* warn if exilog.conf is readable by others, resolves #128

* check if exilog.conf exists and is readable by the current user, resolves #132

Signed-off-by: Andreas Unterkircher <unki@netshadow.at>

1 files changed, 28 insertions, 2 deletions

diff --git a/lib/exilog_config.pm b/lib/exilog_config.pm
index c736b09..bd24b1c 100644
--- a/lib/exilog_config.pm
+++ b/lib/exilog_config.pm
@@ -11,10 +11,10 @@
 
 package exilog_config;
 use strict;
+use Fcntl ':mode';
 
 use lib "/usr/lib/exilog/";
 
-
 BEGIN {
   use Exporter;
   use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@@ -36,9 +36,35 @@ BEGIN {
   use vars qw( $config $version );
 }
 
+my $cfg_file = "/etc/exilog/exilog.conf";
+
 $version = "0.5.1";
 
-$config = _read_ph("/etc/exilog/exilog.conf");
+# check file permissions of exilog.conf
+
+my $mode = (stat($cfg_file))[2];
+# mask out file type;
+$mode = $mode & 07777;
+# we care only about others now
+$mode = $mode & 0007;
+
+if ( $mode > 0 ) {
+  print STDERR "($$) [exilog_config] Attention - $cfg_file is readable by 'others'. Fix file permissions!\n";
+  exit(0);
+}
+
+if ( ! -e $cfg_file ) {
+  print STDERR "($$) [exilog_config] $cfg_file does not exist!\n";
+  exit(0);
+}
+
+if ( ! -r $cfg_file ) {
+  my $username = getpwuid($<);
+  print STDERR "($$) [exilog_config] $cfg_file is not readable by user ". $username ."!\n";
+  exit(0);
+}
+
+$config = _read_ph($cfg_file);
 
 unless ($config) {
   print STDERR "($$) [exilog_config] Can't parse configuration file.\n";