From 2367bb2ddf1fbecccd5676b95c7b931ede1ad58f Mon Sep 17 00:00:00 2001
From: zbyniu <zbyniu@pld-linux.org>
Date: Mon, 31 Dec 2007 12:30:20 +0000
Subject: [PATCH] - patch for standard pld paths; run as user stats in daemon
 mode

Changed files:
    fwlogwatch-paths.patch -> 1.1
---
 fwlogwatch-paths.patch | 163 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 163 insertions(+)
 create mode 100644 fwlogwatch-paths.patch

diff --git a/fwlogwatch-paths.patch b/fwlogwatch-paths.patch
new file mode 100644
index 0000000..b212ec2
--- /dev/null
+++ b/fwlogwatch-paths.patch
@@ -0,0 +1,163 @@
+diff -urp fwlogwatch-1.1./contrib/fwlogsummary.cgi fwlogwatch-1.1/contrib/fwlogsummary.cgi
+--- fwlogwatch-1.1./contrib/fwlogsummary.cgi	2006-03-08 20:36:08.000000000 +0100
++++ fwlogwatch-1.1/contrib/fwlogsummary.cgi	2007-12-31 13:05:45.284763467 +0100
+@@ -18,7 +18,7 @@ date
+ 
+ RECENT="-l 1h"
+ WEBDIR="/var/www/html/fwlogwatch"
+-FWLOGWATCH="/usr/local/sbin/fwlogwatch"
++FWLOGWATCH="/usr/sbin/fwlogwatch"
+ 
+ if [ ! -d $WEBDIR ] ; then
+   echo "Directory $WEBDIR does not exist!"
+@@ -32,7 +32,7 @@ fi
+ 
+ if [ -z $1 ]
+ then
+-  MESSAGES="/var/log/messages"
++  MESSAGES="/var/log/iptables"
+ else
+   MESSAGES="$1"
+ fi
+diff -urp fwlogwatch-1.1./contrib/fwlogwatch.php fwlogwatch-1.1/contrib/fwlogwatch.php
+--- fwlogwatch-1.1./contrib/fwlogwatch.php	2006-03-08 20:36:08.000000000 +0100
++++ fwlogwatch-1.1/contrib/fwlogwatch.php	2007-12-31 13:05:45.288096571 +0100
+@@ -16,7 +16,7 @@
+ $debug = '0';
+ $logdir = "/var/log";
+ $logbase = messages;
+-$fwlogwatch = "/usr/local/sbin/fwlogwatch";
++$fwlogwatch = "/usr/sbin/fwlogwatch";
+ 
+ /**********************************************************************/
+ 
+diff -urp fwlogwatch-1.1./fwlogwatch.8 fwlogwatch-1.1/fwlogwatch.8
+--- fwlogwatch-1.1./fwlogwatch.8	2006-03-08 20:36:02.000000000 +0100
++++ fwlogwatch-1.1/fwlogwatch.8	2007-12-31 13:05:45.288096571 +0100
+@@ -39,7 +39,7 @@ for log formats that contain this inform
+ Use the alternate configuration file
+ .IR config
+ instead of the default configuration file
+-.B /etc/fwlogwatch.config
++.B /etc/fwlogwatch/fwlogwatch.config
+ (which does not need to exist). Only options not specified in the files can
+ be overridden by command line options.
+ .IP \-D
+@@ -233,7 +233,7 @@ These email recipients will get a carbon
+ archives).
+ .IP \-I\ \fIfile\fR
+ Template file for report (defaults to
+-.B /etc/fwlogwatch.template
++.B /etc/fwlogwatch/fwlogwatch.template
+ ).
+ .SH "REALTIME RESPONSE MODE"
+ .IP \-R
+@@ -280,7 +280,7 @@ and the default password is
+ status web server can be changed in the configuration file.
+ .SH "INPUT FILES"
+ You can specify one or more input files (if none is given it defaults to
+-.B /var/log/messages
++.B /var/log/iptables
+ ). Relevant entries are automatically detected so combined log files (e.g.
+ from a log host) are no problem. Compressed files are supported (except in
+ realtime response mode where they don't make sense anyway). The '-' sign
+@@ -311,11 +311,11 @@ for months and
+ .I y
+ for years.
+ .SH FILES
+-.IP \fB/etc/fwlogwatch.config\fR
++.IP \fB/etc/fwlogwatch/fwlogwatch.config\fR
+ Default configuration file.
