-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSearch modifies log files permissions #2139
Comments
Log4j handles the rotation of logs. The files are created using the permission inherited by the user running the process. In this case, systemd. The permissions are calculated using the umask. The unit file
A brief testing has proven that the umask directive makes log4j use the correct permissions to create the log files, solving the error without further changes. We should include this in our systemd unit file to solve the issue. |
Update reportI did some tests with the proposed change here in the file:
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target
[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer
WorkingDirectory=/usr/share/wazuh-indexer
User=wazuh-indexer
Group=wazuh-indexer
UMask=0027
... I built a package with this change and performed the tests as indicated in the issue header and I was able to validate that the permissions were not modified after rotating the logs, they remained at [root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 236
drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 Aug 18 11:26 .
drwxr-xr-x. 11 root root 4096 Aug 18 11:29 ..
-rw-r-----. 1 wazuh-indexer wazuh-indexer 45922 Aug 18 11:32 gc.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 18 11:26 gc.log.00
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2358 Aug 18 11:31 wazuh-cluster_deprecation.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 1374 Aug 18 11:31 wazuh-cluster_deprecation.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 40036 Aug 18 11:31 wazuh-cluster.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 85085 Aug 18 11:31 wazuh-cluster_server.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:34:16 UTC 2023
[root@centos7-1 ~]# poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/local-test/vagrant-tests/centos/7$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'centos/7' version '2004.01' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: No guest additions were detected on the base box for this VM! Guest
default: additions are required for forwarded ports, shared folders, host only
default: networking, and more. If SSH fails on this machine, please install
default: the guest additions and repackage the box to continue.
default:
default: This is not an error message; everything may continue to work properly,
default: in which case you may ignore this message.
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Rsyncing folder: /home/cbordon/Documents/wazuh/local-test/vagrant-tests/centos/7/ => /vagrant
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Fri Aug 18 11:05:30 2023 from 10.0.2.2
[vagrant@centos7-1 ~]$ sudo su -
Last login: Fri Aug 18 11:22:39 UTC 2023 on pts/0
[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 432
drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 Aug 18 11:34 .
drwxr-xr-x. 11 root root 4096 Aug 18 11:34 ..
-rw-r-----. 1 wazuh-indexer wazuh-indexer 30174 Aug 18 11:35 gc.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 18 11:26 gc.log.00
-rw-r-----. 1 wazuh-indexer wazuh-indexer 53312 Aug 18 11:34 gc.log.01
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 18 11:34 gc.log.02
-rw-r-----. 1 wazuh-indexer wazuh-indexer 3803 Aug 18 11:34 wazuh-cluster_deprecation.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2249 Aug 18 11:34 wazuh-cluster_deprecation.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 66481 Aug 18 11:35 wazuh-cluster.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 135747 Aug 18 11:35 wazuh-cluster_server.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:35:05 UTC 2023
[root@centos7-1 ~]# poweroff cbordon@cbordon-MS-7C88:~/Documents/wazuh/local-test/vagrant-tests/centos/7$ date
sáb 19 ago 2023 08:37:26 -03
Last login: Fri Aug 18 11:35:01 UTC 2023 on pts/0
[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 276
drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 Aug 19 2023 .
drwxr-xr-x. 11 root root 4096 Aug 19 2023 ..
-rw-r-----. 1 wazuh-indexer wazuh-indexer 30336 Aug 18 11:38 gc.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 18 11:26 gc.log.00
-rw-r-----. 1 wazuh-indexer wazuh-indexer 53312 Aug 18 11:34 gc.log.01
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 18 11:34 gc.log.02
-rw-r-----. 1 wazuh-indexer wazuh-indexer 31769 Aug 18 11:35 gc.log.03
-rw-r-----. 1 wazuh-indexer wazuh-indexer 2012 Aug 19 2023 gc.log.04
-rw-r-----. 1 wazuh-indexer wazuh-indexer 15078 Aug 19 2023 wazuh-cluster-2023-08-18-1.json.gz
-rw-r-----. 1 wazuh-indexer wazuh-indexer 13656 Aug 19 2023 wazuh-cluster-2023-08-18-1.log.gz
-rw-r-----. 1 wazuh-indexer wazuh-indexer 5248 Aug 18 11:38 wazuh-cluster_deprecation.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 3124 Aug 18 11:38 wazuh-cluster_deprecation.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 29515 Aug 18 11:38 wazuh-cluster.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer 58354 Aug 18 11:38 wazuh-cluster_server.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:38:17 UTC 2023 |
OpenSearch's team replies they are unable to reproduce the problem. We provided more information and are waiting for a response. |
I applied the fix proposed in https://forum.opensearch.org/t/systemd-entrypoint-defaultdispatcher-worker-error-could-not-define-attribute-view-on-path-var-log-opensearch-opensearch-server-json/15514/3, and the errors are not showing anymore. The The fix consists on adding the code below to
We'll keep revisiting this until we are completely sure that the error doesn't happen again. |
Update 2024.04.12Error didn't happen again.
|
Update 2024.04.15No errors.
|
Closed in favor of wazuh/wazuh-indexer#205. |
Description
Full log
wazuh-cluster.log
andwazuh-cluster_server.json
files from640
to644
, causing anaccess denied
error displayed in the Wazuh indexer journal:Steps to reproduce the error
OpenSearch 2.4.1
OpenSearch 2.4.1 install
Service start and files permissions
Files permissions after reboot (Service not enabled)
Service enabled before system reboot with date change
OpenSearch 2.6.0
OpenSearch 2.6.0 install and enable service
Service start and files permissions
Service enabled before system reboot with date change
The text was updated successfully, but these errors were encountered: