- patch for standard pld paths; run as user stats in daemon mode

[packages/fwlogwatch.git] / fwlogwatch-paths.patch

diff -urp fwlogwatch-1.1./contrib/fwlogsummary.cgi fwlogwatch-1.1/contrib/fwlogsummary.cgi
--- fwlogwatch-1.1./contrib/fwlogsummary.cgi    2006-03-08 20:36:08.000000000 +0100
+++ fwlogwatch-1.1/contrib/fwlogsummary.cgi     2007-12-31 13:05:45.284763467 +0100
@@ -18,7 +18,7 @@ date
 
 RECENT="-l 1h"
 WEBDIR="/var/www/html/fwlogwatch"
-FWLOGWATCH="/usr/local/sbin/fwlogwatch"
+FWLOGWATCH="/usr/sbin/fwlogwatch"
 
 if [ ! -d $WEBDIR ] ; then
   echo "Directory $WEBDIR does not exist!"
@@ -32,7 +32,7 @@ fi
 
 if [ -z $1 ]
 then
-  MESSAGES="/var/log/messages"
+  MESSAGES="/var/log/iptables"
 else
   MESSAGES="$1"
 fi
diff -urp fwlogwatch-1.1./contrib/fwlogwatch.php fwlogwatch-1.1/contrib/fwlogwatch.php
--- fwlogwatch-1.1./contrib/fwlogwatch.php      2006-03-08 20:36:08.000000000 +0100
+++ fwlogwatch-1.1/contrib/fwlogwatch.php       2007-12-31 13:05:45.288096571 +0100
@@ -16,7 +16,7 @@
 $debug = '0';
 $logdir = "/var/log";
 $logbase = messages;
-$fwlogwatch = "/usr/local/sbin/fwlogwatch";
+$fwlogwatch = "/usr/sbin/fwlogwatch";
 
 /**********************************************************************/
 
diff -urp fwlogwatch-1.1./fwlogwatch.8 fwlogwatch-1.1/fwlogwatch.8
--- fwlogwatch-1.1./fwlogwatch.8        2006-03-08 20:36:02.000000000 +0100
+++ fwlogwatch-1.1/fwlogwatch.8 2007-12-31 13:05:45.288096571 +0100
@@ -39,7 +39,7 @@ for log formats that contain this inform
 Use the alternate configuration file
 .IR config
 instead of the default configuration file
-.B /etc/fwlogwatch.config
+.B /etc/fwlogwatch/fwlogwatch.config
 (which does not need to exist). Only options not specified in the files can
 be overridden by command line options.
 .IP \-D
@@ -233,7 +233,7 @@ These email recipients will get a carbon
 archives).
 .IP \-I\ \fIfile\fR
 Template file for report (defaults to
-.B /etc/fwlogwatch.template
+.B /etc/fwlogwatch/fwlogwatch.template
 ).
 .SH "REALTIME RESPONSE MODE"
 .IP \-R
@@ -280,7 +280,7 @@ and the default password is
 status web server can be changed in the configuration file.
 .SH "INPUT FILES"
 You can specify one or more input files (if none is given it defaults to
-.B /var/log/messages
+.B /var/log/iptables
 ). Relevant entries are automatically detected so combined log files (e.g.
 from a log host) are no problem. Compressed files are supported (except in
 realtime response mode where they don't make sense anyway). The '-' sign
@@ -311,11 +311,11 @@ for months and
 .I y
 for years.
 .SH FILES
-.IP \fB/etc/fwlogwatch.config\fR
+.IP \fB/etc/fwlogwatch/fwlogwatch.config\fR
 Default configuration file.
-.IP \fB/etc/fwlogwatch.template\fR
+.IP \fB/etc/fwlogwatch/fwlogwatch.template\fR
 Default template for incident reports.
-.IP \fB/var/log/messages\fR
+.IP \fB/var/log/iptables\fR
 Default input log file.
 .IP \fB/var/run/fwlogwatch.pid\fR
 Default PID file generated by the daemon in realtime response mode if
@@ -340,7 +340,7 @@ Since
 is a security tool special care was taken to make it secure. You can and
 should run it with user permissions for most functions, you can make it
 setgid for a group
-.B /var/log/messages
+.B /var/log/iptables
 is in if all you need is to be able to read this file. Only the realtime
 response mode with activated ipchains rule analysis needs superuser
 permissions but you might also need them to write the PID file, for actions
diff -urp fwlogwatch-1.1./fwlogwatch.config fwlogwatch-1.1/fwlogwatch.config
--- fwlogwatch-1.1./fwlogwatch.config   2004-03-23 14:09:21.000000000 +0100
+++ fwlogwatch-1.1/fwlogwatch.config    2007-12-31 13:06:07.166592912 +0100
@@ -38,7 +38,8 @@
 # absolute path to the file.
 # Command line option: [file(s)]
 #
-#input = /var/log/messages
+#input = /var/log/kernel
+input = /var/log/iptables
 
 
 ### Evaluation options ###
@@ -258,7 +259,7 @@
 # replaced with the report.
 # Command line option: -I <file>
 #
-#template = /etc/fwlogwatch.template
+template = /etc/fwlogwatch/fwlogwatch.template
 
 
 ### Realtime response mode ###
@@ -290,9 +291,9 @@
 # unprivileged port and with enough permissions to read a log file to run it
 # entirely as user, but you will not be able to execute response scripts
 # that need root privileges (e.g. to modify a firewall).
-# Suggested value: nobody
+# Suggested value: stats
 #
-#run_as =
+run_as = stats
 
 # The option 'stateful_start' is enabled by default and causes fwlogwatch
 # to read in the full log file at start and remember all entries that are
@@ -328,8 +329,8 @@
 # Alternative paths for the notification and response scripts can be
 # specified with the 'notification_script' and 'response_script' options.
 #
-#notification_script = /usr/local/sbin/fwlw_notify
-#response_script = /usr/local/sbin/fwlw_respond
+#notification_script = /usr/sbin/fwlw_notify
+#response_script = /usr/sbin/fwlw_respond
 
 # Known hosts are those that will not be warned about or actions taken
 # against, even if they match the alert/response criteria.
diff -urp fwlogwatch-1.1./main.h fwlogwatch-1.1/main.h
--- fwlogwatch-1.1./main.h      2006-04-17 16:54:51.000000000 +0200
+++ fwlogwatch-1.1/main.h       2007-12-31 13:05:45.288096571 +0100
@@ -58,11 +58,11 @@
 /* Files */
 
 #ifndef SOLARIS
-#define INFILE "/var/log/messages"
+#define INFILE "/var/log/iptables"
 #else
 #define INFILE "/var/adm/messages"
 #endif
-#define RCFILE CONF_DIR "/fwlogwatch.config"
+#define RCFILE CONF_DIR "/fwlogwatch/fwlogwatch.config"
 
 enum {
   MAY_NOT_EXIST,
@@ -293,11 +293,11 @@ enum {
 /* Interactive report mode */
 
 #define CERT "[Insert address of abuse contact or CERT here]"
-#define TEMPLATE CONF_DIR "/fwlogwatch.template"
+#define TEMPLATE CONF_DIR "/fwlogwatch/fwlogwatch.template"
 #define FILENAME "fwlogwatchXXXXXX"
 #define INSERTREPORT "# insert report here"
 #define P_CAT "/bin/cat"
-#define P_SENDMAIL "/usr/sbin/sendmail"
+#define P_SENDMAIL "/usr/lib/sendmail"
 
 enum {
   OPT_NONE,