From cfa641cf1572b769be7d7661ce597e0076c3a3b8 Mon Sep 17 00:00:00 2001
From: KheOps <kheops@ceops.eu>
Date: Fri, 13 Mar 2015 17:51:59 +0100
Subject: [PATCH] oinkmaster daily cron: run oinkmaster as non-root user
 suricata; also disable download of Snort community rule due to a file
 conflict with ET rules (sid-msg.map): needs to be sorted out later

Signed-off-by: KheOps <kheops@ceops.eu>
---
 roles/common/files/etc/cron.daily/oinkmaster | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/common/files/etc/cron.daily/oinkmaster b/roles/common/files/etc/cron.daily/oinkmaster
index 9ae67f1..d908b88 100644
--- a/roles/common/files/etc/cron.daily/oinkmaster
+++ b/roles/common/files/etc/cron.daily/oinkmaster
@@ -1,7 +1,9 @@
 #!/bin/sh
 
+OINK=/usr/sbin/oinkmaster
 TMPFILE=$(mktemp)
-(oinkmaster -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules -Q; \
- oinkmaster -C /etc/oinkmaster/oinkmaster-snort-community.conf -o /etc/snort/rules -Q) | tee $TMPFILE
+su -s /bin/bash -c "$OINK -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules -Q" suricata
+# Note: Snort community rules disabled due to conflict of sid-msg.map file
+#su -s /bin/bash -c "$OINK -C /etc/oinkmaster/oinkmaster-snort-community.conf -o /etc/snort/rules -Q" suricata
 test -s $TMPFILE && echo Suricata rules changed: restarting Suricata && service suricata restart
 rm -f $TMPFILE