int *maxsize, int *timeframe,
int *frequency, int *accuracy,
int *noalert, int *ignore_time, int *overwrite);
+int doesRuleExist(int sid, RuleNode *r_node);
void Rule_AddAR(RuleInfo *config_rule);
return(-1);
}
+ if(overwrite != 1 && doesRuleExist(id, NULL))
+ {
+ merror("%s: Duplicate rule ID:%d",ARGV0, id);
+ OS_ClearXML(&xml);
+ return(-1);
+ }
+
/* Allocating memory and initializing structure */
config_ruleinfo = zerorulemember(id, level, maxsize,
frequency,timeframe,
}
else if(strcmp(rule_opt[k]->content,"windows") == 0)
{
- config_ruleinfo->category = WINDOWS;
+ config_ruleinfo->category = DECODER_WINDOWS;
}
else if(strcmp(rule_opt[k]->content,"ossec") == 0)
{
return(l_size);
}
+/* test if a rule id exists
+ * return 1 when exists
+ * return 0 when not
+ */
+int doesRuleExist(int sid, RuleNode *r_node)
+{
+ /* start from the beginning of the list by default */
+ if(!r_node)
+ r_node = OS_GetFirstRule();
+
+ while(r_node)
+ {
+ /* Checking if the sigid matches */
+ if(r_node->ruleinfo->sigid == sid)
+ return (1);
+
+ /* Checking if the rule has a child */
+ if(r_node->child)
+ {
+ /* check recursive */
+ if(doesRuleExist(sid, r_node->child))
+ return (1);
+ }
+
+ /* go to the next rule */
+ r_node = r_node->next;
+ }
+
+ return (0);
+}
+
/* EOF */