Google Git
Sign in
cos / cos / compliance / 21bdc522bf3404f4481114d343ca53db88fb9bd0^! / .
commit21bdc522bf3404f4481114d343ca53db88fb9bd0[log] [tgz]
authorMichael Kochera <kochera@google.com>Fri Mar 22 10:51:59 2024 +0000
committerMichael Kochera <kochera@google.com>Fri Mar 22 22:10:10 2024 +0000
treeec4808ee584d75929aad47d856caa445e94817b0
parentd56595bd2ba766ca0fa5c41cd59e561521bf6b41 [diff]
Add script for starting logging and fix race condition in 4230.

We can add the script back for starting logging due to the new design
for enabling it through cis-compliance. It is opted-out by default and
users have to go and delete it's opt out to have the script run. This
makes it a very deliberate user choice to use our logging and still
allows autoVM to track the logging is running benchmark.

BUG=b/327004469
TEST=None
RELEASE_NOTE=Add script to start logging for cis-level2 if the default
opt-out flag is removed by the user.

Change-Id: Id5c6eb839ddc96f44d48bbc71834c1cc83985d40

diff --git a/alphabet-compliance/scripts/4112-logging-service-running.sh b/alphabet-compliance/scripts/4112-logging-service-running.sh
new file mode 100644
index 0000000..7b80d60
--- /dev/null
+++ b/alphabet-compliance/scripts/4112-logging-service-running.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Section 4.1.1.2 Ensure logging Service is running
+systemctl start fluent-bit.service

diff --git a/alphabet-compliance/scripts/4230-logfile-permissions-cos.sh b/alphabet-compliance/scripts/4230-logfile-permissions-cos.sh
index 0253898..25cb22b 100644
--- a/alphabet-compliance/scripts/4230-logfile-permissions-cos.sh
+++ b/alphabet-compliance/scripts/4230-logfile-permissions-cos.sh

@@ -14,5 +14,5 @@
 # limitations under the License.
 
 ## Section: 4.2.3 Ensure permissions on all logfiles are configured ##
-sudo find /var/log -type f -exec chmod g-wx,o-rwx "{}" + -o \
-  -type d -exec chmod g-w,o-rwx "{}" +
+sudo find /var/log -ignore_readdir_race -type f -exec chmod -f g-wx,o-rwx "{}" \
+  + -o -type d -exec chmod -f g-w,o-rwx "{}" + || true