From 8f97973fac8dc92dd6b3bd99748ed3b5ebf42f4a Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 5 Feb 2021 22:17:31 -0500
Subject: [PATCH] Lock down Backups folder permissions

---
 salt/common/init.sls | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index b0289ed32..ff01dec5d 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -231,6 +231,14 @@ commonlogrotateconf:
     - dayweek: '*'
 
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
+# Lock permissions on the backup directory
+file.directory:
+    - name: /nsm/backup
+    - user: 0
+    - group: 0
+    - makedirs: True
+    - mode: 700
+  
 # Add config backup
 /usr/sbin/so-config-backup > /dev/null 2>&1:
   cron.present: