ensure zeekctl is run as user zeek https://github.com/Security-Onion-Solutions/securityonion/issues/3130

2025-12-06 09:12:45 +01:00 · 2021-02-25 09:58:07 -05:00
parent ae89260793
commit d52abcbcbd
2 changed files with 3 additions and 3 deletions
--- a/salt/common/tools/sbin/so-zeek-stats
+++ b/salt/common/tools/sbin/so-zeek-stats
@@ -24,11 +24,11 @@ show_stats() {
  echo
  echo "Average throughput:"
  echo
-  docker exec -it so-zeek /opt/zeek/bin/zeekctl capstats
+  docker exec -it so-zeek "runuser -l zeek '/opt/zeek/bin/zeekctl capstats'"
  echo
  echo "Average packet loss:"
  echo
-  docker exec -it so-zeek /opt/zeek/bin/zeekctl netstats
+  docker exec -it so-zeek "runuser -l zeek '/opt/zeek/bin/zeekctl netstats'"
  echo
 }
--- a/salt/zeek/cron/packetloss.sh
+++ b/salt/zeek/cron/packetloss.sh
@@ -1,2 +1,2 @@
 #!/bin/bash
-/usr/bin/docker exec so-zeek /opt/zeek/bin/zeekctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1
+/usr/bin/docker exec so-zeek "runuser -l zeek '/opt/zeek/bin/zeekctl netstats'" | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1
`@@ -1,2 +1,2 @@`
	`#!/bin/bash`	`#!/bin/bash`
	`/usr/bin/docker exec so-zeek /opt/zeek/bin/zeekctl netstats \| awk '{print $(NF-2),$(NF-1),$NF}' \| awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1`	`/usr/bin/docker exec so-zeek "runuser -l zeek '/opt/zeek/bin/zeekctl netstats'" \| awk '{print $(NF-2),$(NF-1),$NF}' \| awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1`