From db4f138a7829ae9ab450c426fc1347fd40cae1f8 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Tue, 15 Mar 2022 07:10:02 -0400
Subject: [PATCH] FIX: surilogcompress cron job not running

The suricata user was originally created with `/opt/so/conf/suricata` as its home directory. I think at some point we changed permissions on `/opt/so/conf` and at that point the `surilogcompress` cron job stopped working. Changing the home directory to `/nsm/suricata` works on all of my PROD systems (including Ubuntu and CentOS).

For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/7133
---
 salt/suricata/init.sls | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 95d9787f3..4c2347302 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -36,12 +36,12 @@ suricatagroup:
     - name: suricata
     - gid: 940
 
-# Add ES user
+# Add Suricata user
 suricata:
   user.present:
     - uid: 940
     - gid: 940
-    - home: /opt/so/conf/suricata
+    - home: /nsm/suricata
     - createhome: False
 
 suridir: