-/* @(#) $Id: syscheck-config.h,v 1.20 2009/10/02 19:28:34 dcid Exp $ */
+/* @(#) $Id: ./src/config/syscheck-config.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __SYSCHECKC_H
#define __SYSCHECKC_H
#define CHECK_GROUP 0000020
#define CHECK_SHA1SUM 0000040
#define CHECK_REALTIME 0000100
+#define CHECK_SEECHANGES 0000200
#include <stdio.h>
typedef struct _config
{
- int tsleep;
+ int tsleep; /* sleep for sometime for daemon to settle */
int sleep_after;
- int rootcheck;
- int disabled;
+ int rootcheck; /* set to 0 when rootcheck is disabled */
+ int disabled; /* is syscheck disabled? */
int scan_on_start;
int realtime_count;
-
- int time;
- int queue;
-
- int *opts;
- char *workdir;
+ int time; /* frequency (secs) for syscheck to run */
+ int queue; /* file descriptor of socket to write to queue */
+
+ int *opts; /* attributes set in the <directories> tag element */
+
+ char *workdir; /* set to the DEFAULTDIR (/var/ossec) */
char *remote_db;
char *db;
- char *scan_day;
- char *scan_time;
-
- char **ignore;
- void **ignore_regex;
-
- char **dir;
+ char *scan_day; /* run syscheck on this day */
+ char *scan_time; /* run syscheck at this time */
+
+ char **ignore; /* list of files/dirs to ignore */
+ void **ignore_regex; /* regex of files/dirs to ignore */
+
+ char **dir; /* array of directories to be scanned */
+ void **filerestrict;
/* Windows only registry checking */
#ifdef WIN32
- char **registry_ignore;
- void **registry_ignore_regex;
- char **registry;
+ char **registry_ignore; /* list of registry entries to ignore */
+ void **registry_ignore_regex; /* regex of registry entries to ignore */
+ char **registry; /* array of registry entries to be scanned */
FILE *reg_fp;
#endif
-
- FILE *fp;
+
+ void *fp;
rtfim *realtime;
+ char *prefilter_cmd;
+
}config;
#endif