suricata: Check if default log dir is writable

At the startup, if the default log dir provided either by command line
options or suricat.yaml is not writable, the error comes quite later.
This patch makes suricata exit if there is such an error in the
beginning itself.

Closes redmine ticket #2386.

diff --git a/src/suricata.c b/src/suricata.c
index 12aa97bfd9ca5c3b6ed3dab1f35e47b61783bb1f..54621ff84aa2f2bd896af756e20e78048675c6c3 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -1173,6 +1173,16 @@ static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
     return TM_ECODE_OK;
 }
 
+/**
+ * Helper function to check if log directory is writable
+ */
+static bool IsLogDirectoryWritable(const char* str)
+{
+    if (access(str, W_OK) == 0)
+        return true;
+    return false;
+}
+
 static void ParseCommandLineAFL(const char *opt_name, char *opt_arg)
 {
 #ifdef AFLFUZZ_RULES
@@ -1951,12 +1961,18 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
                 SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
                 return TM_ECODE_FAILED;
             }
-            if (ConfigCheckLogDirectory(optarg) != TM_ECODE_OK) {
+            if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
                 SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
                         " supplied at the commandline (-l %s) doesn't "
                         "exist. Shutting down the engine.", optarg, optarg);
                 return TM_ECODE_FAILED;
             }
+            if (!IsLogDirectoryWritable(optarg)) {
+                SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
+                        " supplied at the commandline (-l %s) is not "
+                        "writable. Shutting down the engine.", optarg, optarg);
+                return TM_ECODE_FAILED;
+            }
             suri->set_logdir = true;
 
             break;
@@ -2757,16 +2773,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
         }
     }
 
-    /* Check for the existance of the default logging directory which we pick
-     * from suricata.yaml.  If not found, shut the engine down */
-    suri->log_dir = ConfigGetLogDirectory();
-
-    if (ConfigCheckLogDirectory(suri->log_dir) != TM_ECODE_OK) {
-        SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
-                "supplied by %s (default-log-dir) doesn't exist. "
-                "Shutting down the engine", suri->log_dir, suri->conf_filename);
-        SCReturnInt(TM_ECODE_FAILED);
-    }
 
     if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
         SCReturnInt(TM_ECODE_FAILED);
@@ -2831,6 +2837,23 @@ static int PostConfLoadedSetup(SCInstance *suri)
     if (InitSignalHandler(suri) != TM_ECODE_OK)
         SCReturnInt(TM_ECODE_FAILED);
 
+    /* Check for the existance of the default logging directory which we pick
+     * from suricata.yaml.  If not found, shut the engine down */
+    suri->log_dir = ConfigGetLogDirectory();
+
+    if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
+        SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
+                "supplied by %s (default-log-dir) doesn't exist. "
+                "Shutting down the engine", suri->log_dir, suri->conf_filename);
+        SCReturnInt(TM_ECODE_FAILED);
+    }
+    if (!IsLogDirectoryWritable(suri->log_dir)) {
+        SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
+                "supplied by %s (default-log-dir) is not writable. "
+                "Shutting down the engine", suri->log_dir, suri->conf_filename);
+        SCReturnInt(TM_ECODE_FAILED);
+    }
+
 
 #ifdef HAVE_NSS
     if (suri->run_mode != RUNMODE_CONF_TEST) {

diff --git a/src/util-conf.c b/src/util-conf.c
index cac510bb0ddaae8cc82b441a42365c3801471f6c..ff2c4907496a2afc83f8f1cd753e41a37d03f1da 100644 (file)
--- a/src/util-conf.c
+++ b/src/util-conf.c
@@ -51,7 +51,7 @@ const char *ConfigGetLogDirectory()
     return log_dir;
 }
 
-TmEcode ConfigCheckLogDirectory(const char *log_dir)
+TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
 {
     SCEnter();
 #ifdef OS_WIN32

diff --git a/src/util-conf.h b/src/util-conf.h
index 721d1234c35c0ea62773a97cb4bd286af613af50..ddf9372c6501f2f5820e409915a15d6d9cf70f70 100644 (file)
--- a/src/util-conf.h
+++ b/src/util-conf.h
@@ -29,7 +29,7 @@
 
 TmEcode ConfigSetLogDirectory(char *name);
 const char *ConfigGetLogDirectory(void);
-TmEcode ConfigCheckLogDirectory(const char *log_dir);
+TmEcode ConfigCheckLogDirectoryExists(const char *log_dir);
 
 TmEcode ConfigSetDataDirectory(char *name);
 const char *ConfigGetDataDirectory(void);