From cad4efdded6a8f0241a07c637c0923517a4b7bef Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 29 Jun 2021 17:51:04 -0400 Subject: [PATCH] Fixed PCAP files are readable by root only, which prevents Suricata from being able to scan the file during import --- salt/common/tools/sbin/so-import-pcap | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 32121d8cc..c525849ef 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -132,6 +132,8 @@ for PCAP in "$@"; do PCAP_FIXED=`mktemp /tmp/so-import-pcap-XXXXXXXXXX.pcap` echo "- attempting to recover corrupted PCAP file" pcapfix "${PCAP}" "${PCAP_FIXED}" + # Make fixed file world readable since the Suricata docker container will runas a non-root user + chmod a+r "${PCAP_FIXED}" PCAP="${PCAP_FIXED}" TEMP_PCAPS+=(${PCAP_FIXED}) fi