From 7de83cba8c403f18b0501892aed780e8795afd22 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Fri, 29 Jun 2007 03:17:19 +0000
Subject: [PATCH] added validation for the SYSLOG_FACILITY and SYSLOG_PRIORITY
 vars

git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2077 91a0a83b-1414-0410-bf9a-c3dbc33e90b6
---
 psad      | 26 ++++++++++++++++++++++++--
 psad.conf |  3 +++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/psad b/psad
index 6cc42df..5cbf1e7 100755
--- a/psad
+++ b/psad
@@ -2872,7 +2872,7 @@ sub validate_config() {
         unless ($fw_block_ip =~ m|^\s*$ip_re\s*$|
                 or $fw_block_ip =~ m|^\s*$ip_re/\d+\s*$|
                 or $fw_block_ip =~ m|^\s*$ip_re/$ip_re\s*$|) {
-            die '[-] The --fw-block-ip argument accepts ' .
+            die '[*] The --fw-block-ip argument accepts ' .
                 'an IP address or network.';
         }
     }
@@ -2881,11 +2881,33 @@ sub validate_config() {
         unless ($fw_rm_block_ip =~ m|^\s*$ip_re\s*$|
                 or $fw_rm_block_ip =~ m|^\s*$ip_re/\d+\s*$|
                 or $fw_rm_block_ip =~ m|^\s*$ip_re/$ip_re\s*$|) {
-            die '[-] The --fw-rm-block-ip argument accepts ' .
+            die '[*] The --fw-rm-block-ip argument accepts ' .
                 'an IP address or network.';
         }
     }
 
+    unless ($config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL7/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL6/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL5/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL4/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL3/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL2/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL1/i
+            or $config{'SYSLOG_FACILITY'} =~ /LOG_LOCAL0/i) {
+        die "[*] Unrecognized SYSLOG_FACILITY, see psad.conf";
+    }
+
+    unless ($config{'SYSLOG_PRIORITY'} =~ /LOG_INFO/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_DEBUG/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_NOTICE/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_WARNING/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_ERR/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_CRIT/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_ALERT/i
+            or $config{'SYSLOG_PRIORITY'} =~ /LOG_EMERG/i) {
+        die "[*] Unrecognized SYSLOG_PRIORITY, see psad.conf";
+    }
+
     return;
 }
 
diff --git a/psad.conf b/psad.conf
index 5302e1b..060aa48 100644
--- a/psad.conf
+++ b/psad.conf
@@ -199,6 +199,9 @@ ALERT_ALL                   Y;
 IMPORT_OLD_SCANS            N;
 
 ### syslog facility and priority (the defaults are usually ok)
+### The SYSLOG_FACILITY variable can be set to one of LOG_LOCAL{0-7}, and
+### SYSLOG_PRIORITY can be set to one of LOG_INFO, LOG_DEBUG, LOG_NOTICE,
+### LOG_WARNING, LOG_ERR, LOG_CRIT, LOG_ALERT, or LOG_EMERG
 SYSLOG_IDENTITY             psad;
 SYSLOG_FACILITY             LOG_LOCAL7;
 SYSLOG_PRIORITY             LOG_INFO;