From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 17 Aug 2018 06:24:19 +0000 (+0200)
Subject: suricata: Give 644 permissions to the suricata pidfile
X-Git-Tag: suricata-beta3~33^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=00a031145e32d31a08037dda3c8a3cc7cc6c815e;p=people%2Fstevee%2Fipfire-2.x.git

suricata: Give 644 permissions to the suricata pidfile

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 60a00cc484..45e04d4639 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -32,6 +32,9 @@ network_zones=( red green blue orange )
 MARK="0x1"
 MASK="0x1"
 
+# PID file of suricata.
+PID_FILE="/var/run/suricata.pid"
+
 case "$1" in
         start)
 		# Get amount of CPU cores.
@@ -78,12 +81,15 @@ case "$1" in
 			boot_mesg "Starting Intrusion Detection System..."
 			/usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES
 			evaluate_retval
+
+			# Allow reading the pidfile.
+			chmod 644 $PID_FILE
 		fi
 	;;
 
         stop)
 		boot_mesg "Stopping Intrusion Detection System..."
-		killproc -p /var/run/suricata.pid /var/run
+		killproc -p $PID_FILE /var/run
 
 		# Flush firewall chain.
 		iptables -F $FW_CHAIN