chown: unknown user/group root:wazuh #778
Comments
|
I am seeing some issues with this with my integration as well. All files in the container are root:wazuh owned. if you run a ps in the container closest is some dude name games lol. now the wazuh user is 999 so wouldn't it make more sense to set that |
|
@saraiva82 Any luck on the same? I am still struggling for the same |
|
Hey @AishVinod, and now when i use wazuh-logtester to debug my log I do not see the permissions errors that I was getting on my integrations and rules. So I think it resolved the issue even though im troubleshooting my log but now i think is a decoder thing and not this. |
I am trying to integrate custom-urlhaus with wazuh deployed on kubernetes using this documentation https://wazuh.com/blog/detecting-malicious-urls-using-wazuh-and-urlhaus/
For kubernetes setup I have mounted custom-urlhaus.py into /var/ossec/integrations/custom-urlhaus.py. However in order to execute the scripts below permisisons and ownership is mandatory :
chmod 750 /var/ossec/integrations/custom-urlhaus.py
chown root:wazuh /var/ossec/integrations/custom-urlhaus.py
Once I mount the files into pod, by default I see permission as below :
-rw-r--r-- 1 root 101 5441 custom-urlhaus.py
I suppose group 101 is coming from below configuration is master-sts file :
securityContext:
fsGroup: 101
I tried adding initcontainer to execute the required script :
initContainers:
- name: volume-mount-hack
image: busybox
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
command:
- sh
- '-c'
- 'chmod 750 /var/ossec/integrations/custom-urlhaus.py && chown root:wazuh /var/ossec/integrations/custom-urlhaus.py'
However I see inticontainer is failing with below errors :
chmod: /var/ossec/integrations/custom-urlhaus.py: Read-only file system
chown: unknown user/group root:wazuh
Any help on how to update the needed permissions in cluster files would be appreciated.
The text was updated successfully, but these errors were encountered: