X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fanalysisd%2Falerts%2Fexec.c;h=660cc528b8049a7feb9e8155b40bb4017190741e;hb=927951d1c1ad45ba9e7325f07d996154a91c911b;hp=073ac5893957728da2d36fd6edae37dabfabe2d2;hpb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;p=ossec-hids.git

diff --git a/src/analysisd/alerts/exec.c b/src/analysisd/alerts/exec.c
index 073ac58..660cc52 100755
--- a/src/analysisd/alerts/exec.c
+++ b/src/analysisd/alerts/exec.c
@@ -33,7 +33,10 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
     char exec_msg[OS_SIZE_1024 +1];
     char *ip;
     char *user;
+    char *filename;
+    int do_free_filename = 0;
 
+    ip = user = filename = "-";
 
     /* Cleaning the IP */
     if(lf->srcip && (ar->ar_cmd->expect & SRCIP))
@@ -73,20 +76,18 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
             }
         }
     }
-    else
-    {
-        ip = "-";
-    }
-
 
     /* Getting username */
     if(lf->dstuser && (ar->ar_cmd->expect & USERNAME))
     {
         user = lf->dstuser;
     }
-    else
+
+    /* Get the filename */
+    if(lf->filename && (ar->ar_cmd->expect & FILENAME))
     {
-        user = "-";
+            filename = os_shell_escape(lf->filename);
+            do_free_filename = 1;
     }
 
 
@@ -102,14 +103,15 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
             return;
 
         snprintf(exec_msg, OS_SIZE_1024,
-                "%s %s %s %d.%ld %d %s",
+                "%s %s %s %d.%ld %d %s %s",
                 ar->name,
                 user,
                 ip,
                 lf->time,
                 __crt_ftell,
                 lf->generated_rule->sigid,
-                lf->location);
+                lf->location,
+                filename);
 
         if(OS_SendUnix(*execq, exec_msg, 0) < 0)
         {
@@ -126,7 +128,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
 		if missing then it must of been generated by the local analysisd so prepend a false id tag */
 	if(lf->location[0] == '(') {
         	snprintf(exec_msg, OS_SIZE_1024,
-                	"%s %c%c%c %s %s %s %s %d.%ld %d",
+                	"%s %c%c%c %s %s %s %s %d.%ld %d %s %s",
                 	lf->location,
                 	(ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
                 	(ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
@@ -137,10 +139,12 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
                 	ip,
                 	lf->time,
                 	__crt_ftell,
-                	lf->generated_rule->sigid);
+                	lf->generated_rule->sigid,
+                    lf->location,
+                    filename);
 	} else {
 	        snprintf(exec_msg, OS_SIZE_1024,
-                	"(local_source) %s %c%c%c %s %s %s %s %d.%ld %d",
+                	"(local_source) %s %c%c%c %s %s %s %s %d.%ld %d %s %s",
                 	lf->location,
                 	(ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
                 	(ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
@@ -151,7 +155,9 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
                 	ip,
                 	lf->time,
                 	__crt_ftell,
-                	lf->generated_rule->sigid);
+                	lf->generated_rule->sigid,
+                    lf->location,
+                    filename);
 	}
 
         if((rc = OS_SendUnix(*arq, exec_msg, 0)) < 0)
@@ -168,6 +174,10 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
         }
     }
 
+    // Clean up Memory
+    if ( filename != NULL && do_free_filename == 1 )
+        free(filename);
+
     return;
 }