Changeset 183 for trunk

Timestamp:

Oct 26, 2008, 12:59:48 PM (16 years ago)

Author:

katerina

Message:

Support for logfile monitoring (ticket #122). Also improved some configure error messages.

Location:

trunk

Files:

• Makefile.in (modified) (5 diffs)
• aclocal.m4 (modified) (1 diff)
• configure.ac (modified) (28 diffs)
• depend.dep (modified) (2 diffs)
• depend.sum (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• include/sh_cat.h (modified) (1 diff)
• include/sh_log_check.h (added)
• include/sh_log_evalrule.h (added)
• include/sh_logmon.h (added)
• include/sh_string.h (modified) (2 diffs)
• include/sh_unix.h (modified) (1 diff)
• include/slib.h (modified) (1 diff)
• src/sh_cat.c (modified) (4 diffs)
• src/sh_getopt.c (modified) (1 diff)
• src/sh_log_check.c (added)
• src/sh_log_evalrule.c (added)
• src/sh_log_parse_apache.c (added)
• src/sh_log_parse_pacct.c (added)
• src/sh_log_parse_syslog.c (added)
• src/sh_modules.c (modified) (2 diffs)
• src/sh_processcheck.c (modified) (1 diff)
• src/sh_string.c (modified) (6 diffs)
• src/sh_unix.c (modified) (2 diffs)
• src/slib.c (modified) (4 diffs)
• src/trustfile.c (modified) (2 diffs)
• test/testcompile.sh (modified) (6 diffs)

trunk/Makefile.in

@@ -118 +118 @@
         rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \
         sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h \
-        sh_processcheck.h sh_portcheck.h sh_pthread.h sh_string.h
+        sh_processcheck.h sh_portcheck.h sh_pthread.h sh_string.h \
+        sh_log_check.h sh_log_evalrule.h
 
 
@@ -153 +154 @@
         $(srcsrc)/sh_processcheck.c \
         $(srcsrc)/sh_pthread.c $(srcsrc)/sh_string.c \
-        $(srcsrc)/dnmalloc.c \
+        $(srcsrc)/sh_log_parse_syslog.c $(srcsrc)/sh_log_parse_pacct.c \
+        $(srcsrc)/sh_log_parse_apache.c $(srcsrc)/sh_log_evalrule.c \
+        $(srcsrc)/sh_log_check.c $(srcsrc)/dnmalloc.c \
         $(srcsrc)/t-test1.c
 
@@ -168 +171 @@
         sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \
         sh_processcheck.o sh_portcheck.o sh_port2proc.o \
+        sh_log_parse_syslog.o sh_log_parse_pacct.o sh_log_parse_apache.o \
+        sh_log_evalrule.o sh_log_check.o \
         sh_pthread.o sh_string.o dnmalloc.o
 
@@ -1665 +1670 @@
 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
-sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 
+sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h 
 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h 
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
@@ -1714 +1719 @@
 t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h 
 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h 
+sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h 
+sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_modules.h 

trunk/aclocal.m4

@@ -409 +409 @@
 x_libraries=NONE
 DESTDIR=
-SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch process-check port-check mounts-check userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc"
+SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc"
 SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
 

trunk/configure.ac

@@ -242 +242 @@
   AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) )
 fi
+
+dnl
+dnl figure out where acct.h lives
+dnl and whether fields are int/comp_t
+dnl
+dnl GNU Accounting Utilities
+dnl Copyright (C) 1993, 1996, 1997, 2003, 2005 Free Software Foundation, Inc.
+dnl The GNU Accounting Utilities are free software; you can redistribute
+dnl them and/or modify them under the terms of the GNU General Public
+dnl License as published by the Free Software Foundation; either version
+dnl 2, or (at your option) any later version.
+dnl
+AC_CHECK_HEADER(sys/acct.h,
+                AC_DEFINE(HAVE_SYS_ACCT_H, ,
+                          [Define if you have the <sys/acct.h> header file.])
+                AC_HEADER_EGREP(ac_utime, sys/acct.h,
+                                AC_DEFINE(HAVE_ACUTIME, ,
+                                          [Define if <sys/acct.h> has the AC_UTIME field.])
+                                AC_HEADER_EGREP(comp_t.*ac_utime, sys/acct.h,
+                                                AC_DEFINE(ACUTIME_COMPT, ,
+                                                          [Define if <sys/acct.h>'s AC_UTIME field is a COMP_T.]))
+                )
+                AC_HEADER_EGREP(ac_stime, sys/acct.h,
+                                AC_DEFINE(HAVE_ACSTIME, ,
+                                          [Define if <sys/acct.h> has the AC_STIME field.])
+                                AC_HEADER_EGREP(comp_t.*ac_stime, sys/acct.h,
+                                                AC_DEFINE(ACSTIME_COMPT, ,
+                                                          [Define if <sys/acct.h>'s AC_STIME field is a COMP_T.]))
+                )
+                AC_HEADER_EGREP(ac_etime, sys/acct.h,
+                                AC_DEFINE(HAVE_ACETIME, ,
+                                          [Define if <sys/acct.h> has the AC_ETIME field.])
+                                AC_HEADER_EGREP(comp_t.*ac_etime, sys/acct.h,
+                                                AC_DEFINE(ACETIME_COMPT, ,
+                                                          [Define if <sys/acct.h>'s AC_ETIME field is a COMP_T.]))
+                )
+                AC_HEADER_EGREP(ac_io,    sys/acct.h,
+                                AC_DEFINE(HAVE_ACIO, ,
+                                          [Define if <sys/acct.h> has the AC_IO field.])
+                                AC_HEADER_EGREP(comp_t.*ac_io,    sys/acct.h,
+                                                AC_DEFINE(ACIO_COMPT, ,
+                                                          [Define if <sys/acct.h>'s AC_IO field is a COMP_T.]))
+                )
+                AC_HEADER_EGREP(ac_mem,   sys/acct.h,
+                                AC_DEFINE(HAVE_ACMEM, ,
+                                          [Define if <sys/acct.h> has the AC_MEM field.])
+                                AC_HEADER_EGREP(comp_t.*ac_mem,   sys/acct.h,
+                                                AC_DEFINE(ACMEM_COMPT, ,
+                                                          [Define if <sys/acct.h>'s AC_MEM field is a COMP_T.]))
+                )
+                AC_HEADER_EGREP(ac_minflt,   sys/acct.h,
+                                AC_HEADER_EGREP(ac_majflt,   sys/acct.h,
+                                                AC_HEADER_EGREP(ac_swaps,   sys/acct.h,
+                                                                AC_DEFINE(HAVE_PAGING, ,
+                                                                          [Define if <sys/acct.h> has the AC_MINFLT, AC_MAJFLT and AC_SWAPS fields.])
+                                                                AC_HEADER_EGREP(comp_t.*ac_minflt, sys/acct.h,
+                                                                                AC_DEFINE(ACMINFLT_COMPT, ,
+                                                                                          [Define if <sys/acct.h>'s AC_MINFLT field is a COMP_T.]))
+                                                                AC_HEADER_EGREP(comp_t.*ac_mayflt, sys/acct.h,
+                                                                                AC_DEFINE(ACMAJFLT_COMPT, ,
+                                                                                          [Define if <sys/acct.h>'s AC_MAJFLT field is a COMP_T.]))
+                                                                AC_HEADER_EGREP(comp_t.*ac_swaps, sys/acct.h,
+                                                                                AC_DEFINE(ACSWAPS_COMPT, ,
+                                                                                          [Define if <sys/acct.h>'s AC_SWAPS field is a COMP_T.]))
+                                                )
+                                )
+                )
+                AC_HEADER_EGREP(comp_t,   sys/acct.h, AC_DEFINE(HAVE_COMP_T, ,
+                                                                [Define if <sys/acct.h> uses the COMP_T type.]))
+ )
+
 
 dnl need to check because AIX 4.2 does not have it
@@ -589 +660 @@
 then
         AC_MSG_RESULT([no])
-        AC_MSG_ERROR([No ps in /usr/ucb /bin /usr/bin])
+        AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin])
 fi
 AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps])
@@ -687 +758 @@
            elif test "x${enable_message_queue}" != xno; then
                echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                   AC_MSG_ERROR([--enable-message-queue: MODE must be numeric])
+                   AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be numeric])
                echo "${enableval}" | \
                    grep ['0[0123456789][0123456789][0123456789]'] >/dev/null 2>&1 ||
-                   AC_MSG_ERROR([--enable-message-queue: MODE must be an octal (0nnn) number])
+                   AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be an octal (0nnn) number])
                AC_DEFINE(WITH_MESSAGE_QUEUE)
                AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, ${enable_message_queue})
@@ -762 +833 @@
      AC_CHECK_HEADER(tcpd.h,
                      [],
-                     [ AC_MSG_ERROR([Could not find tcpd.h for libwrap. You must first install tcp_wrappers]) ])
+                     [ AC_MSG_ERROR([Could not find tcpd.h for libwrap. You need to install tcp_wrappers.]) ])
      AC_TRY_LINK([ #include <tcpd.h>
                    int allow_severity; int deny_severity; ],
@@ -810 +881 @@
 dnl                             [sh_use_lcaps="no"])
         else
-                AC_MSG_ERROR([--enable-network=WHAT: WHAT must be client, server, or no])
+                AC_MSG_ERROR([With --enable-network=WHAT, WHAT must be client, server, or no])
         fi
         ],
@@ -963 +1034 @@
                case "$sh_libprelude_version" in
                0.8*)
-                AC_MSG_ERROR([Libprelude 0.8 is too old, 0.9.6 or higher is required.])
+                AC_MSG_ERROR([You have Libprelude 0.8, which is too old. Version 0.9.6 or higher is required.])
                ;;
                *)
@@ -995 +1066 @@
         [
         if test x"$enable_xml_log" != xyes; then
-                AC_MSG_ERROR([--with-database:  --enable-xml-log required])
+                AC_MSG_ERROR([With --with-database,  --enable-xml-log is required as well.])
         fi
         if test "x${withval}" = "xmysql"; then
@@ -1101 +1172 @@
                 fi
                 echo
-                AC_MSG_ERROR([libmysql not found or unuseable]) 
+                AC_MSG_ERROR([Could not find libmysql, or it is not useable.]) 
           fi
           AC_CHECK_HEADERS(mysql/mysql.h)
@@ -1284 +1355 @@
 
         else
-          AC_MSG_ERROR([--with-database:  unsupported database ${withval}])
+          AC_MSG_ERROR([Option --with-database=database used with unsupported database ${withval}])
         fi
         ]
@@ -1353 +1424 @@
         ]
 )
+
+AC_ARG_ENABLE(logfile-monitor,
+        [  --enable-logfile-monitor             monitor logfiles [[no]]],
+        [
+        if test "x${enable_logfile_monitor}" = xyes; then
+           AC_CHECK_HEADER(pcre.h,
+                           [ 
+                           AC_DEFINE(USE_LOGFILE_MONITOR, 1, [Define if you want the logfile monitor module.])
+                           LIBS="-lpcre $LIBS"
+                           ],
+                           AC_MSG_ERROR([The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed.])
+           )
+        fi
+        ]
+)
+
 
 AC_ARG_ENABLE(process-check,
@@ -1507 +1594 @@
     * )
       AC_MSG_RESULT([invalid argument])
-      AC_MSG_ERROR([--with-rnd: there is no random module ${use_static_rnd}])
+      AC_MSG_ERROR([Option --with-rnd=module used with unsupported module ${use_static_rnd}])
       ;;
 esac
@@ -1605 +1692 @@
         [
         echo "${withval}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                AC_MSG_ERROR([--with-port: PORT must be numeric])
+                AC_MSG_ERROR([For --with-port=PORT, PORT must be numeric.])
         myport=${withval}
         ],
@@ -1657 +1744 @@
         fi
         if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then
-          AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words])
+          AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.])
         fi
         if test "x${enableval}" = "xreload" || test "x${enableval}" = "xrestart"; then
-          AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words])
+          AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.])
         fi
         if test "x${enableval}" = "xstatus"; then
-          AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words])
+          AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.])
         fi
         if test "x${enableval}" = "xno"; then
-          AC_MSG_ERROR([--enable-nocl: use of --enable-nocl=no is ambiguous])
+          AC_MSG_ERROR([With --enable-nocl=PW, the use of --enable-nocl=no is ambiguous.])
         fi
         nocl_code="${enable_nocl}"
@@ -1678 +1765 @@
         if test "x${enableval}" != "xyes"; then
                 echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                        AC_MSG_ERROR([--enable-stealth: XOR_VAL must be numeric])
+                        AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be numeric.])
                 if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then
                         if test x"${enableval}" = x0
@@ -1684 +1771 @@
                                 :
                         else
-                                AC_MSG_ERROR([--enable-stealth: XOR_VAL must be in the range 127 to 255])
+                                AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.])
                         fi
                 fi
@@ -1704 +1791 @@
         if test "x${enableval}" != "xyes"; then
                 echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                        AC_MSG_ERROR([--enable-micro-stealth: XOR_VAL must be numeric])
+                        AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be numeric.])
                 if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then
                         if test x"${enableval}" = x0
@@ -1710 +1797 @@
                                 :
                         else
-                                AC_MSG_ERROR([--enable-micro-stealth: XOR_VAL must be in the range 127 to 255])
+                                AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.])
                         fi
                 fi
@@ -1750 +1837 @@
         fi
         echo "${myident}" | grep ['[^0123456789]'] >/dev/null 2>&1 || \
-                AC_MSG_ERROR([--enable-identity: need username, not UID])
+                AC_MSG_ERROR([With --enable-identity=USER, please supply a username, not a UID.])
         myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\
           grep "^${myident}:" | awk -F: '{ print $3; }'`
         if test x"${myident_uid}" = x; then
-          AC_MSG_WARN([--enable-identity: user ${myident} will be added upon install])
+          AC_MSG_WARN([Option --enable-identity used, user ${myident} will be added upon install.])
           need_user_install=1
         fi
@@ -1794 +1881 @@
            sh_syscalltable=`egrep '(D|d|R|r) sys_call_table' ${khidemap} | awk '{print $1}'`
            if test x"$sh_syscalltable" = x; then
-                AC_MSG_ERROR([--enable-khide: symbol sys_call_table not found in ${khidemap}])
+                AC_MSG_ERROR([Option --enable-khide cannot be used since the symbol sys_call_table was not found in ${khidemap}.])
            fi
            sh_syscalltable="0x${sh_syscalltable}"
            install_name_len=`echo ${install_name} | awk '{ print(length()); }'`
            if test "${install_name_len}" -gt 15 ; then
-                AC_MSG_ERROR([--enable-khide: install_name exceeds 15 char length limit])
+                AC_MSG_ERROR([If --enable-khide is used, install_name must not exceed a length of 15 chars.])
            fi
            AC_DEFINE(SH_USE_LKM)
@@ -1833 +1920 @@
                 sh_list_modules=`egrep 'd modules$' ${khidemap} | awk '{print $1}'` 
                 if test x"$sh_list_modules" = x; then
-                        AC_MSG_ERROR([--enable-khide: symbol modules not found in ${khidemap}])
+                        AC_MSG_ERROR([Option --enable-khide cannot be used, since the symbol modules was not found in ${khidemap}.])
                 fi
                 sh_list_modules="0x${sh_list_modules}"
@@ -1926 +2013 @@
                         :
                 else
-                        AC_MSG_ERROR([--with-kcheck: cannot find system map ${systemmap}])
+                        AC_MSG_ERROR([Option --with-kcheck=systemmap cannot be used, because system map ${systemmap} does not exist.])
                 fi
         fi
@@ -1942 +2029 @@
         AC_MSG_RESULT(${my_key_A} ${my_key_B})
         if test "x${my_key_A}" = x; then
-                AC_MSG_ERROR([--enable-base: first base key has zero length])
+                AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid first base key (zero length).])
         fi
         if test "x${my_key_B}" = x; then
-                AC_MSG_ERROR([--enable-base: second base key has zero length])
+                AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid second base key (zero length).])
         fi
         echo "${my_key_A}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                AC_MSG_ERROR([--enable-base: base key must be numeric in the range 0 to 2147483647])
+                AC_MSG_ERROR([For --enable-base=B1,B2,  B1 and B2 must be numeric in the range 0 to 2147483647.])
         echo "${my_key_B}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                AC_MSG_ERROR([--enable-base: base key must be numeric in the range 0 to 2147483647])
+                AC_MSG_ERROR([For --enable-base=B1,B2,  B1 and B2 must be numeric in the range 0 to 2147483647.])
         ],
         [
@@ -2092 +2179 @@
                 else
                         if test "x${mychk}" = "x"; then
-                                AC_MSG_ERROR([--with-checksum: gpg CHKSUM not specified])
+                                AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.])
                         fi
                 fi
@@ -2119 +2206 @@
                         echo "${withval0}" | \
                         grep ['[^0123456789abcdefABCDEF]'] >/dev/null 2>&1 &&
-                        AC_MSG_ERROR([--with-fp: invalid character(s) in FINGERPRINT=${withval0}])
+                        AC_MSG_ERROR([In option --with-fp=FINGERPRINT, there is an invalid character(s) in FINGERPRINT=${withval0}.])
                         sh_len=`echo ${withval0} | wc -c | sed 's% %%g'`
                         sh_len0=`expr ${sh_len} \- 1`
@@ -2129 +2216 @@
                                 echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h 
                         else
-                                AC_MSG_ERROR([--with-fp: length (${sh_len0}) of FINGERPRINT ${withval0} incorrect])
+                                AC_MSG_ERROR([In option --with-fp=FINGERPRINT, the length (${sh_len0}) of FINGERPRINT ${withval0} is incorrect.])
                         fi
                 else
-                        AC_MSG_ERROR([--with-fp: usage error ... FINGERPRINT=yes])
+                        AC_MSG_ERROR([For option --with-fp=FINGERPRINT, FINGERPRINT=yes is invalid, please specify a valid key fingerprint.])
                 fi
         fi
@@ -2155 +2242 @@
                 if test "x${sh_tmp}" != "x1"
                 then
-                        AC_MSG_ERROR([--with-recipient: invalid mail address ${sh_item}])
+                        AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.])
                 fi 
                 ;;
                 *)
-                AC_MSG_ERROR([--with-recipient: invalid mail address ${sh_item}])
+                AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.])
                 ;;
                 esac
@@ -2192 +2279 @@
         do
                 echo "${sh_tmp1}" | grep ['[^0123456789]'] >/dev/null 2>&1 &&
-                        AC_MSG_ERROR([--with-trusted: non-numeric UID in ${withval}])
+                        AC_MSG_ERROR([Option --with-trusted=UID used with non-numeric UID in ${withval}.])
                 if test "x${sh_tmp1}" = "x0"
                 then
@@ -2388 +2475 @@
                         echo "It should be REQ_FROM_SERVER/some/local/path"
                 fi
-                AC_MSG_ERROR([--with-data-file: invalid path ${withval}])
+                AC_MSG_ERROR([Option --with-data-file=FILE used with invalid path ${withval}.])
         fi
         ],

trunk/depend.dep

@@ -18 +18 @@
 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
-sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 
+sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h 
 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h 
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
@@ -69 +69 @@
 dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 
 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h 
+sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 
+sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h 
+sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_modules.h 

trunk/depend.sum

@@ -1 @@
-2749055739
+3470897936

trunk/docs/Changelog

@@ -1 @@
-2.4.7:
+2.5.0:
+        * fixed constness in trustfile interface
         * remove libprelude 0.8 support (obsolete)
         * sh_forward.c: increase TIME_OUT_DEF to 900 secs

trunk/include/sh_cat.h

@@ -157 +157 @@
 #ifdef SH_USE_USERFILES
  MSG_USERFILES_SUMMARY,
+#endif
+
+#ifdef USE_LOGFILE_MONITOR
+ MSG_LOGMON_CHKS,
+ MSG_LOGMON_CHKE,
+ MSG_LOGMON_MISS,
+ MSG_LOGMON_EOPEN,
+ MSG_LOGMON_EREAD,
+ MSG_LOGMON_REP,
+ MSG_LOGMON_SUM,
 #endif
 

trunk/include/sh_string.h

@@ -19 +19 @@
 /* concat string to sh_string
  */
-sh_string * sh_string_cat_lchar(sh_string * s, char * str, size_t len);
+sh_string * sh_string_cat_lchar(sh_string * s, const char * str, size_t len);
+
+/* add char array to end of string */
+sh_string * sh_string_add_from_char(sh_string * s, const char * str);
 
 /* set sh_string from string
  */
-sh_string * sh_string_set_from_char(sh_string * s, char * str);
+sh_string * sh_string_set_from_char(sh_string * s, const char * str);
 
 /* create new sh_string from array of given length
  */
-sh_string * sh_string_new_from_lchar(char * str, size_t len);
+sh_string * sh_string_new_from_lchar(const char * str, size_t len);
 
-#define sh_string_copy(a) ((a) ? sh_string_new_from_lchar(((a)->str), ((a)->len)) : NULL)
+#define sh_string_copy(a)  ((a) ? sh_string_new_from_lchar(((a)->str), ((a)->len)) : NULL)
+#define sh_string_add(a,b) ((a && b) ? sh_string_add_from_lchar((a), ((b)->str), ((b)->len)) : NULL)
 
 /* create new sh_string from three arrays of given length
  */
-sh_string * sh_string_new_from_lchar3(char * str1, size_t len1,
-                                      char * str2, size_t len2,
-                                      char * str3, size_t len3);
+sh_string * sh_string_new_from_lchar3(const char * str1, size_t len1,
+                                      const char * str2, size_t len2,
+                                      const char * str3, size_t len3);
 
 /* Truncate to desired length.
@@ -45 +49 @@
 sh_string * sh_string_grow(sh_string * s, size_t increase);
 
+/* Read a string from a file, with maxlen. Return 0 on EOF,
+ * -1 on error, and -2 if a line exceeds maxlen.
+ */
+size_t sh_string_read(sh_string * s, FILE * fp, size_t maxlen);
+
+/* Split array at delim in at most nfields fields. 
+ * Empty fields are returned as empty (zero-length) strings. 
+ * Leading and trailing WS are removed from token. 
+ * The number of fields is returned in 'nfields', their
+ * lengths in 'lengths'.
+ * A single delimiter will return two empty fields.
+ */
+char ** split_array(char *line, unsigned int * nfields, 
+                    char delim, size_t * lengths);
+
+/* Split array at whitespace in at most nfields fields.
+ * Multiple whitespaces are collapsed. 
+ * Empty fields are returned as empty (zero-length) strings.
+ * The number of fields is returned in nfields.
+ * An empty string will return zero fields.
+ * If nfields < actual fields, last string will be remainder.
+ */
+char ** split_array_ws(char *line, unsigned int * nfields, size_t * lengths);
+
+/* Replaces fields in s with 'replacement'. Fields are given
+ * in the ordered array ovector, comprising ovecnum pairs 
+ * ovector[i], ovector[i+1] which list offset of first char
+ * of field, offset of first char after field (this is how
+ * the pcre library does it).
+ */  
+sh_string * sh_string_replace(const sh_string * s, 
+                              const int * ovector, int ovecnum, 
+                              const char * replacement, size_t rlen);
+
 #endif

trunk/include/sh_unix.h

@@ -243 +243 @@
 /* check a file 
  */
-int tf_trust_check (char * file, int mode);
+int tf_trust_check (const char * file, int mode);
 
