file? I thought it's supposed to append denied IP address to the file... -- finid On 2015-05-10 12:08, Eero Volotinen wrote: Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. Links: -- [1] https://groups.google.com/d/optout -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Please see the comments here: http://www.ossec.net/?p=1135 On Sunday, May 10, 2015, wrote: > Yes, active-response is enabled, but is it designed to delete all the > contents of that file? I thought it's supposed to append denied IP address > to the file... > > > > -- > finid > > > On 2015-05-10 12:08, Eero Volotinen wrote: > >> Well, did you actived active response? It might modify hosts.deny .. >> 10.5.2015 7.53 ip. kirjoitti: >> >> Hi, >>> >>> Before installing OSSEC on a Debian 8 server, I took a look at the >>> hosts.deny and hosts.allow files and noted that they were not blank. >>> After installing OSSEC, however, the hosts.deny file is blank, not >>> even a comment or # character. >>> >>> Is that expected, or did something go wrong during installation? >>> >>> TIA, >>> >>> -- >>> finid >>> >>> -- >>> >>> --- You received this message because you are subscribed to the >>> Google Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout [1]. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout [1]. >> >> >> Links: >> -- >> [1] https://groups.google.com/d/optout >> > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Thanks, -- finid On 2015-05-10 13:45, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 [2] On Sunday, May 10, 2015, wrote: Yes, active-response is enabled, but is it designed to delete all the contents of that file? I thought it's supposed to append denied IP address to the file... -- finid On 2015-05-10 12:08, Eero Volotinen wrote: Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1] [1]. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1] [1]. Links: -- [1] https://groups.google.com/d/optout [1] -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com [3] -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. Links: -- [1] https://groups.google.com/d/optout [2] http://www.ossec.net/?p=1135 [3] http://securityonionsolutions.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
On Sun, 10 May 2015, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 Unfortunately, adduser.sh was also broken in 2.8.1 on certain systems resulting in various files not being updated as expected on an agent when install.sh is run. Ie. if you installed 2.8.1 over a previous version, your agent may still be using the older binaries and scripts. Unfortunately, the patch for adduser.sh didn't make it to the stable branch in time for the pending 2.9 release. Two workarounds are to do a clean agent install to ensure your host-deny.sh is the most recent or just install host-deny.sh manually from the source. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com
Re: [ossec-list] Blank /etc/hosts.deny
This was a clean install of 2.8.1 on a fresh Debian 8 server. -- finid On 2015-05-10 20:24, Antonio Querubin wrote: On Sun, 10 May 2015, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 Unfortunately, adduser.sh was also broken in 2.8.1 on certain systems resulting in various files not being updated as expected on an agent when install.sh is run. Ie. if you installed 2.8.1 over a previous version, your agent may still be using the older binaries and scripts. Unfortunately, the patch for adduser.sh didn't make it to the stable branch in time for the pending 2.9 release. Two workarounds are to do a clean agent install to ensure your host-deny.sh is the most recent or just install host-deny.sh manually from the source. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
On Sun, 10 May 2015, fi...@vivaldi.net wrote: This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com
Re: [ossec-list] Blank /etc/hosts.deny
So if I remove the spaces around the = sign and restart OSSEC, which I've done, what's next? Is hosts.deny returned to tis default state, with all the comments? -- finid On 2015-05-10 23:24, Antonio Querubin wrote: On Sun, 10 May 2015, fi...@vivaldi.net wrote: This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Note that there are TWO lines with unwanted spaces.
# Deleting from hosts.deny
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
TMP_FILE = `mktemp /var/ossec/ossec-hosts.XX`
if [ "X${TMP_FILE}" = "X" ]; then
# Cheap fake tmpfile, but should be harder then no random data
TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc
'a-zA-Z0-9' | fold -w 32 | head -1 `"
fi
==>
# Deleting from hosts.deny
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
TMP_FILE=`mktemp /var/ossec/ossec-hosts.XX`
if [ "X${TMP_FILE}" = "X" ]; then
# Cheap fake tmpfile, but should be harder then no random data
TMP_FILE="/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc
'a-zA-Z0-9' | fold -w 32 | head -1 `"
fi
Op maandag 11 mei 2015 11:11:13 UTC+2 schreef finid:
>
> So if I remove the spaces around the = sign and restart OSSEC, which
> I've done, what's next?
>
> Is hosts.deny returned to tis default state, with all the comments?
>
>
>
> --
> finid
>
> On 2015-05-10 23:24, Antonio Querubin wrote:
> > On Sun, 10 May 2015, fi...@vivaldi.net wrote:
> >
> >> This was a clean install of 2.8.1 on a fresh Debian 8 server.
> >
> > Actually you're right - a clean agent install of 2.8.1 would still
> > have the problem with the spaces around the '=' in host-deny.sh since
> > 2.8.1 actually introduced that problem.
> >
> > And if I'm reading the commit log correctly, the patch to adduser.sh
> > did actually make it into 2.9-beta4. Sorry for the confusion.
