1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
13 #define MAX_DIR_SIZE 64
14 #define MAX_DIR_ENTRY 128
15 #define SYSCHECK_WAIT 300
17 /* Checking options */
18 #define CHECK_MD5SUM 0000001
19 #define CHECK_PERM 0000002
20 #define CHECK_SIZE 0000004
21 #define CHECK_OWNER 0000010
22 #define CHECK_GROUP 0000020
23 #define CHECK_SHA1SUM 0000040
24 #define CHECK_REALTIME 0000100
25 #define CHECK_SEECHANGES 0000200
26 #define CHECK_SHA256SUM 0000400
27 #define CHECK_GENERIC 0001000
28 #define CHECK_NORECURSE 0002000
33 #include "os_regex/os_regex.h"
35 typedef struct _rtfim {
43 typedef struct _config {
44 unsigned int tsleep; /* sleep for sometime for daemon to settle */
46 int rootcheck; /* set to 0 when rootcheck is disabled */
47 int disabled; /* is syscheck disabled? */
52 int time; /* frequency (secs) for syscheck to run */
53 int queue; /* file descriptor of socket to write to queue */
55 int *opts; /* attributes set in the <directories> tag element */
60 char *scan_day; /* run syscheck on this day */
61 char *scan_time; /* run syscheck at this time */
63 char **ignore; /* list of files/dirs to ignore */
64 OSMatch **ignore_regex; /* regex of files/dirs to ignore */
66 char **nodiff; /* list of files/dirs to never output diff */
67 OSMatch **nodiff_regex; /* regex of files/dirs to never output diff */
69 char **dir; /* array of directories to be scanned */
70 OSMatch **filerestrict;
72 /* Windows only registry checking */
74 char **registry_ignore; /* list of registry entries to ignore */
75 void **registry_ignore_regex; /* regex of registry entries to ignore */
76 char **registry; /* array of registry entries to be scanned */
88 int dump_syscheck_entry(syscheck_config *syscheck, const char *entry, int vals, int reg, const char *restrictfile) __attribute__((nonnull(1, 2)));
90 char *syscheck_opts2str(char *buf, int buflen, int opts);
92 #endif /* __SYSCHECKC_H */