 /* initialize group vector

trunk/include/slib.h

@@ -405 +405 @@
   /* Check whether file is trustworthy.
    */
-  int sl_trustfile(char * path, uid_t * ok, uid_t * bad);
+  int sl_trustfile(const char * path, uid_t * ok, uid_t * bad);
 
   /* Check whether file is trustworthy.
    */
-  int sl_trustfile_euid(char * filename, uid_t euid);
+  int sl_trustfile_euid(const char * filename, uid_t euid);
 
   /* purge list of trusted users

trunk/src/sh_cat.c

@@ -97 +97 @@
 #ifdef SH_USE_KERN
   /* FreeBSD */
-  { MSG_KERN_POLICY, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY KERNEL BSD syscall table: new: %#lx old: %#lx\" syscall=\"%03d %s\"") },
-  { MSG_KERN_POL_CO, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY KERNEL BSD syscall code: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\"") },
+  { MSG_KERN_POLICY, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [Kernel] BSD syscall table: new: %#lx old: %#lx\" syscall=\"%03d %s\"") },
+  { MSG_KERN_POL_CO, SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [Kernel] BSD syscall code: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\"") },
 
   /* Linux */
@@ -143 +143 @@
   { MSG_MNT_CHECK,   SH_ERR_INFO,    RUN,   N_("msg=\"Checking mounts\"")},
   { MSG_MNT_MEMLIST, SH_ERR_ERR,     RUN,   N_("msg=\"Cannot read mount list from memory\"")},
-  { MSG_MNT_MNTMISS, SH_ERR_WARN,    EVENT, N_("msg=\"Mount missing\" path=\"%s\"")},
-  { MSG_MNT_OPTMISS, SH_ERR_WARN,    EVENT, N_("msg=\"Mount option missing\" path=\"%s\" option=\"%s\"")},
+  { MSG_MNT_MNTMISS, SH_ERR_WARN,    EVENT, N_("msg=\"POLICY [Mounts] Mount missing\" path=\"%s\"")},
+  { MSG_MNT_OPTMISS, SH_ERR_WARN,    EVENT, N_("msg=\"POLICY [Mounts] Mount option missing\" path=\"%s\" option=\"%s\"")},
 #endif
 
 #ifdef SH_USE_USERFILES
   { MSG_USERFILES_SUMMARY,SH_ERR_INFO,    RUN,   N_("msg=\"Checked for users files\"") },
+#endif
+
+#ifdef USE_LOGFILE_MONITOR
+  { MSG_LOGMON_CHKS, SH_ERR_INFO,    RUN,   N_("msg=\"Checking logfile %s\"") },
+  { MSG_LOGMON_CHKE, SH_ERR_INFO,    RUN,   N_("msg=\"Finished logfile %s, %lu new records processed\"") },
+  { MSG_LOGMON_MISS, SH_ERR_ERR,     RUN,   N_("msg=\"Missing logfile %s\"") },
+  { MSG_LOGMON_EOPEN,SH_ERR_ERR,     RUN,   N_("msg=\"Cannot open logfile %s\"") },
+  { MSG_LOGMON_EREAD,SH_ERR_ERR,     RUN,   N_("msg=\"Error while reading logfile %s\"") },
+  { MSG_LOGMON_REP,  SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [Logfile] %s\" time=\"%s\" host=\"%s\" path=\"%s\"") },
+  { MSG_LOGMON_SUM,  SH_ERR_SEVERE,  EVENT, N_("msg=\"POLICY [Logfile] %s\" host=\"%s\" path=\"%s\"") },
 #endif
 
@@ -413 +423 @@
 
 #ifdef SH_USE_KERN
-  { MSG_KERN_POLICY, SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY KERNEL BSD syscall table: new: %#lx old: %#lx>, syscall=<%03d %s>") },
-  { MSG_KERN_POL_CO, SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY KERNEL BSD syscall code: new: %#x,%#x old: %#x,%#x>, syscall=<%03d %s>") },
+  { MSG_KERN_POLICY, SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY [Kernel] BSD syscall table: new: %#lx old: %#lx>, syscall=<%03d %s>") },
+  { MSG_KERN_POL_CO, SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY [Kernel] BSD syscall code: new: %#x,%#x old: %#x,%#x>, syscall=<%03d %s>") },
 
