#! /bin/bash # # This script will modify the acl rights of files retrieved from # the /opt/splunk/var/log/splunk/splunkd.log # that need to allow the [splunk] user to have read and execute acesss. # # # ####################### script initialization ## # # To run on splunkforwarder (UF) or a custom path # set set value to the [splunkd.log] path for this installation. # If path exist then log will be read from that location. ################################################# # SUF="/opt/splunkforwarder/var/log/splunk" # SDEF="/opt/splunk/var/log/splunk" if [ -d $SUF ] then grep permission $SUF/splunkd.log | awk -F "'" '{print $2}' > /tmp/splperm else grep permission $SDEF/splunkd.log | awk -F "'" '{print $2}' > /tmp/splperm fi # touch /tmp/aclresults touch /tmp/acltest FILES="/tmp/splperm" rFILES="/tmp/aclresults" aclEXIST="/tmp/acltest" INPUT=`cat $FILES` ############################################### ######################## script options ####### # # To see full before and after results per file set value to 1 DEBUG=1 # To initialize a test run and verify correct files set value to 1 TEST=1 ############################################### ######################## main script ########## echo `date` > $rFILES for f in $INPUT do getfacl $f | grep splunk > $aclEXIST if [ ! -s $aclEXIST ] then echo `date` " Processing splunk user rights for $f" >> $rFILES if [ $DEBUG -eq 1 ] then echo "Before:" >> $rFILES getfacl $f >> $rFILES fi if [ $TEST -eq 0 ] then echo "This is not a test run for $f" >> $rFILES setfacl -m u:splunk:rx $f else echo "This is a test run for $f" >> $rFILES fi if [ $DEBUG -eq 1 ] then echo "After:" >> $rFILES getfacl $f >> $rFILES fi else echo `date` "Splunk user rights for $f not needed" >> $rFILES fi done ######################### main script end ########