1Running fwanalog as a normal user, using sudo
2
3The problem: usually, only root can access the logfiles with the
4firewall logs, so fwanalog.sh must be run by root. However, it is a
5fairly complex shell script, bugs in it could be fatal if exploited. So
6it would be nice if normal users could run fwanalog.sh.
7
8Fortunately, there are some solutions for this.
9
10Solution 1: add the user to the admin/wheel/whatever group that can read
11the logfiles. However, this grants her/him more privileges than are
12really necessary.
13
14Solution 2: use Sudo to grant the user the permission to search for
15firewall patterns in the system log.
16
17As root, type "visudo", this edits /etc/sudoers or wherever it is on
18your system. Be sure that you read "man sudo" and "man sudoers" before
19so you know what you do.
20
21Add the following lines:
22
23# rules for people who can use fwanalog on this machine
24User_Alias      FWANALOG_USERS = {username}
25Cmnd_Alias      FWANALOG_ZEGREP = {zegrep command} {zegrep params} {logfiles}
26FWANALOG_USERS  ALL = NOPASSWD: FWANALOG_ZEGREP
27
28{username} should be the name of the user who runs fwanalog
29{zegrep command} is your zegrep.
30    If you want to be really safe, use the path name, e.g /bin/zegrep
31{zegrep params} is what fwanalog uses for grepping your logfiles. Look
32    into fwanalog.sh, locate the function that searches the patterns in
33	your logfiles, and copy its command line parameters: -h and the
34	pattern, without the quotes, and without "$inputfiles".
35{logfiles} should be your logfiles, either as a shell pattern
36    (e.g. /var/log/messages*) or specified directly (e.g.
37	/var/log/messages /var/log/messages.0)
38
39For example, my sudoers entry on a Linux 2.4 machine looks like this:
40
41User_Alias      FWANALOG_USERS = bb
42Cmnd_Alias      FWANALOG_ZEGREP = /bin/zegrep -h IN.+OUT.+SRC.+DST.+LEN.+TTL.+PROTO.+ /var/log/messages*
43FWANALOG_USERS  ALL = NOPASSWD: FWANALOG_ZEGREP
44
45Test it by executing "sudo /path/to/zegrep {params} {logfiles}" as the
46user. If it works, you can modify the "zegrep=..." line in fwanalog.opts
47to 'zegrep="sudo /path/to/zegrep"'.
48
49$Id: README.sudo,v 1.1 2002/03/08 09:06:51 bb Exp $
50