Document Universal Configuration and allow for empty LOGFILE

This commit is contained in:
Tom Eastep 2010-07-31 12:45:43 -07:00
parent 4e02031985
commit bebeba8cae
7 changed files with 63 additions and 14 deletions

View File

@ -10,4 +10,4 @@
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$FW net ACCEPT
net all DROP info
net all DROP

View File

@ -21,7 +21,7 @@ VERBOSITY=1
# L O G G I N G
###############################################################################
LOGFILE=/var/log/messages
LOGFILE=
STARTUP_LOG=/var/log/shorewall-init.log

View File

@ -22,7 +22,7 @@ VERBOSITY=1
# L O G G I N G
###############################################################################
LOGFILE=/var/log/messages
LOGFILE=
STARTUP_LOG=/var/log/shorewall6-init.log

View File

@ -1,4 +1,4 @@
#!/bin/sh
ss_#!/bin/sh
#
# Shorewall 4.4 -- /usr/share/shorewall/lib.cli.
#
@ -226,6 +226,18 @@ show_classifiers() {
logwatch() # $1 = timeout -- if negative, prompt each time that
# an 'interesting' packet count changes
{
if [ -z "$LOGFILE" ]; then
LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
echo "LOGFILE ($LOGFILE) does not exist!" >&2
exit 2
fi
fi
host=$(echo $g_hostname | sed 's/\..*$//')
oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
@ -541,6 +553,20 @@ show_command() {
;;
log)
[ $# -gt 2 ] && usage 1
if [ -z "$LOGFILE" ]; then
LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
echo "LOGFILE ($LOGFILE) does not exist!" >&2
exit 2
fi
fi
echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
echo
show_reset
@ -781,6 +807,17 @@ dump_command() {
esac
done
if [ -z "$LOGFILE" ]; then
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
echo "LOGFILE ($LOGFILE) does not exist!" >&2
exit 2
fi
fi
g_ipt_options="$g_ipt_options $g_ipt_options1"
[ $VERBOSITY -lt 2 ] && VERBOSITY=2

View File

@ -67,15 +67,15 @@ get_config() {
# This block is avoided for compile for export and when the user isn't root
#
if [ "$3" = Yes ]; then
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
echo "LOGFILE ($LOGFILE) does not exist!" >&2
exit 2
if [ -n "$LOGFILE" ]; then
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
echo "LOGFILE ($LOGFILE) does not exist!" >&2
exit 2
fi
fi
fi

View File

@ -22,6 +22,8 @@
<year>2007</year>
<year>2010</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -48,6 +50,16 @@
<para>Next, read the QuickStart Guide that is appropriate for your
configuration:</para>
<para><emphasis role="bold">If you just want to protect a system: (Requires
Shorewall 4.4.12-Beta3 or later)</emphasis></para>
<itemizedlist>
<listitem>
<para><ulink url="Universal.html">Universal</ulink> configuration --
requires no configuration to protect a single system.</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">If you have only one public IP
address:</emphasis></para>

View File

@ -18,7 +18,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2009</year>
<year>2010</year>
<holder>Thomas M. Eastep</holder>
</copyright>