From 9841f7bf67f748028e46997cdb4841fd7da756cd Mon Sep 17 00:00:00 2001
From: Jake Landis <jake.landis@elastic.co>
Date: Mon, 22 Jan 2018 15:08:12 -0600
Subject: [PATCH] Ensure that environment variables are only accessible to be
 read root

Part of #8735

Fixes #9006
---
 pkg/centos/after-install.sh | 3 +++
 pkg/debian/after-install.sh | 3 +++
 pkg/ubuntu/after-install.sh | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/pkg/centos/after-install.sh b/pkg/centos/after-install.sh
index 5c1047ca6c0..def3b326d8e 100644
--- a/pkg/centos/after-install.sh
+++ b/pkg/centos/after-install.sh
@@ -6,3 +6,6 @@ sed -i \
   -e 's|# path.data:|path.data: /var/lib/logstash|' \
   /etc/logstash/logstash.yml
 /usr/share/logstash/bin/system-install /etc/logstash/startup.options
+chmod 600 /etc/logstash/startup.options
+chmod 600 /etc/default/logstash
+
diff --git a/pkg/debian/after-install.sh b/pkg/debian/after-install.sh
index 3901941882d..d425680571a 100644
--- a/pkg/debian/after-install.sh
+++ b/pkg/debian/after-install.sh
@@ -9,3 +9,6 @@ sed -i \
   -e 's|# path.data:|path.data: /var/lib/logstash|' \
   /etc/logstash/logstash.yml
 /usr/share/logstash/bin/system-install /etc/logstash/startup.options
+chmod 600 /etc/logstash/startup.options
+chmod 600 /etc/default/logstash
+
diff --git a/pkg/ubuntu/after-install.sh b/pkg/ubuntu/after-install.sh
index 41b80e99344..8a7bd77511d 100644
--- a/pkg/ubuntu/after-install.sh
+++ b/pkg/ubuntu/after-install.sh
@@ -8,3 +8,5 @@ sed -i \
   -e 's|# path.data:|path.data: /var/lib/logstash|' \
   /etc/logstash/logstash.yml
 /usr/share/logstash/bin/system-install /etc/logstash/startup.options
+chmod 600 /etc/logstash/startup.options
+chmod 600 /etc/default/logstash