1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
12 #include "rootcheck.h"
15 static int read_dev_file(const char *file_name);
16 static int read_dev_dir(const char *dir_name);
18 /* Global variables */
19 static int _dev_errors;
20 static int _dev_total;
23 static int read_dev_file(const char *file_name)
27 if (lstat(file_name, &statbuf) < 0) {
31 /* Process directories recursively */
32 if (S_ISDIR(statbuf.st_mode)) {
34 verbose("%s: Reading dir: %s\n", ARGV0, file_name);
36 return (read_dev_dir(file_name));
39 else if (S_ISREG(statbuf.st_mode)) {
40 char op_msg[OS_SIZE_1024 + 1];
42 snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev."
43 " Possible hidden file.", file_name);
44 notify_rk(ALERT_SYSTEM_CRIT, op_msg);
52 static int read_dev_dir(const char *dir_name)
58 /* When will these people learn that /dev is not
59 * meant to store log files or other kind of texts?
61 const char *(ignore_dev[]) = {"MAKEDEV", "README.MAKEDEV",
62 "MAKEDEV.README", ".udevdb",
63 ".udev.tdb", ".initramfs-tools",
64 "MAKEDEV.local", ".udev", ".initramfs",
65 "oprofile", "fd", "cgroup",
70 ".devfsadm_daemon.lock",
71 ".devfsadm_deamon.lock",
72 ".devfsadm_synch_door",
78 /* Full path ignore */
79 const char *(ignore_dev_full_path[]) = {"/dev/shm/sysconfig",
80 "/dev/bus/usb/.usbfs",
86 if (dir_name == NULL || strlen(dir_name) > PATH_MAX) {
87 merror("%s: Invalid directory given.", ARGV0);
92 dp = opendir(dir_name);
97 /* Iterate over all files in the directory */
98 while ((entry = readdir(dp)) != NULL) {
99 char f_name[PATH_MAX + 2];
101 /* Ignore . and .. */
102 if (strcmp(entry->d_name, ".") == 0 ||
103 strcmp(entry->d_name, "..") == 0) {
109 /* Do not look for the ignored files */
110 for (i = 0; ignore_dev[i] != NULL; i++) {
111 if (strcmp(ignore_dev[i], entry->d_name) == 0) {
115 if (ignore_dev[i] != NULL) {
119 f_name[PATH_MAX + 1] = '\0';
120 snprintf(f_name, PATH_MAX + 1, "%s/%s", dir_name, entry->d_name);
122 /* Do not look for the full ignored files */
123 for (i = 0; ignore_dev_full_path[i] != NULL; i++) {
124 if (strcmp(ignore_dev_full_path[i], f_name) == 0) {
129 /* Check against the full path */
130 if (ignore_dev_full_path[i] != NULL) {
134 /* Found a non-ignored entry in the directory, so process it */
135 read_dev_file(f_name);
142 void check_rc_dev(const char *basedir)
144 char file_path[OS_SIZE_1024 + 1];
146 _dev_total = 0, _dev_errors = 0;
147 debug1("%s: DEBUG: Starting on check_rc_dev", ARGV0);
149 snprintf(file_path, OS_SIZE_1024, "%s/dev", basedir);
151 read_dev_dir(file_path);
152 if (_dev_errors == 0) {
153 char op_msg[OS_SIZE_1024 + 1];
154 snprintf(op_msg, OS_SIZE_1024, "No problem detected on the /dev "
155 "directory. Analyzed %d files",
157 notify_rk(ALERT_OK, op_msg);
165 /* Not relevant on Windows */
166 void check_rc_dev(__attribute__((unused)) char *basedir)