1 /* @(#) $Id: ./src/os_dbd/rules.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
18 #include "config/config.h"
23 /** int __Groups_SelectGroup(char *group, DBConfig *db_config)
24 * Select group (categories) from to the db.
25 * Returns 0 if not found.
27 int __Groups_SelectGroup(char *group, DBConfig *db_config)
30 char sql_query[OS_SIZE_1024];
32 memset(sql_query, '\0', OS_SIZE_1024);
36 snprintf(sql_query, OS_SIZE_1024 -1,
38 "category WHERE cat_name = '%s'",
42 /* Checking return code. */
43 result = osdb_query_select(db_config->conn, sql_query);
49 /** int __Groups_InsertGroup(char *group, DBConfig *db_config)
50 * Insert group (categories) in to the db.
52 int __Groups_InsertGroup(char *group, DBConfig *db_config)
54 char sql_query[OS_SIZE_1024];
56 memset(sql_query, '\0', OS_SIZE_1024);
59 snprintf(sql_query, OS_SIZE_1024 -1,
66 /* Checking return code. */
67 if(!osdb_query_insert(db_config->conn, sql_query))
69 merror(DB_GENERROR, ARGV0);
76 /** int __Groups_SelectGroupMapping()
77 * Select group (categories) from to the db.
78 * Returns 0 if not found.
80 int __Groups_SelectGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
83 char sql_query[OS_SIZE_1024];
85 memset(sql_query, '\0', OS_SIZE_1024);
89 snprintf(sql_query, OS_SIZE_1024 -1,
90 "SELECT id FROM signature_category_mapping "
91 "WHERE cat_id = '%u' AND rule_id = '%u'",
95 /* Checking return code. */
96 result = osdb_query_select(db_config->conn, sql_query);
102 /** int __Groups_InsertGroup(int cat_id, int rule_id, DBConfig *db_config)
103 * Insert group (categories) in to the db.
105 int __Groups_InsertGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
107 char sql_query[OS_SIZE_1024];
109 memset(sql_query, '\0', OS_SIZE_1024);
112 snprintf(sql_query, OS_SIZE_1024 -1,
114 "signature_category_mapping(cat_id, rule_id) "
115 "VALUES ('%u', '%u')",
119 /* Checking return code. */
120 if(!osdb_query_insert(db_config->conn, sql_query))
122 merror(DB_GENERROR, ARGV0);
130 /** void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
131 * Insert groups (categories) in to the db.
133 void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
135 /* We must insert each group separately. */
141 debug1("%s: DEBUG: entering _Groups_ReadInsertDB", ARGV0);
144 /* If group is null, just return */
145 if(rule->group == NULL)
150 tmp_str = strchr(rule->group, ',');
151 tmp_group = rule->group;
154 /* Groups are separated by comma */
163 /* Removing white spaces */
164 while(*tmp_group == ' ')
168 /* Checking for empty group */
169 if(*tmp_group == '\0')
174 tmp_str = strchr(tmp_group, ',');
179 cat_id = __Groups_SelectGroup(tmp_group, db_config);
182 /* We firt check if we have this group in the db already.
187 __Groups_InsertGroup(tmp_group, db_config);
188 cat_id = __Groups_SelectGroup(tmp_group, db_config);
192 /* If our cat_id is valid (not zero), we need to insert
193 * the mapping between the category and the rule. */
196 /* But, we first check if the mapping is already not there. */
197 if(!__Groups_SelectGroupMapping(cat_id, rule->sigid, db_config))
199 /* If not, we add it */
200 __Groups_InsertGroupMapping(cat_id, rule->sigid, db_config);
205 /* Getting next category */
209 tmp_str = strchr(tmp_group, ',');
218 /** void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
219 * Insert rules in to the db.
221 void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
223 DBConfig *dbc = (DBConfig *)db_config;
224 char sql_query[OS_SIZE_1024];
225 memset(sql_query, '\0', OS_SIZE_1024);
228 /* Escaping strings */
229 osdb_escapestr(rule->group);
230 osdb_escapestr(rule->comment);
233 /* Checking level limit */
240 debug1("%s: DEBUG: entering _Rules_ReadInsertDB()", ARGV0);
243 /* Checking rule limit */
244 if(rule->sigid < 0 || rule->sigid > 9999999)
246 merror("%s: Invalid rule id: %u", ARGV0, rule->sigid);
251 /* Inserting group into the signature mapping */
252 _Groups_ReadInsertDB(rule, db_config);
256 debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid);
260 snprintf(sql_query, OS_SIZE_1024 -1,
261 "SELECT id FROM signature "
262 "where rule_id = %u",
265 if(osdb_query_select(dbc->conn, sql_query) == 0)
267 snprintf(sql_query, OS_SIZE_1024 -1,
269 "signature(rule_id, level, description) "
270 "VALUES ('%u','%u','%s')",
271 rule->sigid, rule->level, rule->comment);
275 snprintf(sql_query, OS_SIZE_1024 -1,
276 "UPDATE signature SET level='%u',description='%s' "
277 "WHERE rule_id='%u'",
278 rule->level, rule->comment,rule->sigid);
282 /* Checking return code. */
283 if(!osdb_query_insert(dbc->conn, sql_query))
285 merror(DB_GENERROR, ARGV0);
292 int OS_InsertRulesDB(DBConfig *db_config)
296 rulesfiles = db_config->includes;
297 while(rulesfiles && *rulesfiles)
299 debug1("%s: Reading rules file: '%s'", ARGV0, *rulesfiles);
301 if(OS_ReadXMLRules(*rulesfiles, _Rules_ReadInsertDB, db_config) < 0)
303 merror(RULES_ERROR, ARGV0, *rulesfiles);
311 free(db_config->includes);
312 db_config->includes = NULL;