[apparmor] [PATCH] prefer syslog over messages

[Kees Cook]

As /var/log/messages has been phased out, start preferring syslog
instead.

(I needed this on upgraded Ubuntu machines that went from messages to
syslog recently. It's not clear to me if this is needed in the general
case, though, so I thought I'd bring it up here.)

=== modified file 'utils/Immunix/AppArmor.pm'
--- utils/Immunix/AppArmor.pm	2011-08-17 23:26:41 +0000
+++ utils/Immunix/AppArmor.pm	2011-08-18 21:33:06 +0000
@@ -6755,7 +6755,7 @@
 $parser = find_first_file($cfg->{settings}{parser}) || "/sbin/apparmor_parser";
 unless (-x $parser) { fatal_error "Can't find apparmor_parser."; }
 
-$filename = find_first_file($cfg->{settings}{logfiles}) || "/var/log/messages";
+$filename = find_first_file($cfg->{settings}{logfiles}) || "/var/log/syslog";
 unless (-f $filename) { fatal_error "Can't find system log."; }
 
 $ldd = find_first_file($cfg->{settings}{ldd}) || "/usr/bin/ldd";

=== modified file 'utils/logprof.conf'
--- utils/logprof.conf	2010-12-20 20:29:10 +0000
+++ utils/logprof.conf	2011-08-18 21:33:46 +0000
@@ -11,7 +11,7 @@
 [settings]
   profiledir = /etc/apparmor.d /etc/subdomain.d
   inactive_profiledir = /usr/share/doc/apparmor-profiles/extras 
-  logfiles = /var/log/audit/audit.log /var/log/messages /var/log/syslog
+  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
 
   parser = /sbin/apparmor_parser /sbin/subdomain_parser
   ldd = /usr/bin/ldd


-- 
Kees Cook
Ubuntu Security Team