From 7242832f59d317bb4a6d77b7911af3066afcf57d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 15 Apr 2022 11:34:18 +0200 Subject: [PATCH 1/3] Enforce chmod 644(-rw-r--r--) on logrotate configuration files --- helpers/logrotate | 1 + 1 file changed, 1 insertion(+) diff --git a/helpers/logrotate b/helpers/logrotate index 6f9726beb..29eb18698 100644 --- a/helpers/logrotate +++ b/helpers/logrotate @@ -90,6 +90,7 @@ $logfile { EOF mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist cat ${app}-logrotate | $customtee /etc/logrotate.d/$app >/dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) + chmod 644 /etc/logrotate.d/$app } # Remove the app's logrotate config. From 5de02bcc157a87b4f14c3073e9e60bfde2e5730f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 15 Apr 2022 12:04:07 +0200 Subject: [PATCH 2/3] Move comments to an empty line for readability --- helpers/logrotate | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/helpers/logrotate b/helpers/logrotate index 29eb18698..cbc012bfd 100644 --- a/helpers/logrotate +++ b/helpers/logrotate @@ -88,8 +88,10 @@ $logfile { $su_directive } EOF - mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist - cat ${app}-logrotate | $customtee /etc/logrotate.d/$app >/dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) + # Create the log directory, if not exist + mkdir --parents $(dirname "$logfile") + # Append this config to the existing config file, or replace the whole config file (depending on $customtee) + cat ${app}-logrotate | $customtee /etc/logrotate.d/$app >/dev/null chmod 644 /etc/logrotate.d/$app } From 9c8c7a0d5102d629fd606859fbcfc1a2107bd958 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 15 Apr 2022 12:03:38 +0200 Subject: [PATCH 3/3] chmod the log directory to prevent 666 permissions --- helpers/logrotate | 1 + 1 file changed, 1 insertion(+) diff --git a/helpers/logrotate b/helpers/logrotate index cbc012bfd..ba66e4388 100644 --- a/helpers/logrotate +++ b/helpers/logrotate @@ -90,6 +90,7 @@ $logfile { EOF # Create the log directory, if not exist mkdir --parents $(dirname "$logfile") + chmod 644 $(dirname "$logfile") # Append this config to the existing config file, or replace the whole config file (depending on $customtee) cat ${app}-logrotate | $customtee /etc/logrotate.d/$app >/dev/null chmod 644 /etc/logrotate.d/$app