]>
Commit | Line | Data |
---|---|---|
2367bb2d | 1 | diff -urp fwlogwatch-1.1./contrib/fwlogsummary.cgi fwlogwatch-1.1/contrib/fwlogsummary.cgi |
2 | --- fwlogwatch-1.1./contrib/fwlogsummary.cgi 2006-03-08 20:36:08.000000000 +0100 | |
3 | +++ fwlogwatch-1.1/contrib/fwlogsummary.cgi 2007-12-31 13:05:45.284763467 +0100 | |
4 | @@ -18,7 +18,7 @@ date | |
5 | ||
6 | RECENT="-l 1h" | |
7 | WEBDIR="/var/www/html/fwlogwatch" | |
8 | -FWLOGWATCH="/usr/local/sbin/fwlogwatch" | |
9 | +FWLOGWATCH="/usr/sbin/fwlogwatch" | |
10 | ||
11 | if [ ! -d $WEBDIR ] ; then | |
12 | echo "Directory $WEBDIR does not exist!" | |
13 | @@ -32,7 +32,7 @@ fi | |
14 | ||
15 | if [ -z $1 ] | |
16 | then | |
17 | - MESSAGES="/var/log/messages" | |
18 | + MESSAGES="/var/log/iptables" | |
19 | else | |
20 | MESSAGES="$1" | |
21 | fi | |
22 | diff -urp fwlogwatch-1.1./contrib/fwlogwatch.php fwlogwatch-1.1/contrib/fwlogwatch.php | |
23 | --- fwlogwatch-1.1./contrib/fwlogwatch.php 2006-03-08 20:36:08.000000000 +0100 | |
24 | +++ fwlogwatch-1.1/contrib/fwlogwatch.php 2007-12-31 13:05:45.288096571 +0100 | |
25 | @@ -16,7 +16,7 @@ | |
26 | $debug = '0'; | |
27 | $logdir = "/var/log"; | |
28 | $logbase = messages; | |
29 | -$fwlogwatch = "/usr/local/sbin/fwlogwatch"; | |
30 | +$fwlogwatch = "/usr/sbin/fwlogwatch"; | |
31 | ||
32 | /**********************************************************************/ | |
33 | ||
34 | diff -urp fwlogwatch-1.1./fwlogwatch.8 fwlogwatch-1.1/fwlogwatch.8 | |
35 | --- fwlogwatch-1.1./fwlogwatch.8 2006-03-08 20:36:02.000000000 +0100 | |
36 | +++ fwlogwatch-1.1/fwlogwatch.8 2007-12-31 13:05:45.288096571 +0100 | |
37 | @@ -39,7 +39,7 @@ for log formats that contain this inform | |
38 | Use the alternate configuration file | |
39 | .IR config | |
40 | instead of the default configuration file | |
41 | -.B /etc/fwlogwatch.config | |
42 | +.B /etc/fwlogwatch/fwlogwatch.config | |
43 | (which does not need to exist). Only options not specified in the files can | |
44 | be overridden by command line options. | |
45 | .IP \-D | |
46 | @@ -233,7 +233,7 @@ These email recipients will get a carbon | |
47 | archives). | |
48 | .IP \-I\ \fIfile\fR | |
49 | Template file for report (defaults to | |
50 | -.B /etc/fwlogwatch.template | |
51 | +.B /etc/fwlogwatch/fwlogwatch.template | |
52 | ). | |
53 | .SH "REALTIME RESPONSE MODE" | |
54 | .IP \-R | |
55 | @@ -280,7 +280,7 @@ and the default password is | |
56 | status web server can be changed in the configuration file. | |
57 | .SH "INPUT FILES" | |
58 | You can specify one or more input files (if none is given it defaults to | |
59 | -.B /var/log/messages | |
60 | +.B /var/log/iptables | |
61 | ). Relevant entries are automatically detected so combined log files (e.g. | |
62 | from a log host) are no problem. Compressed files are supported (except in | |
63 | realtime response mode where they don't make sense anyway). The '-' sign | |
64 | @@ -311,11 +311,11 @@ for months and | |
65 | .I y | |
66 | for years. | |
67 | .SH FILES | |
68 | -.IP \fB/etc/fwlogwatch.config\fR | |
69 | +.IP \fB/etc/fwlogwatch/fwlogwatch.config\fR | |
70 | Default configuration file. | |
71 | -.IP \fB/etc/fwlogwatch.template\fR | |
72 | +.IP \fB/etc/fwlogwatch/fwlogwatch.template\fR | |
73 | Default template for incident reports. | |
74 | -.IP \fB/var/log/messages\fR | |
75 | +.IP \fB/var/log/iptables\fR | |
76 | Default input log file. | |
77 | .IP \fB/var/run/fwlogwatch.pid\fR | |
78 | Default PID file generated by the daemon in realtime response mode if | |
79 | @@ -340,7 +340,7 @@ Since | |
80 | is a security tool special care was taken to make it secure. You can and | |
