From 22276d1cc67b6495e8857566f564f6fd53f638b9 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Wed, 30 Mar 2022 15:53:08 +0000
Subject: [PATCH] fix permissions for distributed setup

---
 docker/elk/logstash/Dockerfile         | 3 ++-
 docker/elk/logstash/dist/entrypoint.sh | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile
index 09f2eaaa..703462bf 100644
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@@ -49,7 +49,8 @@ RUN apt-get update -y && \
     chown -R logstash:logstash /etc/listbot \
                                /var/log/logstash/ \
 			       /var/lib/logstash \
-			       /usr/share/logstash/data && \
+			       /usr/share/logstash/data \
+			       /usr/share/logstash/config/pipelines* && \
     chmod 755 /usr/bin/entrypoint.sh && \
 #
 # Clean up
diff --git a/docker/elk/logstash/dist/entrypoint.sh b/docker/elk/logstash/dist/entrypoint.sh
index aaa962e7..f8c966d0 100644
--- a/docker/elk/logstash/dist/entrypoint.sh
+++ b/docker/elk/logstash/dist/entrypoint.sh
@@ -46,6 +46,8 @@ if [ "$MY_TPOT_TYPE" == "SENSOR" ];
     echo "Hive username: $MY_HIVE_USERNAME"
     echo "Hive IP: $MY_HIVE_IP"
     echo
+    # Ensure correct file permissions for private keyfile or SSH will ask for password
+    chmod 600 $MY_SENSOR_PRIVATEKEYFILE
     cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml
     autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
     exit 0