search

wazuh / wazuh-indexer

Wazuh indexer, the Wazuh search engine
https://opensearch.org/docs/latest/opensearch/index/
Apache License 2.0
11 stars 17 forks source link

[BUG] Systemd unit files are world inaccesible, creates log spam #151

Closed leba-atr closed 7 months ago

leba-atr commented 7 months ago

Describe the bug

systemd complains about wazuh-indexer unit file and wazuh-indexer-performance-analyzer unit file being world unreadable. This spams the journal every couple of seconds with an entries like these:

Feb 12 13:04:50 XXXXXX systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Feb 12 13:04:51 XXXXXX systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

To Reproduce Steps to reproduce the behavior:

  1. open journalctl -e, there should be a message every couple of seconds

Expected behavior There are no such error messages

OpenSearch Version The one packaged with the wazuh-indexer v4.7.2

Dashboards Version v4.7.2

Plugins n/a

Screenshots see above for the error message

Host/Environment (please complete the following information):

Additional context This issue seems to have been fixed for wazuh-indexer v4.9.0 according to the following diff. Please backport this fix to v4.7.x. https://github.com/wazuh/wazuh-indexer/commit/97cb10dbd487b41311ca843998fb1db7aecb0840#diff-230ef585e3b68a1c06220ca169afc7c1a9f13ddacecd2f6f662b511fccd9d6c2R189-R190

AlexRuiz7 commented 7 months ago

Hello @leba-atr

Thanks for letting us know of this problem. However, we only backport critical security issues. A possible workaround would be to manually edit permissions on these files.

I'm closing this as the problem is fixed in our latest development version