+-.IP \fB/etc/fwlogwatch.template\fR
++.IP \fB/etc/fwlogwatch/fwlogwatch.template\fR
+ Default template for incident reports.
+-.IP \fB/var/log/messages\fR
++.IP \fB/var/log/iptables\fR
+ Default input log file.
+ .IP \fB/var/run/fwlogwatch.pid\fR
+ Default PID file generated by the daemon in realtime response mode if
+@@ -340,7 +340,7 @@ Since
+ is a security tool special care was taken to make it secure. You can and
+ should run it with user permissions for most functions, you can make it
+ setgid for a group
+-.B /var/log/messages
++.B /var/log/iptables
+ is in if all you need is to be able to read this file. Only the realtime
+ response mode with activated ipchains rule analysis needs superuser
+ permissions but you might also need them to write the PID file, for actions
+diff -urp fwlogwatch-1.1./fwlogwatch.config fwlogwatch-1.1/fwlogwatch.config
+--- fwlogwatch-1.1./fwlogwatch.config	2004-03-23 14:09:21.000000000 +0100
++++ fwlogwatch-1.1/fwlogwatch.config	2007-12-31 13:06:07.166592912 +0100
+@@ -38,7 +38,8 @@
+ # absolute path to the file.
+ # Command line option: [file(s)]
+ #
+-#input = /var/log/messages
++#input = /var/log/kernel
++input = /var/log/iptables
+ 
+ 
+ ### Evaluation options ###
+@@ -258,7 +259,7 @@
+ # replaced with the report.
+ # Command line option: -I <file>
+ #
+-#template = /etc/fwlogwatch.template
++template = /etc/fwlogwatch/fwlogwatch.template
+ 
+ 
+ ### Realtime response mode ###
+@@ -290,9 +291,9 @@
+ # unprivileged port and with enough permissions to read a log file to run it
+ # entirely as user, but you will not be able to execute response scripts
+ # that need root privileges (e.g. to modify a firewall).
+-# Suggested value: nobody
++# Suggested value: stats
+ #
+-#run_as =
++run_as = stats
+ 
+ # The option 'stateful_start' is enabled by default and causes fwlogwatch
+ # to read in the full log file at start and remember all entries that are
+@@ -328,8 +329,8 @@
+ # Alternative paths for the notification and response scripts can be
+ # specified with the 'notification_script' and 'response_script' options.
+ #
+-#notification_script = /usr/local/sbin/fwlw_notify
+-#response_script = /usr/local/sbin/fwlw_respond
++#notification_script = /usr/sbin/fwlw_notify
++#response_script = /usr/sbin/fwlw_respond
+ 
+ # Known hosts are those that will not be warned about or actions taken
+ # against, even if they match the alert/response criteria.
+diff -urp fwlogwatch-1.1./main.h fwlogwatch-1.1/main.h
+--- fwlogwatch-1.1./main.h	2006-04-17 16:54:51.000000000 +0200
++++ fwlogwatch-1.1/main.h	2007-12-31 13:05:45.288096571 +0100
+@@ -58,11 +58,11 @@
+ /* Files */
+ 
+ #ifndef SOLARIS
+-#define INFILE "/var/log/messages"
++#define INFILE "/var/log/iptables"
+ #else
+ #define INFILE "/var/adm/messages"
+ #endif
+-#define RCFILE CONF_DIR "/fwlogwatch.config"
++#define RCFILE CONF_DIR "/fwlogwatch/fwlogwatch.config"
+ 
+ enum {
+   MAY_NOT_EXIST,
+@@ -293,11 +293,11 @@ enum {
+ /* Interactive report mode */
+ 
+ #define CERT "[Insert address of abuse contact or CERT here]"
+-#define TEMPLATE CONF_DIR "/fwlogwatch.template"
++#define TEMPLATE CONF_DIR "/fwlogwatch/fwlogwatch.template"
+ #define FILENAME "fwlogwatchXXXXXX"
+ #define INSERTREPORT "# insert report here"
+ #define P_CAT "/bin/cat"
+-#define P_SENDMAIL "/usr/sbin/sendmail"
++#define P_SENDMAIL "/usr/lib/sendmail"
+ 
+ enum {
+   OPT_NONE,
-- 
2.43.0