ids-functions.pl: Also check and fix the permissions of rulespath

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 783fd0166fd1971a2ac08813d548c73cd0515629..28f08182aff999190c9ceef9fda83db730753a76 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -385,6 +385,12 @@ sub create_empty_file($) {
 ## If not, call suricatactrl to fix them.
 #
 sub _check_rulesdir_permissions() {
+       # Check if the rulepath main directory is writable.
+       unless (-W $rulespath) {
+               # If not call suricatctrl to fix it.
+               &call_suricatactrl("fix-rules-dir");
+       }
+
        # Open snort rules directory and do a directory listing.
        opendir(DIR, $rulespath) or die $!;
        # Loop through the direcory.

diff --git a/src/misc-progs/suricatactrl.c b/src/misc-progs/suricatactrl.c
index 61b76273dac32585eb7d6487346cc3d40e1d465a..cc674e0f50567051fc2880014d6f3d5e159f31c6 100644 (file)
--- a/src/misc-progs/suricatactrl.c
+++ b/src/misc-progs/suricatactrl.c
@@ -32,7 +32,7 @@ int main(int argc, char *argv[]) {
        } else if (strcmp(argv[1], "reload") == 0) {
                safe_system("/etc/rc.d/init.d/suricata reload");
        } else if (strcmp(argv[1], "fix-rules-dir") == 0) {
-               safe_system("chown nobody:nobody /etc/suricata/rules/*");
+               safe_system("chown -R nobody:nobody /etc/suricata/rules/");
        } else {
                fprintf(stderr, "\nBad argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n");
                exit(1);