[cacti/el4] block HTTP access to log and rra directories (BZ #609856)

[Ken Dreyer]

commit 236450cab3385d2b5dcf7bc22abb47f28c9f1b35
Author: Ken Dreyer <ktdreyer at ktdreyer.com>
Date:   Thu Oct 27 16:44:43 2011 -0600

    block HTTP access to log and rra directories (BZ #609856)

 cacti-httpd.conf    |   16 ++++++++++++++++
 cacti.README.Fedora |   10 +++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/cacti-httpd.conf b/cacti-httpd.conf
index b8b9a5c..9187aa6 100644
--- a/cacti-httpd.conf
+++ b/cacti-httpd.conf
@@ -1,6 +1,10 @@
 #
 # Cacti: An rrd based graphing tool
 #
+
+# Change "Allow from 127.0.0.1" to open up cacti to other network devices.
+# For example, change "Allow from 127.0.0.1" to "Allow from all".
+
 Alias /cacti    /usr/share/cacti
 
 <Directory /usr/share/cacti/>
@@ -9,3 +13,15 @@ Alias /cacti    /usr/share/cacti
 	Allow from 127.0.0.1
 </Directory>
 
+
+# The sections marked "deny from all" should not be modified.
+# These are in place in order to harden cacti.
+<Directory /usr/share/cacti/log>
+    order deny,allow
+    Deny from all
+</Directory>
+<Directory /usr/share/cacti/rra>
+    order deny,allow
+    Deny from all
+</Directory>
+
diff --git a/cacti.README.Fedora b/cacti.README.Fedora
index 3b5e35d..acb284b 100644
--- a/cacti.README.Fedora
+++ b/cacti.README.Fedora
@@ -1,6 +1,10 @@
-In order for Cacti to function properly please properly edit /etc/cacti/db.php
-and enable the crontab script in /etc/cron.d/cacti  For more information about
-setting up the database please read:
+In order for Cacti to function properly, please edit the following:
+
+/etc/cacti/db.php
+/etc/cron.d/cacti
+/etc/http/conf.d/cacti.conf
+
+For more information about setting up the database please read:
 
 docs/INSTALL