Log file permissions - Githubissues

zbalkan / notification-file

CrowdSec plugin that writes the alerts to a file so that any SIEM agent can consume.

MIT License

1 stars 3 forks source link

Log file permissions #15

Closed zbalkan closed 1 year ago

zbalkan commented 1 year ago

The notification plugin processes run under context nobody:nogroup, and cannot write/append log file under /var/log/.

Solutions:

Write to /tmp: This is the easiest and most secure solution as it does not require permission management.
Run plugin under a user context: It requires creating a user, allowing the user to write/append to the target file. NOT SUGGESTED
Allow everyone to write to the log file: Insecure way of handling the situation with chmod 666 crowdsec_alerts.json command. NOT SUGGESSTED.

zbalkan commented 1 year ago

Solved with https://github.com/zbalkan/notification-file/commit/09fa76452ab1a6019e2db0507355210fc8f0d19a