Issue 904: Setup should run pulledpork and squert-ip2c as limited user

Security-Onion-Solutions · May 10, 2016 · ce1d7db · ce1d7db
1 parent d6f5026
commit ce1d7db
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/bin/sosetup b/bin/sosetup
@@ -1588,7 +1588,9 @@ EOF
 	        if [ "$IDS_ENGINE_LOWER" = "suricata" ]; then
                 	PP_OPTIONS="$PP_OPTIONS -T"
 	        fi
-		/usr/bin/pulledpork.pl $PP_OPTIONS -c $PP_CONF >> /var/log/nsm/pulledpork.log
+		touch /var/log/nsm/pulledpork.log
+		chown sguil /var/log/nsm/pulledpork.log
+		su - sguil -c "/usr/bin/pulledpork.pl $PP_OPTIONS -c $PP_CONF" >> /var/log/nsm/pulledpork.log
 		echo "LOCAL_NIDS_RULE_TUNING=no" >> $CONF
 	else
 		echo "LOCAL_NIDS_RULE_TUNING=yes" >> $CONF
@@ -1907,12 +1909,10 @@ function IP2C() {
 # If this is a server, populate ip2c table
 if [ -d /var/lib/mysql/securityonion_db/ ]; then
 	/usr/bin/sguild-add-user "$SGUIL_CLIENT_USERNAME" "$SGUIL_CLIENT_PASSWORD_1" >/dev/null
-	cd /var/www/so/squert/.scripts/
-	# Setup needs to delete /var/www/so/squert/.scripts/Ip2c/*.md5 before running ip2c.tcl
+	# Setup needs to delete /var/www/so/squert/.scripts/*.md5 before running ip2c.tcl
 	# http://code.google.com/p/security-onion/issues/detail?id=250
-	rm -f *.md5
-	./ip2c.tcl >> $LOG 2>&1 &
-	cd - >/dev/null
+	rm -f /var/www/so/squert/.scripts/*.md5
+	/usr/bin/so-squert-ip2c >> $LOG 2>&1 &
 fi
 }