Package: suricata Version: 1:7.0.10-1 Severity: normal Currently, suricata installs on Debian with permissions on /var/log/suricata as 0755 root:root.
Per Debian convention, /var/log/suricata should be owned by root:adm with (optionally) permissions 0750. Note I do not believe this to be a violation of Debian policy, as I could not find a written policy on this, nor does it seem to be strictly enforced. Historically speaking however, packages in /var/log should have the group set to adm (e.g. see nginx for an implementation of this): https://wiki.debian.org/SystemGroups It is also probably not a good idea for security-relevant logs to be world-readable, though there is potential for breakage here.
