[Pkg-ossec-devel] Adjust permission after creating /var/run/ossec-hids
weiqiang.yang
scutweiqiang.yang at gmail.com
Wed Mar 12 06:07:21 UTC 2014
when /var/run/ossec-hids is created by ossec-hids-*.init script, it's default permission is 755 and it's owned by root:root
in that case ossec-agentd process won't be able to create the pid file, as it's running by "ossec" user
so I think we should adjust the owner and permission when creating /var/run/ossec-hids, below is my solution for this, please take a look at it, thanks.
diff --git a/debian/ossec-hids-agent.init b/debian/ossec-hids-agent.init
index f28b907..832f7c7 100755
--- a/debian/ossec-hids-agent.init
+++ b/debian/ossec-hids-agent.init
@@ -25,6 +25,9 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="OSSEC Host-based Intrusion Detection System agent"
NAME=ossec-hids-agent
+USER=ossec
+GROUP=ossec
+PIDFILE=/var/run/ossec-hids
DAEMON=/usr/lib/ossec/ossec-agentd
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
@@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
[ ! -e "${DIRECTORY}" ] && exit 0
# Create the directory for the pidfiles
-[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
+if [ ! -e ${PIDFILE} ] ; then
+ mkdir -p ${PIDFILE}
+ chown ${USER}:${GROUP} ${PIDFILE}
+ chmod 755 ${PIDFILE}
+fi
# Log file for the ossec-control file
LOGDIR=${DIRECTORY}/logs
diff --git a/debian/ossec-hids-local.init b/debian/ossec-hids-local.init
index b7aed02..dbf986e 100755
--- a/debian/ossec-hids-local.init
+++ b/debian/ossec-hids-local.init
@@ -25,6 +25,9 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="OSSEC Host-based Intrusion Detection System local"
NAME=ossec-hids-local
+USER=ossec
+GROUP=ossec
+PIDFILE=/var/run/ossec-hids
DAEMON=/usr/lib/ossec/ossec-agentd
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
@@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
[ ! -e "${DIRECTORY}" ] && exit 0
# Create the directory for the pidfiles
-[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
+if [ ! -e ${PIDFILE} ] ; then
+ mkdir -p ${PIDFILE}
+ chown ${USER}:${GROUP} ${PIDFILE}
+ chmod 755 ${PIDFILE}
+fi
# Log file for the ossec-control file
LOGDIR=${DIRECTORY}/logs
diff --git a/debian/ossec-hids-server.init b/debian/ossec-hids-server.init
index 3db624a..096567d 100755
--- a/debian/ossec-hids-server.init
+++ b/debian/ossec-hids-server.init
@@ -25,6 +25,9 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="OSSEC Host-based Intrusion Detection System server"
NAME=ossec-hids-server
+USER=ossec
+GROUP=ossec
+PIDFILE=/var/run/ossec-hids
DAEMON=/usr/lib/ossec/ossec-agentd
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
@@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
[ ! -e "${DIRECTORY}" ] && exit 0
# Create the directory for the pidfiles
-[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
+if [ ! -e ${PIDFILE} ] ; then
+ mkdir -p ${PIDFILE}
+ chown ${USER}:${GROUP} ${PIDFILE}
+ chmod 755 ${PIDFILE}
+fi
# Log file for the ossec-control file
LOGDIR=${DIRECTORY}/logs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.diff
Type: text/x-patch
Size: 2508 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20140312/634038ba/attachment.bin>
More information about the Pkg-ossec-devel
mailing list