From 999f5abbc1419ef733f46d3f2a84e577c08f104d Mon Sep 17 00:00:00 2001 From: Kevin Ledesma Date: Mon, 25 Nov 2024 13:45:04 -0300 Subject: [PATCH] Fix startup errors on STIG compliant systems due to noexec filesystems (#533) * Update packaging scripts to avoid failures when /var/log is noexec Moved tmp dir creation from postinst to preinst Update .restart tmp file to be stored in the new tmp dir * Update OPENASEARCH_TMPDIR pointing to new tmp directory's path --- .../src/common/systemd/wazuh-indexer.service | 2 +- distribution/packages/src/deb/debian/postinst | 7 ++----- distribution/packages/src/deb/debian/preinst | 13 ++++++++++--- .../packages/src/rpm/wazuh-indexer.rpm.spec | 2 +- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/distribution/packages/src/common/systemd/wazuh-indexer.service b/distribution/packages/src/common/systemd/wazuh-indexer.service index d4171152df3ca..3150db260722e 100644 --- a/distribution/packages/src/common/systemd/wazuh-indexer.service +++ b/distribution/packages/src/common/systemd/wazuh-indexer.service @@ -9,7 +9,7 @@ Type=notify RuntimeDirectory=wazuh-indexer PrivateTmp=true Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer -Environment=OPENSEARCH_TMPDIR=/var/log/wazuh-indexer/tmp +Environment=OPENSEARCH_TMPDIR=/var/lib/wazuh-indexer/tmp Environment=OPENSEARCH_PATH_CONF=${path.conf} Environment=PID_DIR=/run/wazuh-indexer Environment=OPENSEARCH_SD_NOTIFY=true diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst index c523ffa260091..dee7a8855ebc9 100644 --- a/distribution/packages/src/deb/debian/postinst +++ b/distribution/packages/src/deb/debian/postinst @@ -18,11 +18,8 @@ config_dir=/etc/wazuh-indexer data_dir=/var/lib/wazuh-indexer log_dir=/var/log/wazuh-indexer pid_dir=/run/wazuh-indexer -tmp_dir=/var/log/wazuh-indexer/tmp -restart_service=/tmp/wazuh-indexer.restart - -# Create needed directories -mkdir -p ${tmp_dir} +tmp_dir=${data_dir}/tmp +restart_service=${tmp_dir}/wazuh-indexer.restart # Set owner chown -R wazuh-indexer:wazuh-indexer ${product_dir} diff --git a/distribution/packages/src/deb/debian/preinst b/distribution/packages/src/deb/debian/preinst index e36f94b197b5d..9ced67e002b96 100644 --- a/distribution/packages/src/deb/debian/preinst +++ b/distribution/packages/src/deb/debian/preinst @@ -11,10 +11,17 @@ set -e -echo "Running Wazuh Indexer Pre-Installation Script" +# Reference to temp directory +tmp_dir=/var/lib/wazuh-indexer/tmp +restart_service=${tmp_dir}/wazuh-indexer.restart + +# Create needed directories +if [ -d ${tmp_dir} ]; then + rm -r ${tmp_dir} +fi +mkdir -p ${tmp_dir} -# Reference to restore actual service status -restart_service=/tmp/wazuh-indexer.restart +echo "Running Wazuh Indexer Pre-Installation Script" # Stop existing service if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index 34152b66de44f..58645f89e73b1 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -27,7 +27,7 @@ %define data_dir %{_sharedstatedir}/%{name} %define log_dir %{_localstatedir}/log/%{name} %define pid_dir %{_localstatedir}/run/%{name} -%define tmp_dir %{log_dir}/tmp +%define tmp_dir %{data_dir}/tmp %{!?_version: %define _version 0.0.0 } %{!?_architecture: %define _architecture x86_64 }