[build_debian.sh]: Fix /var/log having 0750 permissions instead of 0755 (#10031)

PR #9481 changed auditd's log directory to be /var/log instead of /var/log/audit, because SONiC mounts a disk image at /var/log during runtime, and so the /var/log/audit directory might not exist (since it would've been created during package installation, mounting another partition at /var/log will hide it). However, for security reasons, auditd changes the log directory to have 0750 permissions, so that not everyone knows about the audit logs or read them. To fix this, revert the change to auditd's log directory, and tell systemd to create the audit log directory at runtime if it doesn't exist. Because the disk image gets mounted during initramfs (before systemd starts), systemd will make sure that the /var/log/audit directory will exist. Fixes #9548 and #10015 Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-02-28 11:46:50 -08:00 · 2022-02-28 11:46:50 -08:00 · afa18e2856
commit afa18e2856
parent 7c4fbf0455
1 changed files with 7 additions and 2 deletions
--- a/build_debian.sh
+++ b/build_debian.sh
@ -328,8 +328,13 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
    jq                      \
    auditd

-# Change auditd log file path to fix auditd can't startup issue.
-sudo LANG=C chroot $FILESYSTEM_ROOT /bin/bash -c "sudo sed -i 's/^\s*log_file\s*=.*/log_file = \/var\/log\/audit.log/g' /etc/audit/auditd.conf"
+# Have systemd create the auditd log directory
+sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d
+sudo tee ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d/log-directory.conf >/dev/null <<EOF
+[Service]
+LogsDirectory=audit
+LogsDirectoryMode=0750
+EOF

 if [[ $CONFIGURED_ARCH == amd64 ]]; then
 ## Pre-install the fundamental packages for amd64 (x86)