/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
/* Clearing db memory */
memset(sdb.buf, '\0', OS_MAXSTR +1);
memset(sdb.comment, '\0', OS_MAXSTR +1);
/* Clearing db memory */
memset(sdb.buf, '\0', OS_MAXSTR +1);
memset(sdb.comment, '\0', OS_MAXSTR +1);
memset(sdb.size, '\0', OS_FLSIZE +1);
memset(sdb.perm, '\0', OS_FLSIZE +1);
memset(sdb.owner, '\0', OS_FLSIZE +1);
memset(sdb.size, '\0', OS_FLSIZE +1);
memset(sdb.perm, '\0', OS_FLSIZE +1);
memset(sdb.owner, '\0', OS_FLSIZE +1);
sdb.syscheck_dec->name = SYSCHECK_MOD;
sdb.syscheck_dec->type = OSSEC_RL;
sdb.syscheck_dec->fts = 0;
sdb.syscheck_dec->name = SYSCHECK_MOD;
sdb.syscheck_dec->type = OSSEC_RL;
sdb.syscheck_dec->fts = 0;
sdb.id1 = getDecoderfromlist(SYSCHECK_MOD);
sdb.id2 = getDecoderfromlist(SYSCHECK_MOD2);
sdb.id3 = getDecoderfromlist(SYSCHECK_MOD3);
sdb.idn = getDecoderfromlist(SYSCHECK_NEW);
sdb.idd = getDecoderfromlist(SYSCHECK_DEL);
sdb.id1 = getDecoderfromlist(SYSCHECK_MOD);
sdb.id2 = getDecoderfromlist(SYSCHECK_MOD2);
sdb.id3 = getDecoderfromlist(SYSCHECK_MOD3);
sdb.idn = getDecoderfromlist(SYSCHECK_NEW);
sdb.idd = getDecoderfromlist(SYSCHECK_DEL);
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/.%s.cpt", SYSCHECK_DIR, agent);
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/.%s.cpt", SYSCHECK_DIR, agent);
os_strdup(agent, sdb.agent_ips[i]);
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/%s", SYSCHECK_DIR,agent);
os_strdup(agent, sdb.agent_ips[i]);
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/%s", SYSCHECK_DIR,agent);
/* r+ to read and write. Do not truncate */
sdb.agent_fps[i] = fopen(sdb.buf,"r+");
if(!sdb.agent_fps[i])
/* r+ to read and write. Do not truncate */
sdb.agent_fps[i] = fopen(sdb.buf,"r+");
if(!sdb.agent_fps[i])
/* Returning the opened pointer (the beginning of it) */
fseek(sdb.agent_fps[i],0, SEEK_SET);
*agent_id = i;
/* Returning the opened pointer (the beginning of it) */
fseek(sdb.agent_fps[i],0, SEEK_SET);
*agent_id = i;
{
merror("%s: Error handling integrity database.",ARGV0);
sdb.db_err++; /* Increment db error */
{
merror("%s: Error handling integrity database.",ARGV0);
sdb.db_err++; /* Increment db error */
/* checksum match, we can just return and keep going */
if(strcmp(saved_sum, c_sum) == 0)
/* checksum match, we can just return and keep going */
if(strcmp(saved_sum, c_sum) == 0)
/* If file was re-added, do not compare changes */
else if(saved_sum[0] == '-' && saved_sum[1] == '1')
{
/* If file was re-added, do not compare changes */
else if(saved_sum[0] == '-' && saved_sum[1] == '1')
{
/* Providing more info about the file change */
char *oldsize = NULL, *newsize = NULL;
char *olduid = NULL, *newuid = NULL;
/* Providing more info about the file change */
char *oldsize = NULL, *newsize = NULL;
char *olduid = NULL, *newuid = NULL;
snprintf(sdb.size, OS_FLSIZE,
"Size changed from '%s' to '%s'\n",
oldsize, newsize);
snprintf(sdb.size, OS_FLSIZE,
"Size changed from '%s' to '%s'\n",
oldsize, newsize);
snprintf(sdb.perm, OS_FLSIZE, "Permissions changed from "
"'%c%c%c%c%c%c%c%c%c' "
"to '%c%c%c%c%c%c%c%c%c'\n",
(oldperm & S_IRUSR)? 'r' : '-',
