[fix] Log directory fixes

* The playbook log dir is owned by the socore group, so we can use `su root socore` * Addresses https://github.com/Security-Onion-Solutions/securityonion/pull/2681#issuecomment-767761670 --- * influxdb runs as root, so we can set the log directory permissions to 755 for this service
2025-12-06 17:22:49 +01:00 · 2021-01-26 16:07:34 -05:00
parent 1939fe85d7
commit f5c044e3e3
3 changed files with 14 additions and 3 deletions
--- a/pillar/logrotate/init.sls
+++ b/pillar/logrotate/init.sls
@@ -8,4 +8,6 @@ logrotate:
    create
    extension .log
    dateext
-    dateyesterday
+    dateyesterday
+  group_conf: |
+    su root socore
--- a/salt/common/files/log-rotate.conf
+++ b/salt/common/files/log-rotate.conf
@@ -1,4 +1,6 @@
 {%- set logrotate_conf = salt['pillar.get']('logrotate:conf') %}
+{%- set group_conf = salt['pillar.get']('logrotate:group_conf') %}
+

 /opt/so/log/aptcacher-ng/*.log
 /opt/so/log/idstools/*.log
@@ -13,7 +15,6 @@
 /opt/so/log/fleet/*.log
 /opt/so/log/suricata/*.log
 /opt/so/log/mysql/*.log
-/opt/so/log/playbook/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
 /opt/so/log/sensoroni/*.log
@@ -24,3 +25,11 @@
 {
    {{ logrotate_conf | indent(width=4) }}
 }
+
+# Playbook's log directory needs additional configuration
+# because Playbook requires a more permissive directory
+/opt/so/log/playbook/*.log
+{
+    {{ logrotate_conf | indent(width=4) }}
+    {{ group_conf | indent(width=4) }}
+}
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -17,7 +17,7 @@ influxconfdir:
 influxlogdir:
  file.directory:
    - name: /opt/so/log/influxdb
-    - dir_mode: 775
+    - dir_mode: 755
    - user: 939
    - group: 939
    - makedirs: True