From 00a031145e32d31a08037dda3c8a3cc7cc6c815e Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 17 Aug 2018 08:24:19 +0200
Subject: [PATCH] suricata: Give 644 permissions to the suricata pidfile

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/initscripts/system/suricata | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 60a00cc484..45e04d4639 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -32,6 +32,9 @@ network_zones=( red green blue orange )
 MARK="0x1"
 MASK="0x1"
 
+# PID file of suricata.
+PID_FILE="/var/run/suricata.pid"
+
 case "$1" in
         start)
 		# Get amount of CPU cores.
@@ -78,12 +81,15 @@ case "$1" in
 			boot_mesg "Starting Intrusion Detection System..."
 			/usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES
 			evaluate_retval
+
+			# Allow reading the pidfile.
+			chmod 644 $PID_FILE
 		fi
 	;;
 
         stop)
 		boot_mesg "Stopping Intrusion Detection System..."
-		killproc -p /var/run/suricata.pid /var/run
+		killproc -p $PID_FILE /var/run
 
 		# Flush firewall chain.
 		iptables -F $FW_CHAIN
-- 
2.39.5