Fixed PCAP files are readable by root only, which prevents Suricata from being able to scan the file during import

2025-12-06 17:22:49 +01:00 · 2021-06-29 17:51:04 -04:00
parent b64749c9d7
commit cad4efdded
1 changed files with 2 additions and 0 deletions
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -132,6 +132,8 @@ for PCAP in "$@"; do
    PCAP_FIXED=`mktemp /tmp/so-import-pcap-XXXXXXXXXX.pcap`
    echo "- attempting to recover corrupted PCAP file"
    pcapfix "${PCAP}" "${PCAP_FIXED}"
+    # Make fixed file world readable since the Suricata docker container will runas a non-root user
+    chmod a+r "${PCAP_FIXED}"
    PCAP="${PCAP_FIXED}"
    TEMP_PCAPS+=(${PCAP_FIXED})
  fi