Official location for a .conf file?

jon · 25 May 2021 17:01

Michael, et al.,

Where is the “official” IPFire location for a conf file? I find some in:

/usr/share/<process>/<process.conf>
or
/etc/<process>/<process.conf>
or
/var/ipfire/<process>/<process.conf>

anon42188109 · 25 May 2021 17:08

I think the second option is the UNIX/Linux style.

jon · 25 May 2021 17:11

I should have been more specific. I am looking for the official IPFire location for .conf files.

ms · 28 May 2021 15:29

Well, it depends.

Configuration files should normally be in /etc or /etc/<program name>. The web user interface stores stuff in /var/ipfire and some exceptions were also made there.

What are you building?

jon · 28 May 2021 16:22

Just updating the wiki…

In the swatch wiki there is a configuration file at /var/ipfire/snort/swatchrc which didn’t seem correct. The default configuration is ${HOME}/.swatchdogrc but that didn’t seem correct for IPFire.

So I was looking for the official location.

cbrown · 28 May 2021 21:03

Hi @jon,
Since you can run multiple instances of swatch with each watching different files, I created a directory:

/etc/swatchrc

And then created a subdirctory for each thing monitored. Since I’m only using it to monitor Suricata’s fast.log currently, I created a subdirctory:

/etc/swatchrc/suricata

containing an instance of swatch.conf

/etc/swatchrc/suricata/swatch.conf

If I want to run swatch monitoring some other file, I can simply add another subdirctory and the corresponding new swatch.conf instance.

Seemed reasonable to my simple caveman brain

[Edit]: I suppose it would be just as well to create meaningful named *.conf files for each thing monitored rather than using a subdirectory for each.

jon · 28 May 2021 21:10

I am almost positive you can put all of the configuration in one file and just run one daemon. (I have not tried this yet)

cbrown · 6 June 2021 12:52

I did some web searches looking for examples of swatch watching multiple files but didn’t find any.

After playing around a bit – doing backup, reinstall, and restores – I like having my swatch.conf for Suricata’s fast.log saved in /var/ipfire/suricata. That way my swatch.conf gets restored along with other settings. When I had the swatch.conf under /etc/… , it did not get restored.

jon · 6 June 2021 17:00

FYI - What you have done is a fine and no need to change. If you are interested here is an example:

This one watches three files:

/usr/local/bin/swatch -c /server/swatch.conf  --daemon \
-t "/var/log/secure /var/log/php.log /server/log/nginx/error.log" \
&