Project

General

Profile

Actions

Bug #3352

closed

incorrect permissions on /var/run/suricata when RUN_AS_USER is set

Added by Jeff Dyke almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

on a fresh install of suricata 5, i am using RUN_AS_USER, and that user should own /var/run/suricata so it can create and communicate with /var/run/suricata/suricata.socket.

I have modified the init.d script in the function check_run_dir().

it is installed as:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
 →chmod 0755 /var/run/suricata
}

but i believe it should be:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
  # i add the following modification through a configuration mgmt system
  if  [ ! -z "$RUN_AS_USER" ]; then
    chown $RUN_AS_USER /var/run/suricata;
  fi
  # end modification
→⋅chmod 0755 /var/run/suricata
}

I believe it was the same in version 4.X as i had this modification in older versions as well, I have not marked older affected versions as I have had this fix since I first started using Suricata 4.0 Since its so easily fixed, please feel free to change the classification.

And as always, thank you for the great software
Jeff

Actions #1

Updated by Victor Julien almost 3 years ago

  • Target version changed from 5.0.0 to TBD
Actions #2

Updated by Andreas Herz almost 3 years ago

  • Assignee set to OISF Dev
Actions #3

Updated by Victor Julien almost 3 years ago

  • Status changed from New to Feedback
  • Assignee changed from OISF Dev to Jeff Dyke

Where does this init script come from? It's not in our git repo.

Actions #4

Updated by Victor Julien almost 3 years ago

  • Effort deleted (low)
  • Difficulty deleted (low)
Actions #5

Updated by Jeff Dyke almost 3 years ago

Victor Julien wrote:

Where does this init script come from? It's not in our git repo.

I noticed the same, i should have mentioned that, i'll start up a new VM and do a fresh install. This was on a new server using deb http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic main from apt. The file that is installed has a date of Oct 15, same day as 5.0. I do have a salt state for the install but it does not install/modify the init.d file.

Thanks

Actions #6

Updated by Victor Julien almost 3 years ago

@Peter Manev does this look like a file used in the PPA?

Actions #7

Updated by Peter Manev almost 3 years ago

  • Assignee changed from Jeff Dyke to Peter Manev
  • Target version changed from TBD to 5.0.1

The modification is done in the "init.d/suricata" script (part of the package install). Will review and push a fix today (at least in the daily/git repo).

Actions #8

Updated by Jeff Dyke almost 3 years ago

Thank You!

Actions #9

Updated by Peter Manev almost 3 years ago

I've pushed the fix last night but wanted to confirm the packaging is ok first. The fix is in one of the test repos here - https://launchpad.net/~oisf/+archive/ubuntu/suricata-ids-ips/+packages (you can just do "add-apt-repository ppa:oisf/suricata-ids-ips ; apt-get update" to try it)

@Jeff Williams - do you mind giving it a try to confirm?

Actions #10

Updated by Jeff Dyke almost 3 years ago

For my purposes this is fixed, thanks for the quick update! Sorry for the late reply

Best,
Jeff

Actions #11

Updated by Peter Manev almost 3 years ago

Thank you for testing it out !

Actions #12

Updated by Victor Julien almost 3 years ago

  • Status changed from Feedback to Closed
  • Target version changed from 5.0.1 to Packaging/PPA
Actions

Also available in: Atom PDF