From e568796bb0a0fc2072c2494936ec678f4c7fe17f Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 25 Aug 2018 15:48:58 +0200 Subject: [PATCH] ids-functions.pl: Also check and fix the permissions of rulespath Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 6 ++++++ src/misc-progs/suricatactrl.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 783fd0166f..28f08182af 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -385,6 +385,12 @@ sub create_empty_file($) { ## If not, call suricatactrl to fix them. # sub _check_rulesdir_permissions() { + # Check if the rulepath main directory is writable. + unless (-W $rulespath) { + # If not call suricatctrl to fix it. + &call_suricatactrl("fix-rules-dir"); + } + # Open snort rules directory and do a directory listing. opendir(DIR, $rulespath) or die $!; # Loop through the direcory. diff --git a/src/misc-progs/suricatactrl.c b/src/misc-progs/suricatactrl.c index 61b76273da..cc674e0f50 100644 --- a/src/misc-progs/suricatactrl.c +++ b/src/misc-progs/suricatactrl.c @@ -32,7 +32,7 @@ int main(int argc, char *argv[]) { } else if (strcmp(argv[1], "reload") == 0) { safe_system("/etc/rc.d/init.d/suricata reload"); } else if (strcmp(argv[1], "fix-rules-dir") == 0) { - safe_system("chown nobody:nobody /etc/suricata/rules/*"); + safe_system("chown -R nobody:nobody /etc/suricata/rules/"); } else { fprintf(stderr, "\nBad argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n"); exit(1); -- 2.39.2