   { MSG_KERN_SYSCALL,SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY [Kernel] SYSCALL modified> syscall=<%03d %s>, %s") },
@@ -461 +471 @@
   { MSG_MNT_CHECK,   SH_ERR_INFO,    RUN,   N_("msg=<Checking mounts>")},
   { MSG_MNT_MEMLIST, SH_ERR_ERR,     RUN,   N_("msg=<Cannot read mount list from memory>")},
-  { MSG_MNT_MNTMISS, SH_ERR_WARN,    EVENT, N_("msg=<Mount missing>, path=<%s>")},
-  { MSG_MNT_OPTMISS, SH_ERR_WARN,    EVENT, N_("msg=<Mount option missing>, path=<%s>, option=<%s>")},
+  { MSG_MNT_MNTMISS, SH_ERR_WARN,    EVENT, N_("msg=<POLICY [Mounts] Mount missing>, path=<%s>")},
+  { MSG_MNT_OPTMISS, SH_ERR_WARN,    EVENT, N_("msg=<POLICY [Mounts] Mount option missing>, path=<%s>, option=<%s>")},
 #endif
 
 #ifdef SH_USE_USERFILES
   { MSG_USERFILES_SUMMARY,SH_ERR_INFO,    RUN,   N_("msg=<Checked for users files>") },
+#endif
+
+#ifdef USE_LOGFILE_MONITOR
+  { MSG_LOGMON_CHKS, SH_ERR_INFO,    RUN,   N_("msg=<Checking logfile %s>") },
+  { MSG_LOGMON_CHKE, SH_ERR_INFO,    RUN,   N_("msg=<Finished logfile %s, %lu new records processed>") },
+  { MSG_LOGMON_MISS, SH_ERR_ERR,     RUN,   N_("msg=<Missing logfile %s>") },
+  { MSG_LOGMON_EOPEN,SH_ERR_ERR,     RUN,   N_("msg=<Cannot open logfile %s>") },
+  { MSG_LOGMON_EREAD,SH_ERR_ERR,     RUN,   N_("msg=<Error while reading logfile %s>") },
+  { MSG_LOGMON_REP,  SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY [Logfile] %s> time=<%s> host=<%s> path=<%s>") },
+  { MSG_LOGMON_SUM,  SH_ERR_SEVERE,  EVENT, N_("msg=<POLICY [Logfile] %s> host=<%s> path=<%s>") },
 #endif
 

trunk/src/sh_getopt.c

@@ -535 +535 @@
   if (num > 0) fputc (',', stdout);
   fputs (_(" ports"), stdout); ++num;
+#endif
+#ifdef USE_LOGFILE_MONITOR
+  if (num > 0) fputc (',', stdout);
+  fputs (_(" logfile monitor"), stdout); ++num;
 #endif
   if (num == 0)

trunk/src/sh_modules.c

@@ -16 +16 @@
 #include "sh_processcheck.h"
 #include "sh_portcheck.h"
+#include "sh_logmon.h"
 
 sh_mtype modList[] = {
@@ -130 +131 @@
 #endif
 
+#ifdef USE_LOGFILE_MONITOR
+  {
+    N_("LOGMON"),
+    -1,
+    sh_log_check_init,
+    sh_log_check_timer,
+    sh_log_check_check,
+    sh_log_check_cleanup,
+    sh_log_check_reconf,
+
+    N_("[LogMon]"),
+    sh_log_check_table,
+    PTHREAD_MUTEX_INITIALIZER,
+  },
+#endif
+
   {
     NULL,

trunk/src/sh_processcheck.c

@@ -1311 +1311 @@
       clean_list (&list_fake);
     }
+
   SH_MUTEX_UNLOCK(mutex_proc_check);
 

trunk/src/sh_string.c

@@ -108 +108 @@
 
     setnext:
-      lengths[i] = (a-s);
+      lengths[i] = (size_t) (a-s); /* a >= s always */
       arr[i] = s;
       ++i;
@@ -184 +184 @@
                 }
             }
-          lengths[i] = (a-s);
+          lengths[i] = (size_t)(a-s); /* a >= s always */
           arr[i]     = s; 
           ++i;
@@ -266 +266 @@
 }
 
-sh_string * sh_string_cat_lchar(sh_string * s, char * str, size_t len)
+sh_string * sh_string_cat_lchar(sh_string * s, const char * str, size_t len)
 {
   if (sl_ok_adds(len, s->siz) == SL_TRUE)
@@ -283 +283 @@
 }
 
-sh_string * sh_string_set_from_char(sh_string * s, char * str)
+sh_string * sh_string_set_from_char(sh_string * s, const char * str)
 {
   size_t len = strlen(str);
@@ -296 +296 @@
 }
 
-sh_string * sh_string_new_from_lchar(char * str, size_t len)
+sh_string * sh_string_add_from_char(sh_string * s, const char * str)
+{
+  size_t len   = strlen(str);
+  size_t avail = (s->siz - s->len);
+
+  if ((len+1) > avail)
+    {
+      (void) sh_string_grow(s, ((len+1) - avail) );
+    }
+  memcpy(&(s->str[s->len]), str, (len+1));
+  s->len += len;
+  return s;
+}
+
+sh_string * sh_string_new_from_lchar(const char * str, size_t len)
 {
   sh_string * s;
@@ -308 +322 @@
 }
 