81 | should run it with user permissions for most functions, you can make it | |
82 | setgid for a group | |
83 | -.B /var/log/messages | |
84 | +.B /var/log/iptables | |
85 | is in if all you need is to be able to read this file. Only the realtime | |
86 | response mode with activated ipchains rule analysis needs superuser | |
87 | permissions but you might also need them to write the PID file, for actions | |
88 | diff -urp fwlogwatch-1.1./fwlogwatch.config fwlogwatch-1.1/fwlogwatch.config | |
89 | --- fwlogwatch-1.1./fwlogwatch.config 2004-03-23 14:09:21.000000000 +0100 | |
90 | +++ fwlogwatch-1.1/fwlogwatch.config 2007-12-31 13:06:07.166592912 +0100 | |
91 | @@ -38,7 +38,8 @@ | |
92 | # absolute path to the file. | |
93 | # Command line option: [file(s)] | |
94 | # | |
95 | -#input = /var/log/messages | |
96 | +#input = /var/log/kernel | |
97 | +input = /var/log/iptables | |
98 | ||
99 | ||
100 | ### Evaluation options ### | |
101 | @@ -258,7 +259,7 @@ | |
102 | # replaced with the report. | |
103 | # Command line option: -I <file> | |
104 | # | |
105 | -#template = /etc/fwlogwatch.template | |
106 | +template = /etc/fwlogwatch/fwlogwatch.template | |
107 | ||
108 | ||
109 | ### Realtime response mode ### | |
110 | @@ -290,9 +291,9 @@ | |
111 | # unprivileged port and with enough permissions to read a log file to run it | |
112 | # entirely as user, but you will not be able to execute response scripts | |
113 | # that need root privileges (e.g. to modify a firewall). | |
114 | -# Suggested value: nobody | |
115 | +# Suggested value: stats | |
116 | # | |
117 | -#run_as = | |
118 | +run_as = stats | |
119 | ||
120 | # The option 'stateful_start' is enabled by default and causes fwlogwatch | |
121 | # to read in the full log file at start and remember all entries that are | |
122 | @@ -328,8 +329,8 @@ | |
123 | # Alternative paths for the notification and response scripts can be | |
124 | # specified with the 'notification_script' and 'response_script' options. | |
125 | # | |
126 | -#notification_script = /usr/local/sbin/fwlw_notify | |
127 | -#response_script = /usr/local/sbin/fwlw_respond | |
128 | +#notification_script = /usr/sbin/fwlw_notify | |
129 | +#response_script = /usr/sbin/fwlw_respond | |
130 | ||
131 | # Known hosts are those that will not be warned about or actions taken | |
132 | # against, even if they match the alert/response criteria. | |
133 | diff -urp fwlogwatch-1.1./main.h fwlogwatch-1.1/main.h | |
134 | --- fwlogwatch-1.1./main.h 2006-04-17 16:54:51.000000000 +0200 | |
135 | +++ fwlogwatch-1.1/main.h 2007-12-31 13:05:45.288096571 +0100 | |
136 | @@ -58,11 +58,11 @@ | |
137 | /* Files */ | |
138 | ||
139 | #ifndef SOLARIS | |
140 | -#define INFILE "/var/log/messages" | |
141 | +#define INFILE "/var/log/iptables" | |
142 | #else | |
143 | #define INFILE "/var/adm/messages" | |
144 | #endif | |
145 | -#define RCFILE CONF_DIR "/fwlogwatch.config" | |
146 | +#define RCFILE CONF_DIR "/fwlogwatch/fwlogwatch.config" | |
147 | ||
148 | enum { | |
149 | MAY_NOT_EXIST, | |
150 | @@ -293,11 +293,11 @@ enum { | |
151 | /* Interactive report mode */ | |
152 | ||
153 | #define CERT "[Insert address of abuse contact or CERT here]" | |
154 | -#define TEMPLATE CONF_DIR "/fwlogwatch.template" | |
155 | +#define TEMPLATE CONF_DIR "/fwlogwatch/fwlogwatch.template" | |
156 | #define FILENAME "fwlogwatchXXXXXX" | |
157 | #define INSERTREPORT "# insert report here" | |
158 | #define P_CAT "/bin/cat" | |
159 | -#define P_SENDMAIL "/usr/sbin/sendmail" | |
160 | +#define P_SENDMAIL "/usr/lib/sendmail" | |
161 | ||
162 | enum { | |
163 | OPT_NONE, |