From 07602076f18ccb37e1846ccc93660986605642a0 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 18 Jan 2024 16:48:16 -0500
Subject: [PATCH] Update telegraf script

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/common/tools/sbin/so-common-status-check | 5 ++++-
 salt/telegraf/scripts/features.sh             | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/so-common-status-check b/salt/common/tools/sbin/so-common-status-check
index b41a48e82..b073eb457 100644
--- a/salt/common/tools/sbin/so-common-status-check
+++ b/salt/common/tools/sbin/so-common-status-check
@@ -80,10 +80,13 @@ def main():
   proc = subprocess.run(['id', '-u'], stdout=subprocess.PIPE, encoding="utf-8")
   if proc.stdout.strip() != "0":
     fail("This program must be run as root")
-
+  # Ensure that umask is 0022 so that files created by this script have rw-r-r permissions
+  org_umask = os.umask(0o022)
   check_needs_restarted()
   check_for_fips()
   check_for_luks()
+  # Restore umask to whatever value was set before this script was run. STIG sets to 0077 rw---
+  os.umask(org_umask)
 
 if __name__ == "__main__":
   main()
diff --git a/salt/telegraf/scripts/features.sh b/salt/telegraf/scripts/features.sh
index 3c34c7906..eb600ccdf 100644
--- a/salt/telegraf/scripts/features.sh
+++ b/salt/telegraf/scripts/features.sh
@@ -7,8 +7,11 @@
 
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
 
-    cat /var/log/sostatus/features-check.log
+    FIPS_ENABLED=$(cat /var/log/sostatus/fips_enabled)
+    LUKS_ENABLED=$(cat /var/log/sostatus/luks_enabled)
 
+    echo "features fips=$FIPS_ENABLED"
+    echo "features luks=$LUKS_ENABLED"
 fi
 
 exit 0