block HTTP access to log and rra directories (BZ #609856)

cacti-httpd.conf

@@ -1,6 +1,10 @@
 #
 # Cacti: An rrd based graphing tool
 #
+
+# Change "Allow from 127.0.0.1" to open up cacti to other network devices.
+# For example, change "Allow from 127.0.0.1" to "Allow from all".
+
 Alias /cacti    /usr/share/cacti
 
 <Directory /usr/share/cacti/>
@@ -9,3 +13,15 @@ Alias /cacti    /usr/share/cacti
 	Allow from 127.0.0.1
 </Directory>
 
+
+# The sections marked "deny from all" should not be modified.
+# These are in place in order to harden cacti.
+<Directory /usr/share/cacti/log>
+    order deny,allow
+    Deny from all
+</Directory>
+<Directory /usr/share/cacti/rra>
+    order deny,allow
+    Deny from all
+</Directory>
+

cacti.README.Fedora

@@ -1,6 +1,10 @@
-In order for Cacti to function properly please properly edit /etc/cacti/db.php
-and enable the crontab script in /etc/cron.d/cacti  For more information about
-setting up the database please read:
+In order for Cacti to function properly, please edit the following:
+
+/etc/cacti/db.php
+/etc/cron.d/cacti
+/etc/http/conf.d/cacti.conf
+
+For more information about setting up the database please read:
 
 docs/INSTALL