[Pkg-ossec-devel] Adjust permission after creating /var/run/ossec-hids
Jose Antonio Quevedo
joseantonio.quevedo at gmail.com
Wed Mar 12 18:37:28 UTC 2014
Included. Thanks!
2014-03-12 7:07 GMT+01:00 weiqiang.yang <scutweiqiang.yang at gmail.com>:
> when /var/run/ossec-hids is created by ossec-hids-*.init script, it's
> default permission is 755 and it's owned by root:root
> in that case ossec-agentd process won't be able to create the pid file, as
> it's running by "ossec" user
>
> so I think we should adjust the owner and permission when creating
> /var/run/ossec-hids, below is my solution for this, please take a look at
> it, thanks.
>
> diff --git a/debian/ossec-hids-agent.init b/debian/ossec-hids-agent.init
> index f28b907..832f7c7 100755
> --- a/debian/ossec-hids-agent.init
> +++ b/debian/ossec-hids-agent.init
> @@ -25,6 +25,9 @@
> PATH=/sbin:/usr/sbin:/bin:/usr/bin
> DESC="OSSEC Host-based Intrusion Detection System agent"
> NAME=ossec-hids-agent
> +USER=ossec
> +GROUP=ossec
> +PIDFILE=/var/run/ossec-hids
> DAEMON=/usr/lib/ossec/ossec-agentd
> DAEMON_ARGS=""
> SCRIPTNAME=/etc/init.d/$NAME
> @@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
> [ ! -e "${DIRECTORY}" ] && exit 0
>
> # Create the directory for the pidfiles
> -[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
> +if [ ! -e ${PIDFILE} ] ; then
> + mkdir -p ${PIDFILE}
> + chown ${USER}:${GROUP} ${PIDFILE}
> + chmod 755 ${PIDFILE}
> +fi
>
> # Log file for the ossec-control file
> LOGDIR=${DIRECTORY}/logs
> diff --git a/debian/ossec-hids-local.init b/debian/ossec-hids-local.init
> index b7aed02..dbf986e 100755
> --- a/debian/ossec-hids-local.init
> +++ b/debian/ossec-hids-local.init
> @@ -25,6 +25,9 @@
> PATH=/sbin:/usr/sbin:/bin:/usr/bin
> DESC="OSSEC Host-based Intrusion Detection System local"
> NAME=ossec-hids-local
> +USER=ossec
> +GROUP=ossec
> +PIDFILE=/var/run/ossec-hids
> DAEMON=/usr/lib/ossec/ossec-agentd
> DAEMON_ARGS=""
> SCRIPTNAME=/etc/init.d/$NAME
> @@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
> [ ! -e "${DIRECTORY}" ] && exit 0
>
> # Create the directory for the pidfiles
> -[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
> +if [ ! -e ${PIDFILE} ] ; then
> + mkdir -p ${PIDFILE}
> + chown ${USER}:${GROUP} ${PIDFILE}
> + chmod 755 ${PIDFILE}
> +fi
>
> # Log file for the ossec-control file
> LOGDIR=${DIRECTORY}/logs
> diff --git a/debian/ossec-hids-server.init b/debian/ossec-hids-server.init
> index 3db624a..096567d 100755
> --- a/debian/ossec-hids-server.init
> +++ b/debian/ossec-hids-server.init
> @@ -25,6 +25,9 @@
> PATH=/sbin:/usr/sbin:/bin:/usr/bin
> DESC="OSSEC Host-based Intrusion Detection System server"
> NAME=ossec-hids-server
> +USER=ossec
> +GROUP=ossec
> +PIDFILE=/var/run/ossec-hids
> DAEMON=/usr/lib/ossec/ossec-agentd
> DAEMON_ARGS=""
> SCRIPTNAME=/etc/init.d/$NAME
> @@ -55,7 +58,11 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
> [ ! -e "${DIRECTORY}" ] && exit 0
>
> # Create the directory for the pidfiles
> -[ ! -e /var/run/ossec-hids ] && mkdir -p /var/run/ossec-hids
> +if [ ! -e ${PIDFILE} ] ; then
> + mkdir -p ${PIDFILE}
> + chown ${USER}:${GROUP} ${PIDFILE}
> + chmod 755 ${PIDFILE}
> +fi
>
> # Log file for the ossec-control file
> LOGDIR=${DIRECTORY}/logs
>
>
>
> _______________________________________________
> Pkg-ossec-devel mailing list
> Pkg-ossec-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ossec-devel
>
--
Jose Antonio Quevedo Muñoz
Key fingerprint: C88A AAFA CF91 F556 E1D5 52FC C3D7 3C5D 8224 5822
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ossec-devel/attachments/20140312/1b4d1b90/attachment.html>
More information about the Pkg-ossec-devel
mailing list