From c13994994b36e8b79bdee25b1eba47ffe151bcf7 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 18 Mar 2022 13:11:56 -0400
Subject: [PATCH 1/3] FIX: Update telegraf init.sls to run telegraf as non-root
 #7468

---
 salt/telegraf/init.sls | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index e7b550259..3c46b4956 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -13,7 +13,12 @@ tgraflogdir:
   file.directory:
     - name: /opt/so/log/telegraf
     - makedirs: True
-
+    - user: 939
+    - group: 939
+    - recurse:
+      - user
+      - group
+      
 tgrafetcdir:
   file.directory:
     - name: /opt/so/conf/telegraf/etc
@@ -29,7 +34,7 @@ tgrafsyncscripts:
     - name: /opt/so/conf/telegraf/scripts
     - user: root
     - group: 939
-    - file_mode: 700
+    - file_mode: 770
     - template: jinja
     - source: salt://telegraf/scripts
 {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %}
@@ -57,6 +62,8 @@ node_config:
 so-telegraf:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-telegraf:{{ VERSION }}
+    - user: 939
+    - group_add: 939,920
     - environment:
       - HOST_PROC=/host/proc
       - HOST_ETC=/host/etc

From f7dc5588ae25942d42c2cede043550b7776c1af5 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 18 Mar 2022 13:13:46 -0400
Subject: [PATCH 2/3] FIX: Update common init.sls to create cron job to write
 influxdb size for telegraf #7468

---
 salt/common/init.sls | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index d1acca878..0eaf5e77e 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -300,8 +300,17 @@ sostatus_log:
     - month: '*'
     - dayweek: '*'
 
-
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
+# Install cron job to determine size of influxdb for telegraf
+'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1':
+  cron.present:
+    - user: root
+    - minute: '*/1'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+    
 # Lock permissions on the backup directory
 backupdir:
   file.directory:

From eda7a8d7ea9fe9750742ef6e5783028ceb4e0418 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 18 Mar 2022 13:15:43 -0400
Subject: [PATCH 3/3] FIX: Update telegraf influxdbsize.sh to collect influxdb
 size from influxdb_size.log #7468

---
 salt/telegraf/scripts/influxdbsize.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh
index 87571629d..bf4431a10 100644
--- a/salt/telegraf/scripts/influxdbsize.sh
+++ b/salt/telegraf/scripts/influxdbsize.sh
@@ -18,9 +18,12 @@
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
 
-    INFLUXSIZE=$(du -s -k /host/nsm/influxdb | awk {'print $1'})
-    echo "influxsize kbytes=$INFLUXSIZE"
-    
+    INFLUXLOG=/var/log/telegraf/influxdb_size.log
+ 
+    if [ -f "$INFLUXLOG" ]; then
+        INFLUXSTATUS=$(cat $INFLUXLOG)
+        echo "influxsize kbytes=$INFLUXSTATUS"
+    fi
 fi
 
 exit 0