Fwmon Firewall Monitor (v1.1.0) - Setting up your chroot jail
-------------------------------------------------------------------------


STEP 1. Directory structure

First decide on a directory location where you will create your chroot jail,
for this example we are using /var/fwmon. We also need a place for the
files fwmon depends on.


	mkdir -p /var/fwmon/
	mkdir -p /var/fwmon/etc



STEP 2. Copy in the needed files

Fwmon needs 2 files. /etc/protocols to resolve protocol numbers to names eg:
TCP, UDP etc.. Also /etc/localtime, this makes sure fwmon reports the time
according to your systems timezone.

	cp /etc/protocols /var/fwmon/etc/
	cp /etc/localtime /var/fwmom/etc/



STEP 4. Deciding on a UID and GID

You can use any UID or GID with fwmon. UIDS and GIDS less than 500 are
usually reserved for system services, so it is recommended you find an
unused one. As an example, we choose 250.

	groupadd -g 250 fwmon
	useradd -G 250 -u 250 fwmon
	
Now, you will need to make sure this new UID can actually access the chroot
jail and all the files in it.

	chown -R fwmon.fwmon /var/fwmon/etc/



STEP 3. Running fwmon

You are now ready to run fwom. ([...] is where you put your usual options).
Be aware that when you specify logfiles you must specify them relative to the
chroot. eg: '-l /logfile.txt' actually logs to /var/fwmon/logfile.txt.

	/usr/sbin/fwmon -d -c /var/fwmon -u 250 -g 250 [...]



STEP 4. HUPPing fwmon

If you have a log rotation system setup. You may want to HUP fwmon after you
rotate logs so that it will close the old logs and open the new ones.This
will work fine.



KNOWN PROBLEMS

- Syslog doesn't seem to work from within the chroot
- Chroot jails can be broken out of, especially if you don't drop root privs