OSSEC version 2.8 inherits the umask of the user when adding cleartext passwords to the .passlist file, allowing for them to be world-readable instead of setting the permissions explicitly.
0dfee385226e0fb3dc8f32f7d0068e69fcf46238bec5458dfc665b4a601c7e0a
OSSEC 2.8 umask problem with clear text passwords :-(
# aramosf@unsec.net / SecurityByDefault.com
root@digitalsec:/home/aramosf# /var/ossec/agentless/register_host.sh add ossec@server1
Please provide password for host ossec@server1.
Password: Please provide additional password for host ossec@server1 (<enter> for empty).
Password: *Host ossec@server1 added.
root@digitalsec:/home/aramosf# cat /var/ossec/agentless/.passlist
ossec@server1|test|test2
root@digitalsec:/home/aramosf# ls -la /var/ossec/agentless/.passlist
-rwxr--r-- 1 root root 83 Sep 15 14:35 /var/ossec/agentless/.passlist
root@digitalsec:/home/aramosf#