# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1250380288 -10800
# Node ID 471731c79bb3832fb369b15a0045ef7b17fc1c7d
# Parent  2ab119eaca36e1194c1bfbc75653c0801ff1ec5d
Add configuration setting for PASSWD file.

diff -r 2ab119eaca36 -r 471731c79bb3 example.conf
--- a/example.conf	Sun Aug 16 02:45:42 2009 +0300
+++ b/example.conf	Sun Aug 16 02:51:28 2009 +0300
@@ -20,6 +20,16 @@
 # Full path to iptables binary
 IPTABLES = "/sbin/iptables"
 
+# System passwd file location (default is /etc/passwd), this file
+# is checked to figure out system account names. See also SYSACCT_
+# settings below.
+#PASSWD = "/etc/passwd"
+
+## Set range of system account UIDs here, default is 1-100.
+## Root account is handled by CHK_ROOT_SSH_PWD check.
+#SYSACCT_MIN_UID     = 1
+#SYSACCT_MAX_UID     = 100
+
 
 #############################################################################
 ### Actions, etc. settings
@@ -93,10 +103,6 @@
 ## for system accounts .. which would be stupid anyway.
 CHK_SYSACCT_SSH_PWD = 0
 
-## Set range of system account UIDs here, default is 1-100.
-## Root account is handled by CHK_ROOT_SSH_PWD check.
-#SYSACCT_MIN_UID     = 1
-#SYSACCT_MAX_UID     = 100
 
 
 # (2) Common/known vulnerable CGI/PHP software scans (like phpMyAdmin)
diff -r 2ab119eaca36 -r 471731c79bb3 maltfilter
--- a/maltfilter	Sun Aug 16 02:45:42 2009 +0300
+++ b/maltfilter	Sun Aug 16 02:51:28 2009 +0300
@@ -47,6 +47,8 @@
   "SYSACCT_MAX_UID"     => 100,
 
   "FULL_TIME"           => 1,
+
+  "PASSWD"              => "/etc/passwd",
 );
 
 # Default logfiles to monitor (SCANFILES setting of configuration overrides these)
@@ -842,7 +844,6 @@
 sub malt_configure
 {
   # Let user define his/her own logfiles to scan
-  mlog(0, "(Re)reading configuration files.\n");
   @scanfiles_def = ();
   undef(@scanfiles_def);
   foreach my $filename (@configfiles) {
@@ -852,10 +853,8 @@
 
   mdie("SYSACCT_MIN_UID must be >= 1.\n") unless ($settings{"SYSACCT_MIN_UID"} >= 1);
   mdie("SYSACCT_MAX_UID must be >= SYSACCT_MIN_UID.\n") unless ($settings{"SYSACCT_MAX_UID"} >= $settings{"SYSACCT_MIN_UID"});
-  my $passfile = "/etc/passwd";
 
-  mlog(0, "Reading $passfile for system accounts.\n");
-  open(PASSWD, "<", $passfile) or mdie("Could not open '".$passfile."' for reading!\n");
+  open(PASSWD, "<", $settings{"PASSWD"}) or mdie("Could not open '".$settings{"PASSWD"}."' for reading!\n");
   while (<PASSWD>) {
     my @fields = split(/\s*:\s*/);
     if ($fields[2] >= $settings{"SYSACCT_MIN_UID"} && $fields[2] <= $settings{"SYSACCT_MAX_UID"}) {