mirror of
https://github.com/CyberMind-FR/secubox-deb.git
synced 2026-07-01 11:47:31 +00:00
Compare commits
2 Commits
8263bc7681
...
4339590eb1
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
4339590eb1 | ||
| 13faf609f7 |
|
|
@ -8,7 +8,7 @@ case "$1" in
|
||||||
install -d -o secubox -g secubox -m 750 /run/secubox
|
install -d -o secubox -g secubox -m 750 /run/secubox
|
||||||
install -d -o secubox -g secubox -m 750 /var/lib/secubox
|
install -d -o secubox -g secubox -m 750 /var/lib/secubox
|
||||||
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
|
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
|
||||||
install -d -o root -g secubox -m 750 /var/log/secubox
|
install -d -o root -g secubox -m 0755 /var/log/secubox
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable secubox-admin.service
|
systemctl enable secubox-admin.service
|
||||||
systemctl start secubox-admin.service || true
|
systemctl start secubox-admin.service || true
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ case "$1" in
|
||||||
# NE PAS le toucher ici — l'écraser bloque la traversée nginx (www-data) et
|
# NE PAS le toucher ici — l'écraser bloque la traversée nginx (www-data) et
|
||||||
# casse tous les /api/v1/<module>/* en 502 (cf. #471). Si besoin d'un
|
# casse tous les /api/v1/<module>/* en 502 (cf. #471). Si besoin d'un
|
||||||
# sous-dossier privé, utiliser /run/secubox/mesh/ (et non le parent).
|
# sous-dossier privé, utiliser /run/secubox/mesh/ (et non le parent).
|
||||||
install -d -m 0750 -o secubox-mesh -g secubox-mesh /var/log/secubox
|
install -d -m 0755 -o secubox-mesh -g secubox-mesh /var/log/secubox
|
||||||
|
|
||||||
# 4. Verrou régulatoire FR (idempotent ; ne pas planter si iw absent)
|
# 4. Verrou régulatoire FR (idempotent ; ne pas planter si iw absent)
|
||||||
if command -v iw >/dev/null 2>&1; then
|
if command -v iw >/dev/null 2>&1; then
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,13 @@ case "$1" in
|
||||||
|
|
||||||
# 4. Storage dir (SQLite + future PDF reports)
|
# 4. Storage dir (SQLite + future PDF reports)
|
||||||
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/lib/secubox/toolbox
|
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/lib/secubox/toolbox
|
||||||
install -d -m 0750 -o secubox-toolbox -g secubox-toolbox /var/log/secubox
|
# /var/log/secubox is a SHARED parent traversed by many service users
|
||||||
|
# (the aggregator runs as `secubox` and reads waf-threats.log under
|
||||||
|
# here). It MUST be 0755 — a 0750 owned by secubox-toolbox silently
|
||||||
|
# breaks WAF + SOC dashboards for the `secubox` user (#511, regressed
|
||||||
|
# the /waf/ + /soc/ pages on gk2 2026-06-10). Per-module log files +
|
||||||
|
# subdirs inside keep their own restricted perms.
|
||||||
|
install -d -m 0755 -o secubox-toolbox -g secubox-toolbox /var/log/secubox
|
||||||
|
|
||||||
# 4b. GeoLite2 databases (Phase 2a+ : flag emojis + ASN org)
|
# 4b. GeoLite2 databases (Phase 2a+ : flag emojis + ASN org)
|
||||||
# ASN DB from geoipupdate or Debian package geoip-database
|
# ASN DB from geoipupdate or Debian package geoip-database
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user