[server] 'make install' permissions fix

Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.

ChangeLog

@@ -62,6 +62,8 @@ fwknop-2.0.2 (08//2012):
       match exists to ensure the proper environment for fwknopd operations.
       This check is controlled by the new ENABLE_IPT_COMMENT_CHECK variable,
       and was suggested by Hank Leininger.
+    - [server] 'make install' fix to ensure restrictive permissions on the
+      /etc/fwknop/ directory and /etc/fwknop/* files.
 
 fwknop-2.0.1 (07/23/2012):
     - [server] Bug fix where the same encryption key used for two stanzas in

Makefile.am

@@ -169,3 +169,6 @@ dist-hook:
 	rm -f $(distdir)/client/fwknop.8
 	rm -f $(distdir)/server/fwknopd.8
 
+install-exec-hook:
+	chmod 500 $(sysconfdir)/fwknop
+	chmod 700 $(sysconfdir)/fwknop/*

todo.org

@@ -6,6 +6,9 @@
     :CLOSED: <2012-08-12 Sun>
    Hank Leininger suggested that fwknopd do better detection for the iptables
    comment match since it is required for the expiration of SPA rules.
+*** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
+    :CLOSED: <2012-08-12 Sun>
+    Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
 ** Include files for access.conf
    Hank Leininger suggested that the main access.conf file have an option to
    include other files in which access stanzas can be specified.  This makes
@@ -17,5 +20,3 @@
 ** ipfw active/expire sets cannot be the same
    Add a check to ensure that active and expire sets are not the same value in
    fwknopd.conf, and add a corresponding test in the test suite.
-** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
-   Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.