-sh_string * sh_string_new_from_lchar3(char * str1, size_t len1,
-                                      char * str2, size_t len2,
-                                      char * str3, size_t len3)
+sh_string * sh_string_new_from_lchar3(const char * str1, size_t len1,
+                                      const char * str2, size_t len2,
+                                      const char * str3, size_t len3)
 {
   sh_string * s;

trunk/src/sh_unix.c

@@ -1064 +1064 @@
 
 #if defined(HOST_IS_CYGWIN) || defined(__cygwin__) || defined(__CYGWIN32__) || defined(__CYGWIN__)
-int tf_trust_check (char * file, int mode)
+int tf_trust_check (const char * file, int mode)
 {
   (void) file;
@@ -1071 +1071 @@
 }
 #else
-int tf_trust_check (char * file, int mode)
+int tf_trust_check (const char * file, int mode)
 {
   char * tmp;

trunk/src/slib.c

@@ -2652 +2652 @@
 static struct sl_trustfile_store * sl_trusted_files = NULL;
 
-void sl_add_trusted_file(char * filename, uid_t teuid)
+static void sl_add_trusted_file(const char * filename, uid_t teuid)
 {
   struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store));
@@ -2664 +2664 @@
 }
 
-char * sl_check_trusted_file(char * filename, uid_t teuid)
+static const char * sl_check_trusted_file(const char * filename, uid_t teuid)
 {
   struct sl_trustfile_store *new = sl_trusted_files;
@@ -2678 +2678 @@
 }
 
-void sl_clear_trusted_file(struct sl_trustfile_store * file)
+static void sl_clear_trusted_file(struct sl_trustfile_store * file)
 {
   if (file)
@@ -2690 +2690 @@
 }
 
-int sl_trustfile_euid(char * filename, uid_t teuid)
+int sl_trustfile_euid(const char * filename, uid_t teuid)
 {
   long          status;

trunk/src/trustfile.c

@@ -319 +319 @@
 
 /* not static to circumvent stupid gcc 4 bug */ 
-int getfname(char *fname, char *rbuf, int rsz)
+int getfname(const char *fname, char *rbuf, int rsz)
 {
 #ifndef TRUST_MAIN
@@ -678 +678 @@
 }
 
-int sl_trustfile(char *fname, uid_t *okusers, uid_t *badusers)
+int sl_trustfile(const char *fname, uid_t *okusers, uid_t *badusers)
 {
   char fexp[MAXFILENAME];       /* file name fully expanded        */

trunk/test/testcompile.sh

@@ -304 +304 @@
         [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; }
         #
-        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-static --enable-suidcheck --enable-process-check > /dev/null 2>> test_log
+        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-static --enable-suidcheck --enable-process-check --enable-logfile-monitor > /dev/null 2>> test_log
         #
         let "num = num + 1" >/dev/null
@@ -390 +390 @@
         # test standalone compilation with --with-nocl=PW
         #
-        TEST="${S}standalone w/nocl${E}"
-        #
-        if test -r "Makefile"; then
-                $MAKE clean
-        fi
-        #
-        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --enable-nocl="owl" --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log   
+        TEST="${S}standalone w/nocl w/logmon${E}"
+        #
+        if test -r "Makefile"; then
+                $MAKE clean
+        fi
+        #
+        ${TOP_SRCDIR}/configure --quiet  --prefix=$PW_DIR --enable-nocl="owl" --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  --enable-logfile-monitor > /dev/null 2>> test_log   
         #
         let "num = num + 1" >/dev/null
@@ -468 +468 @@
 
         #
-        # test standalone compilation w/logwatch
+        # test standalone compilation w/loginwatch
         #
         TEST="${S}standalone w/login-watch${E}"
@@ -637 +637 @@
         [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; }
         #
-        ${TOP_SRCDIR}/configure --quiet --enable-network=client  --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test   --with-timeserver=127.0.0.1 > /dev/null 2>> test_log   
+        ${TOP_SRCDIR}/configure --quiet --enable-network=client  --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test   --with-timeserver=127.0.0.1   --enable-logfile-monitor > /dev/null 2>> test_log   
         #
         let "num = num + 1" >/dev/null
@@ -693 +693 @@
             fi
             #
-            ${TOP_SRCDIR}/configure --quiet --enable-network=client  --enable-srp --with-gpg=$GPG  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log   
+            ${TOP_SRCDIR}/configure --quiet --enable-network=client  --enable-srp --with-gpg=$GPG  --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test   --enable-logfile-monitor > /dev/null 2>> test_log   
             #
             let "num = num + 1" >/dev/null
@@ -757 +757 @@
         fi
         #
-        ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log   
+        ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test   --enable-logfile-monitor > /dev/null 2>> test_log   
         #
         let "num = num + 1" >/dev/null