Suricata

on a fresh install of suricata 5, i am using RUN_AS_USER, and that user should own /var/run/suricata so it can create and communicate with /var/run/suricata/suricata.socket.

I have modified the init.d script in the function check_run_dir().

it is installed as:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
 →chmod 0755 /var/run/suricata
}

but i believe it should be:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
  # i add the following modification through a configuration mgmt system
  if  [ ! -z "$RUN_AS_USER" ]; then
    chown $RUN_AS_USER /var/run/suricata;
  fi
  # end modification
→⋅chmod 0755 /var/run/suricata
}

I believe it was the same in version 4.X as i had this modification in older versions as well, I have not marked older affected versions as I have had this fix since I first started using Suricata 4.0 Since its so easily fixed, please feel free to change the classification.

And as always, thank you for the great software
Jeff