Issue 1032: NSM: don't chown every file in /nsm/bro/extracted

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion145) trusty; urgency=medium
+
+  * Issue 1032: NSM: don't chown every file in /nsm/bro/extracted 
+
+ -- Doug Burks <doug.burks@gmail.com>  Tue, 13 Dec 2016 16:26:57 -0500
+
 securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion144) trusty; urgency=medium
 
   * Issue 1030: NSM: remove chown from /usr/sbin/so-bro-cron 

debian/patches/Issue-1032:-NSM:-don't-chown-every-file-in-nsmbroextracted

@@ -0,0 +1,73 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion145) trusty; urgency=medium
+ .
+   * Issue 1032: NSM: don't chown every file in /nsm/bro/extracted
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-nsmnow-admin-scripts-20120724.orig/usr/sbin/nsm_sensor_ps-restart
++++ securityonion-nsmnow-admin-scripts-20120724/usr/sbin/nsm_sensor_ps-restart
+@@ -366,7 +366,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "
+ 	/opt/bro/bin/broctl stop 2>&1 | grep -v "warning: new bro version detected"
+
+         # set ownership of Bro directories
+-	chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
++	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
++	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
+
+         # set capabilities on Bro binaries
+         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro
+--- securityonion-nsmnow-admin-scripts-20120724.orig/usr/sbin/nsm_sensor_ps-start
++++ securityonion-nsmnow-admin-scripts-20120724/usr/sbin/nsm_sensor_ps-start
+@@ -361,7 +361,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "
+ 	fi
+
+ 	# set ownership of Bro directories
+-	chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
++	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
++	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
+
+ 	# set capabilities on Bro binaries
+ 	setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro
+--- securityonion-nsmnow-admin-scripts-20120724.orig/usr/sbin/nsm_sensor_ps-status
++++ securityonion-nsmnow-admin-scripts-20120724/usr/sbin/nsm_sensor_ps-status
+@@ -316,7 +316,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "
+         echo_msg 0 "Status: Bro"
+
+         # set ownership of Bro directories
+-        chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
++	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
++	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
+
+         # set capabilities on Bro binaries
+         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro
+--- securityonion-nsmnow-admin-scripts-20120724.orig/usr/sbin/nsm_sensor_ps-stop
++++ securityonion-nsmnow-admin-scripts-20120724/usr/sbin/nsm_sensor_ps-stop
+@@ -319,7 +319,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "
+ 	/opt/bro/bin/broctl stop 2>&1 | grep -v "warning: new bro version detected"
+
+         # set ownership of Bro directories
+-        chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
++	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
++	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
+
+         # set capabilities on Bro binaries
+         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro

debian/patches/series

@@ -138,3 +138,4 @@ wipe-stats.log-if-doing-a-full-restart-of-Suricata,-but-not-if-we're-just-doing-
 Issue-993:-NSM:-startrestart-errors-on-systems-with-ethXX-(2-or-more-numbers)
 NSM:-redirect-iostreams-to-logfile-during-ossec-agent-restart-#1005
 Issue-1030:-NSM:-remove-chown-from-usrsbinso-bro-cron
+Issue-1032:-NSM:-don't-chown-every-file-in-nsmbroextracted

usr/sbin/nsm_sensor_ps-restart

@@ -366,7 +366,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "$SKIP_BRO" ] && [ "$ACTION" == "process_
 	/opt/bro/bin/broctl stop 2>&1 | grep -v "warning: new bro version detected"
 
         # set ownership of Bro directories
-	chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
+	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
+	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
 
         # set capabilities on Bro binaries
         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro

usr/sbin/nsm_sensor_ps-start

@@ -361,7 +361,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "$SKIP_BRO" ] && grep -v "^#" /etc/nsm/se
 	fi
 
 	# set ownership of Bro directories
-	chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
+	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
+	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
 
 	# set capabilities on Bro binaries
 	setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro

usr/sbin/nsm_sensor_ps-status

@@ -316,7 +316,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "$SKIP_BRO" ] && grep -v "^#" /etc/nsm/se
         echo_msg 0 "Status: Bro"
 
         # set ownership of Bro directories
-        chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
+	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
+	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
 
         # set capabilities on Bro binaries
         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro

usr/sbin/nsm_sensor_ps-stop

@@ -319,7 +319,8 @@ if [ "$BRO_ENABLED" == "yes" ] && [ -z "$SKIP_BRO" ] && grep -v "^#" /etc/nsm/se
 	/opt/bro/bin/broctl stop 2>&1 | grep -v "warning: new bro version detected"
 
         # set ownership of Bro directories
-        chown -R $BRO_USER:$BRO_GROUP /nsm/bro >/dev/null 2>&1
+	chown -R $BRO_USER:$BRO_GROUP /nsm/bro/logs /nsm/bro/spool >/dev/null 2>&1
+	chown $BRO_USER:$BRO_GROUP /nsm/bro/extracted >/dev/null 2>&1
 
         # set capabilities on Bro binaries
         setcap cap_net_raw,cap_net_admin=eip /opt/bro/bin/bro