fix(debian-aide-unprivileged-report): owner for existing logs (2)

juju4 · Nov 2, 2024 · 4037b36 · 4037b36
1 parent fe89f88
commit 4037b36
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/templates/cron.daily-aide-22.j2 b/templates/cron.daily-aide-22.j2
@@ -96,12 +96,16 @@ BEGINSTAMP="$(date +"%Y-%m-%d %H:%M:%S")"
 
 if ! [ -d "$LOCKBASE" ]; then
     sudo install -d -o "${AIDE_USER}" -g root -m 600 $LOCKBASE
+else
+    sudo -n chown "${AIDE_USER}" $LOCKBASE
 fi
 
 # make sure $TMPBASE exists
 
-if ! [ -d "$TMPBASE" ]; then
-  sudo install -d -o "${AIDE_USER}" -g root -m 700 $TMPBASE
+if ! [ -d "$TMPDIRIN" ]; then
+  sudo install -d -o "${AIDE_USER}" -g root -m 700 $TMPDIRIN
+else
+    sudo -n chown "${AIDE_USER}" $TMPDIRIN
 fi
 
 # have /etc/default/aide override variables
@@ -742,6 +746,8 @@ fi
 
 if command -v dotlockfile >/dev/null 2>&1; then
     if ! dotlockfile -p -l "$LOCKFILE"; then
+	ls -la $LOCKBASE
+	whoami
         onexit nolock
         exit 1
     fi

diff --git a/templates/sudoers.d-aide.j2 b/templates/sudoers.d-aide.j2
@@ -13,6 +13,9 @@ Cmnd_Alias C_AIDE = \
    /usr/bin/stat -c %y /var/lib/aide/aide.db, \
    /usr/bin/savelog -c 7 /var/lib/aide/aide.db, \
    /usr/bin/install -d -o _aide -g root -m 700 /run/aide, \
+   /usr/bin/install -d -o _aide -g root -m 700 /var/tmp/aide.cron.daily, \
+   /usr/bin/chown _aide /run/aide, \
+   /usr/bin/chown _aide /var/tmp/aide.cron.daily, \
    /bin/cp -f /var/lib/aide/aide.db.new /var/lib/aide/aide.db
 
 #   /usr/bin/savelog -t -g adm -m 640 -u root -c 7 /var/log/aide/aide.log