On one of my boxes the /var/ossec/active-response/bin/host-deny.sh
script changes the permissions of /etc/hosts.deny to 600 which causes
all sorts of problems(at least stunnel fails if hosts.deny is unreadable).
I don't think this is exactly a bug in ossec (I'm not sure what is
changing umask actually) but I think it is good practice to set the
permissions of system files that you recreate. So, I added a chmod 644
line into host-deny.sh
# Deleting from hosts.deny
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
cat /etc/hosts.deny | grep -v "ALL:${IP}$"> /tmp/hosts.deny.$$
mv /tmp/hosts.deny.$$ /etc/hosts.deny
chmod 644 /etc/hosts.deny
unlock;
exit 0;