(oldperm & S_IWUSR)? 'w' : '-',
snprintf(sdb.perm, OS_FLSIZE, "Permissions changed from "
"'%c%c%c%c%c%c%c%c%c' "
"to '%c%c%c%c%c%c%c%c%c'\n",
(oldperm & S_IRUSR)? 'r' : '-',
(oldperm & S_IWUSR)? 'w' : '-',
(oldperm & S_ISUID)? 's' :
(oldperm & S_IXUSR)? 'x' : '-',
(oldperm & S_ISUID)? 's' :
(oldperm & S_IXUSR)? 'x' : '-',
(oldperm & S_IRGRP)? 'r' : '-',
(oldperm & S_IWGRP)? 'w' : '-',
(oldperm & S_ISGID)? 's' :
(oldperm & S_IXGRP)? 'x' : '-',
(oldperm & S_IRGRP)? 'r' : '-',
(oldperm & S_IWGRP)? 'w' : '-',
(oldperm & S_ISGID)? 's' :
(oldperm & S_IXGRP)? 'x' : '-',
(oldperm & S_IROTH)? 'r' : '-',
(oldperm & S_IWOTH)? 'w' : '-',
(oldperm & S_IROTH)? 'r' : '-',
(oldperm & S_IWOTH)? 'w' : '-',
(newperm & S_ISUID)? 's' :
(newperm & S_IXUSR)? 'x' : '-',
(newperm & S_ISUID)? 's' :
(newperm & S_IXUSR)? 'x' : '-',
(newperm & S_IRGRP)? 'r' : '-',
(newperm & S_IWGRP)? 'w' : '-',
(newperm & S_IRGRP)? 'r' : '-',
(newperm & S_IWGRP)? 'w' : '-',
(newperm & S_ISGID)? 's' :
(newperm & S_IXGRP)? 'x' : '-',
(newperm & S_ISGID)? 's' :
(newperm & S_IXGRP)? 'x' : '-',
snprintf(sdb.owner, OS_FLSIZE, "Ownership was '%s', "
"now it is '%s'\n",
olduid, newuid);
snprintf(sdb.owner, OS_FLSIZE, "Ownership was '%s', "
"now it is '%s'\n",
olduid, newuid);
/* group ownership message */
if(!newgid || !oldgid || strcmp(newgid, oldgid) == 0)
/* group ownership message */
if(!newgid || !oldgid || strcmp(newgid, oldgid) == 0)
snprintf(sdb.gowner, OS_FLSIZE,"Group ownership was '%s', "
"now it is '%s'\n",
oldgid, newgid);
snprintf(sdb.gowner, OS_FLSIZE,"Group ownership was '%s', "
"now it is '%s'\n",
oldgid, newgid);
snprintf(sdb.md5, OS_FLSIZE, "Old md5sum was: '%s'\n"
"New md5sum is : '%s'\n",
oldmd5, newmd5);
snprintf(sdb.md5, OS_FLSIZE, "Old md5sum was: '%s'\n"
"New md5sum is : '%s'\n",
oldmd5, newmd5);
snprintf(sdb.sha1, OS_FLSIZE, "Old sha1sum was: '%s'\n"
"New sha1sum is : '%s'\n",
oldsha1, newsha1);
snprintf(sdb.sha1, OS_FLSIZE, "Old sha1sum was: '%s'\n"
"New sha1sum is : '%s'\n",
oldsha1, newsha1);
- /* Provide information about the file */
- snprintf(sdb.comment, 512, "Integrity checksum changed for: "
+ /* Provide information about the file */
+ snprintf(sdb.comment, OS_MAXSTR, "Integrity checksum changed for: "
fprintf(fp,"+++%s !%d %s\n", c_sum, lf->time, f_name);
fprintf(fp,"+++%s !%d %s\n", c_sum, lf->time, f_name);
/* Alert if configured to notify on new files */
if((Config.syscheck_alert_new == 1) && (DB_IsCompleted(agent_id)))
/* Alert if configured to notify on new files */
if((Config.syscheck_alert_new == 1) && (DB_IsCompleted(agent_id)))
snprintf(sdb.comment, OS_MAXSTR,
"New file '%.756s' "
"added to the file system.", f_name);
snprintf(sdb.comment, OS_MAXSTR,
"New file '%.756s' "
"added to the file system.", f_name);
/* Checking if file is supposed to be ignored */
if(Config.syscheck_ignore)
{
char **ff_ig = Config.syscheck_ignore;
/* Checking if file is supposed to be ignored */
if(Config.syscheck_ignore)
{
char **ff_ig = Config.syscheck_ignore;
/* Searching for file changes */
return(DB_Search(f_name, c_sum, lf));
}
/* Searching for file changes */
return(DB_Search(f_name, c_sum, lf));
}