mirror of
https://github.com/CyberMind-FR/secubox-deb.git
synced 2026-07-01 10:47:30 +00:00
Compare commits
No commits in common. "4339590eb1e266b081f182fd6df0c8ddbcf86223" and "8263bc7681c53651e49cedbdcbc8b3ec2ebd3d61" have entirely different histories.
4339590eb1
...
8263bc7681
|
|
@ -8,7 +8,7 @@ case "$1" in
|
||||||
install -d -o secubox -g secubox -m 750 /run/secubox
|
install -d -o secubox -g secubox -m 750 /run/secubox
|
||||||
install -d -o secubox -g secubox -m 750 /var/lib/secubox
|
install -d -o secubox -g secubox -m 750 /var/lib/secubox
|
||||||
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
|
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
|
||||||
install -d -o root -g secubox -m 0755 /var/log/secubox
|
install -d -o root -g secubox -m 750 /var/log/secubox
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable secubox-admin.service
|
systemctl enable secubox-admin.service
|
||||||
systemctl start secubox-admin.service || true
|
systemctl start secubox-admin.service || true
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ case "$1" in
|
||||||
# NE PAS le toucher ici — l'écraser bloque la traversée nginx (www-data) et
|
# NE PAS le toucher ici — l'écraser bloque la traversée nginx (www-data) et
|
||||||
# casse tous les /api/v1/<module>/* en 502 (cf. #471). Si besoin d'un
|
# casse tous les /api/v1/<module>/* en 502 (cf. #471). Si besoin d'un
|
||||||
# sous-dossier privé, utiliser /run/secubox/mesh/ (et non le parent).
|
# sous-dossier privé, utiliser /run/secubox/mesh/ (et non le parent).
|
||||||
install -d -m 0755 -o secubox-mesh -g secubox-mesh /var/log/secubox
|
install -d -m 0750 -o secubox-mesh -g secubox-mesh /var/log/secubox
|
||||||
|
|
||||||
# 4. Verrou régulatoire FR (idempotent ; ne pas planter si iw absent)
|
# 4. Verrou régulatoire FR (idempotent ; ne pas planter si iw absent)
|
||||||
if command -v iw >/dev/null 2>&1; then
|
if command -v iw >/dev/null 2>&1; then
|
||||||
|
|
|
||||||
|
|
@ -44,13 +44,7 @@ case "$1" in
|
||||||
|
|
||||||
# 4. Storage dir (SQLite + future PDF reports)
|
# 4. Storage dir (SQLite + future PDF reports)
|
||||||
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/lib/secubox/toolbox
|
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/lib/secubox/toolbox
|
||||||
# /var/log/secubox is a SHARED parent traversed by many service users
|
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/log/secubox
|
||||||
# (the aggregator runs as `secubox` and reads waf-threats.log under
|
|
||||||
# here). It MUST be 0755 — a 0750 owned by secubox-toolbox silently
|
|
||||||
# breaks WAF + SOC dashboards for the `secubox` user (#511, regressed
|
|
||||||
# the /waf/ + /soc/ pages on gk2 2026-06-10). Per-module log files +
|
|
||||||
# subdirs inside keep their own restricted perms.
|
|
||||||
install -d -m 0755 -o secubox-toolbox -g secubox-toolbox /var/log/secubox
|
|
||||||
|
|
||||||
# 4b. GeoLite2 databases (Phase 2a+ : flag emojis + ASN org)
|
# 4b. GeoLite2 databases (Phase 2a+ : flag emojis + ASN org)
|
||||||
# ASN DB from geoipupdate or Debian package geoip-database
|
# ASN DB from geoipupdate or Debian package geoip-database
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user