From 9565c5356464b7a5d679ce647fed4973549fc946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Tue, 4 Feb 2025 15:33:24 +0100
Subject: [PATCH] Fix startup errors on STIG compliant systems due to noexec
 filesystems (#533) (#673)

* Update packaging scripts to avoid failures when /var/log is noexec

Moved tmp dir creation from postinst to preinst

Update .restart tmp file to be stored in the new tmp dir

* Update OPENASEARCH_TMPDIR pointing to new tmp directory's path

Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
---
 .../src/common/systemd/wazuh-indexer.service        |  2 +-
 distribution/packages/src/deb/debian/postinst       |  7 ++-----
 distribution/packages/src/deb/debian/preinst        | 13 ++++++++++---
 .../packages/src/rpm/wazuh-indexer.rpm.spec         |  2 +-
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/distribution/packages/src/common/systemd/wazuh-indexer.service b/distribution/packages/src/common/systemd/wazuh-indexer.service
index d4171152df3ca..3150db260722e 100644
--- a/distribution/packages/src/common/systemd/wazuh-indexer.service
+++ b/distribution/packages/src/common/systemd/wazuh-indexer.service
@@ -9,7 +9,7 @@ Type=notify
 RuntimeDirectory=wazuh-indexer
 PrivateTmp=true
 Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
-Environment=OPENSEARCH_TMPDIR=/var/log/wazuh-indexer/tmp
+Environment=OPENSEARCH_TMPDIR=/var/lib/wazuh-indexer/tmp
 Environment=OPENSEARCH_PATH_CONF=${path.conf}
 Environment=PID_DIR=/run/wazuh-indexer
 Environment=OPENSEARCH_SD_NOTIFY=true
diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst
index 7a0ab9a7453ad..0391051ae7a8b 100644
--- a/distribution/packages/src/deb/debian/postinst
+++ b/distribution/packages/src/deb/debian/postinst
@@ -18,11 +18,8 @@ config_dir=/etc/wazuh-indexer
 data_dir=/var/lib/wazuh-indexer
 log_dir=/var/log/wazuh-indexer
 pid_dir=/run/wazuh-indexer
-tmp_dir=/var/log/wazuh-indexer/tmp
-restart_service=/tmp/wazuh-indexer.restart
-
-# Create needed directories
-mkdir -p ${tmp_dir}
+tmp_dir=${data_dir}/tmp
+restart_service=${tmp_dir}/wazuh-indexer.restart
 
 # Set owner
 chown -R wazuh-indexer:wazuh-indexer ${product_dir}
diff --git a/distribution/packages/src/deb/debian/preinst b/distribution/packages/src/deb/debian/preinst
index 31ce49546adfc..cebd377a1716f 100644
--- a/distribution/packages/src/deb/debian/preinst
+++ b/distribution/packages/src/deb/debian/preinst
@@ -11,10 +11,17 @@
 
 set -e
 
-echo "Running Wazuh Indexer Pre-Installation Script"
+# Reference to temp directory
+tmp_dir=/var/lib/wazuh-indexer/tmp
+restart_service=${tmp_dir}/wazuh-indexer.restart
+
+# Create needed directories
+if [ -d ${tmp_dir} ]; then
+    rm -r ${tmp_dir}
+fi
+mkdir -p ${tmp_dir}
 
-# Reference to restore actual service status
-restart_service=/tmp/wazuh-indexer.restart
+echo "Running Wazuh Indexer Pre-Installation Script"
 
 case "$1" in
     upgrade)
diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index 827dda4b458a0..a9aa0949a8fa2 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -28,7 +28,7 @@
 %define data_dir %{_sharedstatedir}/%{name}
 %define log_dir %{_localstatedir}/log/%{name}
 %define pid_dir %{_localstatedir}/run/%{name}
-%define tmp_dir %{log_dir}/tmp
+%define tmp_dir %{data_dir}/tmp
 %define restart_service %{tmp_dir}/%{name}.restart
 %{!?_version: %define _version 0.0.0 }
 %{!?_architecture: %define _architecture x86_64 }