From f5c044e3e34a35e804f4df77f0788ef4e998a2ff Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 26 Jan 2021 16:07:34 -0500
Subject: [PATCH] [fix] Log directory fixes

* The playbook log dir is owned by the socore group, so we can use `su root socore`
* Addresses https://github.com/Security-Onion-Solutions/securityonion/pull/2681#issuecomment-767761670
---
* influxdb runs as root, so we can set the log directory permissions to 755 for this service
---
 pillar/logrotate/init.sls         |  4 +++-
 salt/common/files/log-rotate.conf | 11 ++++++++++-
 salt/influxdb/init.sls            |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/pillar/logrotate/init.sls b/pillar/logrotate/init.sls
index 1b27ffca9..f8a54f442 100644
--- a/pillar/logrotate/init.sls
+++ b/pillar/logrotate/init.sls
@@ -8,4 +8,6 @@ logrotate:
     create
     extension .log
     dateext
-    dateyesterday
\ No newline at end of file
+    dateyesterday
+  group_conf: |
+    su root socore
\ No newline at end of file
diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf
index 04c89c9d9..061b76271 100644
--- a/salt/common/files/log-rotate.conf
+++ b/salt/common/files/log-rotate.conf
@@ -1,4 +1,6 @@
 {%- set logrotate_conf = salt['pillar.get']('logrotate:conf') %}
+{%- set group_conf = salt['pillar.get']('logrotate:group_conf') %}
+
 
 /opt/so/log/aptcacher-ng/*.log
 /opt/so/log/idstools/*.log
@@ -13,7 +15,6 @@
 /opt/so/log/fleet/*.log
 /opt/so/log/suricata/*.log
 /opt/so/log/mysql/*.log
-/opt/so/log/playbook/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
 /opt/so/log/sensoroni/*.log
@@ -24,3 +25,11 @@
 {
     {{ logrotate_conf | indent(width=4) }}
 }
+
+# Playbook's log directory needs additional configuration
+# because Playbook requires a more permissive directory
+/opt/so/log/playbook/*.log
+{
+    {{ logrotate_conf | indent(width=4) }}
+    {{ group_conf | indent(width=4) }}
+}
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index 6d178e77c..aace4e827 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -17,7 +17,7 @@ influxconfdir:
 influxlogdir:
   file.directory:
     - name: /opt/so/log/influxdb
-    - dir_mode: 775
+    - dir_mode: 755
     - user: 939
     - group: 939
     - makedirs: True