1Running fwanalog as a normal user, using sudo 2 3The problem: usually, only root can access the logfiles with the 4firewall logs, so fwanalog.sh must be run by root. However, it is a 5fairly complex shell script, bugs in it could be fatal if exploited. So 6it would be nice if normal users could run fwanalog.sh. 7 8Fortunately, there are some solutions for this. 9 10Solution 1: add the user to the admin/wheel/whatever group that can read 11the logfiles. However, this grants her/him more privileges than are 12really necessary. 13 14Solution 2: use Sudo to grant the user the permission to search for 15firewall patterns in the system log. 16 17As root, type "visudo", this edits /etc/sudoers or wherever it is on 18your system. Be sure that you read "man sudo" and "man sudoers" before 19so you know what you do. 20 21Add the following lines: 22 23# rules for people who can use fwanalog on this machine 24User_Alias FWANALOG_USERS = {username} 25Cmnd_Alias FWANALOG_ZEGREP = {zegrep command} {zegrep params} {logfiles} 26FWANALOG_USERS ALL = NOPASSWD: FWANALOG_ZEGREP 27 28{username} should be the name of the user who runs fwanalog 29{zegrep command} is your zegrep. 30 If you want to be really safe, use the path name, e.g /bin/zegrep 31{zegrep params} is what fwanalog uses for grepping your logfiles. Look 32 into fwanalog.sh, locate the function that searches the patterns in 33 your logfiles, and copy its command line parameters: -h and the 34 pattern, without the quotes, and without "$inputfiles". 35{logfiles} should be your logfiles, either as a shell pattern 36 (e.g. /var/log/messages*) or specified directly (e.g. 37 /var/log/messages /var/log/messages.0) 38 39For example, my sudoers entry on a Linux 2.4 machine looks like this: 40 41User_Alias FWANALOG_USERS = bb 42Cmnd_Alias FWANALOG_ZEGREP = /bin/zegrep -h IN.+OUT.+SRC.+DST.+LEN.+TTL.+PROTO.+ /var/log/messages* 43FWANALOG_USERS ALL = NOPASSWD: FWANALOG_ZEGREP 44 45Test it by executing "sudo /path/to/zegrep {params} {logfiles}" as the 46user. If it works, you can modify the "zegrep=..." line in fwanalog.opts 47to 'zegrep="sudo /path/to/zegrep"'. 48 49$Id: README.sudo,v 1.1 2002/03/08 09:06:51 bb Exp $ 50