> >
> > Antonio Querubin
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
On Mon, May 11, 2015 at 12:39 AM, wrote: > So if I remove the spaces around the = sign and restart OSSEC, which I've > done, what's next? > > Is hosts.deny returned to tis default state, with all the comments? > You'll probably have to restore that file from backups. > > > -- > finid > > > > > On 2015-05-10 23:24, Antonio Querubin wrote: >> >> On Sun, 10 May 2015, fi...@vivaldi.net wrote: >> >>> This was a clean install of 2.8.1 on a fresh Debian 8 server. >> >> >> Actually you're right - a clean agent install of 2.8.1 would still >> have the problem with the spaces around the '=' in host-deny.sh since >> 2.8.1 actually introduced that problem. >> >> And if I'm reading the commit log correctly, the patch to adduser.sh >> did actually make it into 2.9-beta4. Sorry for the confusion. >> >> >> Antonio Querubin >> e-mail: t...@lavanauts.org >> xmpp: antonioqueru...@gmail.com > > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Yes, I fixed both.
Thanks,
--
finid
On 2015-05-12 03:54, H.Merijn Brand wrote:
Note that there are TWO lines with unwanted spaces.
# Deleting from hosts.deny
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
TMP_FILE = `mktemp /var/ossec/ossec-hosts.XX`
if [ "X${TMP_FILE}" = "X" ]; then
# Cheap fake tmpfile, but should be harder then no random data
TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc
'a-zA-Z0-9' | fold -w 32 | head -1 `"
fi
==>
# Deleting from hosts.deny
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
TMP_FILE=`mktemp /var/ossec/ossec-hosts.XX`
if [ "X${TMP_FILE}" = "X" ]; then
# Cheap fake tmpfile, but should be harder then no random data
TMP_FILE="/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc
'a-zA-Z0-9' | fold -w 32 | head -1 `"
fi
Op maandag 11 mei 2015 11:11:13 UTC+2 schreef finid:
So if I remove the spaces around the = sign and restart OSSEC, which
I've done, what's next?
Is hosts.deny returned to tis default state, with all the comments?
--
finid
On 2015-05-10 23:24, Antonio Querubin wrote:
On Sun, 10 May 2015, fi...@vivaldi.net wrote:
This was a clean install of 2.8.1 on a fresh Debian 8 server.
Actually you're right - a clean agent install of 2.8.1 would still
have the problem with the spaces around the '=' in host-deny.sh
since
2.8.1 actually introduced that problem.
And if I'm reading the commit log correctly, the patch to
adduser.sh
did actually make it into 2.9-beta4. Sorry for the confusion.
Antonio Querubin
--
---
You received this message because you are subscribed to the Google
Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout [1].
Links:
--
[1] https://groups.google.com/d/optout
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
I think this should be documented, so users are aware, not just about how to recover the file, but that this happens and how to fix it. -- finid On 2015-05-12 09:04, dan (ddp) wrote: On Mon, May 11, 2015 at 12:39 AM, wrote: So if I remove the spaces around the = sign and restart OSSEC, which I've done, what's next? Is hosts.deny returned to tis default state, with all the comments? You'll probably have to restore that file from backups. -- finid On 2015-05-10 23:24, Antonio Querubin wrote: On Sun, 10 May 2015, fi...@vivaldi.net wrote: This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
On Tue, May 12, 2015 at 12:26 PM, wrote: > I think this should be documented, so users are aware, not just about how to > recover the file, but that this happens and how to fix it. > I've added a FAQ entry for it: http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#my-etc-hosts-deny-file-is-blank-after-install-2-8-1 > > > -- > finid > > > > > On 2015-05-12 09:04, dan (ddp) wrote: >> >> On Mon, May 11, 2015 at 12:39 AM, wrote: >>> >>> So if I remove the spaces around the = sign and restart OSSEC, which I've >>> done, what's next? >>> >>> Is hosts.deny returned to tis default state, with all the comments? >>> >> >> You'll probably have to restore that file from backups. >> >>> >>> >>> -- >>> finid >>> >>> >>> >>> >>> On 2015-05-10 23:24, Antonio Querubin wrote: On Sun, 10 May 2015, fi...@vivaldi.net wrote: > This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com >>> >>> >>> >>> -- >>> >>> --- You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. > > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Thank you, -- finid On 2015-05-12 11:31, dan (ddp) wrote: On Tue, May 12, 2015 at 12:26 PM, wrote: I think this should be documented, so users are aware, not just about how to recover the file, but that this happens and how to fix it. I've added a FAQ entry for it: http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#my-etc-hosts-deny-file-is-blank-after-install-2-8-1 -- finid On 2015-05-12 09:04, dan (ddp) wrote: On Mon, May 11, 2015 at 12:39 AM, wrote: So if I remove the spaces around the = sign and restart OSSEC, which I've done, what's next? Is hosts.deny returned to tis default state, with all the comments? You'll probably have to restore that file from backups. -- finid On 2015-05-10 23:24, Antonio Querubin wrote: On Sun, 10 May 2015, fi...@vivaldi.net wrote: This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
