From 81b7727a2e5d78f90543da62d1430a4c090ca533 Mon Sep 17 00:00:00 2001
From: Carmen Rata <carmen.rata@windriver.com>
Date: Fri, 27 Nov 2020 13:03:51 -0500
Subject: [PATCH] Fix influxdb log file permissions

Update /var/log/influxdb/influxd.log permissions to 640 from 644
to disallow world readable but at the same time to allow group
read access.
The changes are made to comply as much as possible with
openscap rules security requirements.
Verified that installation is successful for AIO-SX
and Standard 2+2 system configurations.

Story: 2008037
Task: 40694

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: I284fc6882043b4a4d271bd5963fca94bc7a1e390
---
 influxdb-extensions/src/influxdb.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/influxdb-extensions/src/influxdb.service b/influxdb-extensions/src/influxdb.service
index 7617d2a..416662c 100644
--- a/influxdb-extensions/src/influxdb.service
+++ b/influxdb-extensions/src/influxdb.service
@@ -16,6 +16,9 @@ EnvironmentFile=-/etc/default/influxdb
 PermissionsStartOnly=true
 ExecStartPre=-/usr/bin/mkdir -p /var/run/influxdb
 ExecStartPre=-/usr/bin/chown influxdb:influxdb /var/run/influxdb
+ExecStartPre=-/usr/bin/touch /var/log/influxdb/influxd.log
+ExecStartPre=-/usr/bin/chown influxdb:influxdb /var/log/influxdb/influxd.log
+ExecStartPre=-/usr/bin/chmod 640 /var/log/influxdb/influxd.log
 ExecStart=/bin/sh -c "/usr/bin/influxd -config /etc/influxdb/influxdb.conf -pidfile /var/run/influxdb/influxdb.pid ${INFLUXD_OPTS} >> ${STDOUT} 2>> ${STDERR}"
 ExecStopPost=/bin/bash -c 'rm /var/run/influxdb/influxdb.pid'
 KillMode=control-group