From: Shivani Bhardwaj Date: Mon, 7 Oct 2019 18:30:07 +0000 (+0530) Subject: suricata: Check if default log dir is writable X-Git-Tag: suricata-5.0.0~88 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac55b21184c4a736e7bbd7ec0443ed397e718a1c;p=thirdparty%2Fsuricata.git suricata: Check if default log dir is writable At the startup, if the default log dir provided either by command line options or suricat.yaml is not writable, the error comes quite later. This patch makes suricata exit if there is such an error in the beginning itself. Closes redmine ticket #2386. --- diff --git a/src/suricata.c b/src/suricata.c index 12aa97bfd9..54621ff84a 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1173,6 +1173,16 @@ static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg) return TM_ECODE_OK; } +/** + * Helper function to check if log directory is writable + */ +static bool IsLogDirectoryWritable(const char* str) +{ + if (access(str, W_OK) == 0) + return true; + return false; +} + static void ParseCommandLineAFL(const char *opt_name, char *opt_arg) { #ifdef AFLFUZZ_RULES @@ -1951,12 +1961,18 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) SCLogError(SC_ERR_FATAL, "Failed to set log directory."); return TM_ECODE_FAILED; } - if (ConfigCheckLogDirectory(optarg) != TM_ECODE_OK) { + if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) { SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\"" " supplied at the commandline (-l %s) doesn't " "exist. Shutting down the engine.", optarg, optarg); return TM_ECODE_FAILED; } + if (!IsLogDirectoryWritable(optarg)) { + SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\"" + " supplied at the commandline (-l %s) is not " + "writable. Shutting down the engine.", optarg, optarg); + return TM_ECODE_FAILED; + } suri->set_logdir = true; break; @@ -2757,16 +2773,6 @@ static int PostConfLoadedSetup(SCInstance *suri) } } - /* Check for the existance of the default logging directory which we pick - * from suricata.yaml. If not found, shut the engine down */ - suri->log_dir = ConfigGetLogDirectory(); - - if (ConfigCheckLogDirectory(suri->log_dir) != TM_ECODE_OK) { - SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" " - "supplied by %s (default-log-dir) doesn't exist. " - "Shutting down the engine", suri->log_dir, suri->conf_filename); - SCReturnInt(TM_ECODE_FAILED); - } if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) { SCReturnInt(TM_ECODE_FAILED); @@ -2831,6 +2837,23 @@ static int PostConfLoadedSetup(SCInstance *suri) if (InitSignalHandler(suri) != TM_ECODE_OK) SCReturnInt(TM_ECODE_FAILED); + /* Check for the existance of the default logging directory which we pick + * from suricata.yaml. If not found, shut the engine down */ + suri->log_dir = ConfigGetLogDirectory(); + + if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) { + SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" " + "supplied by %s (default-log-dir) doesn't exist. " + "Shutting down the engine", suri->log_dir, suri->conf_filename); + SCReturnInt(TM_ECODE_FAILED); + } + if (!IsLogDirectoryWritable(suri->log_dir)) { + SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" " + "supplied by %s (default-log-dir) is not writable. " + "Shutting down the engine", suri->log_dir, suri->conf_filename); + SCReturnInt(TM_ECODE_FAILED); + } + #ifdef HAVE_NSS if (suri->run_mode != RUNMODE_CONF_TEST) { diff --git a/src/util-conf.c b/src/util-conf.c index cac510bb0d..ff2c490749 100644 --- a/src/util-conf.c +++ b/src/util-conf.c @@ -51,7 +51,7 @@ const char *ConfigGetLogDirectory() return log_dir; } -TmEcode ConfigCheckLogDirectory(const char *log_dir) +TmEcode ConfigCheckLogDirectoryExists(const char *log_dir) { SCEnter(); #ifdef OS_WIN32 diff --git a/src/util-conf.h b/src/util-conf.h index 721d1234c3..ddf9372c65 100644 --- a/src/util-conf.h +++ b/src/util-conf.h @@ -29,7 +29,7 @@ TmEcode ConfigSetLogDirectory(char *name); const char *ConfigGetLogDirectory(void); -TmEcode ConfigCheckLogDirectory(const char *log_dir); +TmEcode ConfigCheckLogDirectoryExists(const char *log_dir); TmEcode ConfigSetDataDirectory(char *name); const char *ConfigGetDataDirectory(void);