Fix logrotate, enable chown where possible, add NET_RAW capability.

StamusNetworks · Mar 18, 2022 · 9fece9a · 9fece9a
1 parent 42a3747
commit 9fece9a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/kubernetes/suricata/suricata-configmap.yaml b/kubernetes/suricata/suricata-configmap.yaml
@@ -6,6 +6,18 @@ metadata:
   name: suricata-etc
   namespace: suricata
 data:
+  logrotate: |
+    /var/log/suricata/*.log /var/log/suricata/*.json {
+        daily
+        missingok
+        rotate 3
+        nocompress
+        sharedscripts
+        su suricata suricata
+        postrotate
+            suricatasc -c reopen-log-files
+        endscript
+    }
   docker-entrypoint.sh: |
     #! /bin/sh
     set -e
@@ -19,10 +31,10 @@ data:
             usermod -o -u "${PUID}" suricata
         fi
 
-        #chown -R suricata:suricata /etc/suricata
-        #chown -R suricata:suricata /var/lib/suricata
-        #chown -R suricata:suricata /var/log/suricata
-        #chown -R suricata:suricata /var/run/suricata
+        # chown -R suricata:suricata /etc/suricata
+        chown -R suricata:suricata /var/lib/suricata
+        chown -R suricata:suricata /var/log/suricata
+        chown -R suricata:suricata /var/run/suricata
     }
 
     for src in /etc/suricata.dist/*; do
@@ -85,10 +97,10 @@ data:
             usermod -o -u "${PUID}" suricata
         fi
 
-        #chown -R suricata:suricata /etc/suricata
-        #chown -R suricata:suricata /var/lib/suricata
-        #chown -R suricata:suricata /var/log/suricata
-        #chown -R suricata:suricata /var/run/suricata
+        # chown -R suricata:suricata /etc/suricata
+        chown -R suricata:suricata /var/lib/suricata
+        chown -R suricata:suricata /var/log/suricata
+        chown -R suricata:suricata /var/run/suricata
     }
 
     for src in /etc/suricata.dist/*; do

diff --git a/kubernetes/suricata/suricata-daemonset.yaml b/kubernetes/suricata/suricata-daemonset.yaml
@@ -44,6 +44,7 @@ spec:
             capabilities:
               add:
                 - NET_ADMIN
+                - NET_RAW
                 - SYS_NICE
 
           volumeMounts:
@@ -72,9 +73,6 @@ spec:
         - name: suricata-log
           persistentVolumeClaim:
             claimName: suricata-log
-        - name: suricata-logrotate
-          persistentVolumeClaim:
-            claimName: suricata-logrotate
         - name: suricata-run
           persistentVolumeClaim:
             claimName: suricata-run
@@ -103,3 +101,10 @@ spec:
               - key: docker-entrypoint.sh
                 path: docker-entrypoint.sh
                 mode: 0555
+        - name: suricata-logrotate
+          configMap:
+            name: suricata-etc
+            items:
+              - key: logrotate
+                path: suricata
+                mode: 0444