arno/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole synced 2024-12-22 06:48:07 +00:00
Code Issues Releases Wiki Activity

Remove read permission for others on senible log files

Browse Source 
Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
Christian König 2022-06-19 23:09:05 +02:00
parent b20aa865b9
commit 954a0c2a14
No known key found for this signature in database
GPG Key ID: 4CDA6F249DD2B485
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
advanced/Scripts/piholeDebug.sh
View File

@ -1394,7 +1394,7 @@ curl_to_tricorder() {
upload_to_tricorder() { upload_to_tricorder() {
local username="pihole" local username="pihole"
# Set the permissions and owner # Set the permissions and owner
chmod 644 ${PIHOLE_DEBUG_LOG} chmod 640 ${PIHOLE_DEBUG_LOG}
chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG} chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
# Let the user know debugging is complete with something strikingly visual # Let the user know debugging is complete with something strikingly visual

4
advanced/Scripts/piholeLogFlush.sh
View File

@ -46,7 +46,7 @@ if [[ "$@" == *"once"* ]]; then
# moved file (it will have the same file handler) # moved file (it will have the same file handler)
cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1 cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
echo " " > /var/log/pihole/pihole.log echo " " > /var/log/pihole/pihole.log
chmod 644 /var/log/pihole/pihole.log chmod 640 /var/log/pihole/pihole.log
fi fi
else else
# Manual flushing # Manual flushing
@ -59,7 +59,7 @@ else
echo " " > /var/log/pihole/pihole.log echo " " > /var/log/pihole/pihole.log
if [ -f /var/log/pihole/pihole.log.1 ]; then if [ -f /var/log/pihole/pihole.log.1 ]; then
echo " " > /var/log/pihole/pihole.log.1 echo " " > /var/log/pihole/pihole.log.1
chmod 644 /var/log/pihole/pihole.log.1 chmod 640 /var/log/pihole/pihole.log.1
fi fi
fi fi
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)

5
advanced/Templates/pihole-FTL.service
View File

@ -71,12 +71,13 @@ start() {
[ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
[ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}" [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
[ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log [ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log
[ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
[ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
# Ensure that permissions are set so that pihole-FTL can edit all necessary files # Ensure that permissions are set so that pihole-FTL can edit all necessary files
chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log
chmod -f 0640 /var/log/pihole/pihole.log
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist