X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fanalysisd%2Frules.c;h=bf9c65138134e8588ebf6cbf704c6a4c6df38eb4;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hp=d018cefa13f1a5250309cc0b97d2e1a7b1011198;hpb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;p=ossec-hids.git diff --git a/src/analysisd/rules.c b/src/analysisd/rules.c index d018cef..bf9c651 100755 --- a/src/analysisd/rules.c +++ b/src/analysisd/rules.c @@ -36,6 +36,7 @@ int getattributes(char **attributes, int *maxsize, int *timeframe, int *frequency, int *accuracy, int *noalert, int *ignore_time, int *overwrite); +int doesRuleExist(int sid, RuleNode *r_node); void Rule_AddAR(RuleInfo *config_rule); @@ -315,6 +316,13 @@ int Rules_OP_ReadRules(char * rulefile) return(-1); } + if(overwrite != 1 && doesRuleExist(id, NULL)) + { + merror("%s: Duplicate rule ID:%d",ARGV0, id); + OS_ClearXML(&xml); + return(-1); + } + /* Allocating memory and initializing structure */ config_ruleinfo = zerorulemember(id, level, maxsize, frequency,timeframe, @@ -849,7 +857,7 @@ int Rules_OP_ReadRules(char * rulefile) } else if(strcmp(rule_opt[k]->content,"windows") == 0) { - config_ruleinfo->category = WINDOWS; + config_ruleinfo->category = DECODER_WINDOWS; } else if(strcmp(rule_opt[k]->content,"ossec") == 0) { @@ -2108,5 +2116,36 @@ int _setlevels(RuleNode *node, int nnode) return(l_size); } +/* test if a rule id exists + * return 1 when exists + * return 0 when not + */ +int doesRuleExist(int sid, RuleNode *r_node) +{ + /* start from the beginning of the list by default */ + if(!r_node) + r_node = OS_GetFirstRule(); + + while(r_node) + { + /* Checking if the sigid matches */ + if(r_node->ruleinfo->sigid == sid) + return (1); + + /* Checking if the rule has a child */ + if(r_node->child) + { + /* check recursive */ + if(doesRuleExist(sid, r_node->child)) + return (1); + } + + /* go to the next rule */ + r_node = r_node->next; + } + + return (0); +} + /* EOF */