Skip to content

Commit

Permalink
Fix startup errors on STIG compliant systems due to noexec filesystems (
Browse files Browse the repository at this point in the history 
#533)

* Update packaging scripts to avoid failures when /var/log is noexec

Moved tmp dir creation from postinst to preinst

Update .restart tmp file to be stored in the new tmp dir

* Update OPENASEARCH_TMPDIR pointing to new tmp directory's path
  • Loading branch information
@QU3B1M
QU3B1M authored Nov 25, 2024
1 parent a7bbb60 commit 999f5ab
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 10 deletions.
2 changes: 1 addition & 1 deletion distribution/packages/src/common/systemd/wazuh-indexer.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=true
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_TMPDIR=/var/log/wazuh-indexer/tmp
Environment=OPENSEARCH_TMPDIR=/var/lib/wazuh-indexer/tmp
Environment=OPENSEARCH_PATH_CONF=${path.conf}
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
Expand Down
7 changes: 2 additions & 5 deletions distribution/packages/src/deb/debian/postinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,8 @@ config_dir=/etc/wazuh-indexer
data_dir=/var/lib/wazuh-indexer
log_dir=/var/log/wazuh-indexer
pid_dir=/run/wazuh-indexer
tmp_dir=/var/log/wazuh-indexer/tmp
restart_service=/tmp/wazuh-indexer.restart

# Create needed directories
mkdir -p ${tmp_dir}
tmp_dir=${data_dir}/tmp
restart_service=${tmp_dir}/wazuh-indexer.restart

# Set owner
chown -R wazuh-indexer:wazuh-indexer ${product_dir}
Expand Down
13 changes: 10 additions & 3 deletions distribution/packages/src/deb/debian/preinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,17 @@

set -e

echo "Running Wazuh Indexer Pre-Installation Script"
# Reference to temp directory
tmp_dir=/var/lib/wazuh-indexer/tmp
restart_service=${tmp_dir}/wazuh-indexer.restart

# Create needed directories
if [ -d ${tmp_dir} ]; then
rm -r ${tmp_dir}
fi
mkdir -p ${tmp_dir}

# Reference to restore actual service status
restart_service=/tmp/wazuh-indexer.restart
echo "Running Wazuh Indexer Pre-Installation Script"

# Stop existing service
if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then
Expand Down
2 changes: 1 addition & 1 deletion distribution/packages/src/rpm/wazuh-indexer.rpm.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
%define data_dir %{_sharedstatedir}/%{name}
%define log_dir %{_localstatedir}/log/%{name}
%define pid_dir %{_localstatedir}/run/%{name}
%define tmp_dir %{log_dir}/tmp
%define tmp_dir %{data_dir}/tmp
%{!?_version: %define _version 0.0.0 }
%{!?_architecture: %define _architecture x86_64 }

Expand Down

0 comments on commit 999f5ab

Please sign in to comment.