From 3621a18df0b2658c090c9b935f0a3563367b3be4 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 28 Feb 2022 11:46:50 -0800 Subject: [PATCH] [build_debian.sh]: Fix /var/log having 0750 permissions instead of 0755 (#10031) PR #9481 changed auditd's log directory to be /var/log instead of /var/log/audit, because SONiC mounts a disk image at /var/log during runtime, and so the /var/log/audit directory might not exist (since it would've been created during package installation, mounting another partition at /var/log will hide it). However, for security reasons, auditd changes the log directory to have 0750 permissions, so that not everyone knows about the audit logs or read them. To fix this, revert the change to auditd's log directory, and tell systemd to create the audit log directory at runtime if it doesn't exist. Because the disk image gets mounted during initramfs (before systemd starts), systemd will make sure that the /var/log/audit directory will exist. Fixes #9548 and #10015 Signed-off-by: Saikrishna Arcot --- build_debian.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/build_debian.sh b/build_debian.sh index 61f6912829e9..73984cb6cc51 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -328,8 +328,13 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in jq \ auditd -# Change auditd log file path to fix auditd can't startup issue. -sudo LANG=C chroot $FILESYSTEM_ROOT /bin/bash -c "sudo sed -i 's/^\s*log_file\s*=.*/log_file = \/var\/log\/audit.log/g' /etc/audit/auditd.conf" +# Have systemd create the auditd log directory +sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d +sudo tee ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d/log-directory.conf >/dev/null <