X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fconfig%2Flocalfile-config.c;h=b9df5463219ea3e1efc0fdacbea4595ceb8243eb;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hp=dd523e87c623bf617877ade48255c8840873f210;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/config/localfile-config.c b/src/config/localfile-config.c index dd523e8..b9df546 100755 --- a/src/config/localfile-config.c +++ b/src/config/localfile-config.c @@ -1,17 +1,18 @@ -/* @(#) $Id: localfile-config.c,v 1.25 2009/11/03 21:07:32 dcid Exp $ */ +/* @(#) $Id: ./src/config/localfile-config.c, 2012/03/28 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ - -#include "shared.h" + +#include "shared.h" #include "localfile-config.h" @@ -19,9 +20,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { int pl = 0; int i = 0; - - int glob_set = 0; - + + int glob_set = 0; + #ifndef WIN32 int glob_offset = 0; #endif @@ -31,7 +32,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) char *xml_localfile_location = "location"; char *xml_localfile_command = "command"; char *xml_localfile_logformat = "log_format"; - + char *xml_localfile_frequency = "frequency"; + char *xml_localfile_alias = "alias"; logreader *logf; logreader_config *log_config; @@ -39,16 +41,18 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) log_config = (logreader_config *)d1; - /* If config is not set, we need to create it */ + /* If config is not set, we need to create it */ if(!log_config->config) { os_calloc(2, sizeof(logreader), log_config->config); logf = log_config->config; logf[0].file = NULL; logf[0].command = NULL; + logf[0].alias = NULL; logf[0].logformat = NULL; logf[1].file = NULL; logf[1].command = NULL; + logf[1].alias = NULL; logf[1].logformat = NULL; } else @@ -58,23 +62,26 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { pl++; } - + /* Allocating more memory */ os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; logf[pl +1].file = NULL; logf[pl +1].command = NULL; + logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; } - + logf[pl].file = NULL; logf[pl].command = NULL; + logf[pl].alias = NULL; logf[pl].logformat = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; logf[pl].djb_program_name = NULL; - - + logf[pl].ign = 360; + + /* Searching for entries related to files */ i = 0; while(node[i]) @@ -91,20 +98,45 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } else if(strcmp(node[i]->element,xml_localfile_command) == 0) { + /* We don't accept remote commands from the manager - just in case. */ + if(log_config->agent_cfg == 1 && log_config->accept_remote == 0) + { + merror("%s: Remote commands are not accepted from the manager. " + "Ignoring it on the agent.conf", ARGV0); + + logf[pl].file = NULL; + logf[pl].ffile = NULL; + logf[pl].command = NULL; + logf[pl].alias = NULL; + logf[pl].logformat = NULL; + logf[pl].fp = NULL; + return(OS_INVALID); + } + os_strdup(node[i]->content, logf[pl].file); logf[pl].command = logf[pl].file; } + else if(strcmp(node[i]->element,xml_localfile_frequency) == 0) + { + if(!OS_StrIsNum(node[i]->content)) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + + logf[pl].ign = atoi(node[i]->content); + } else if(strcmp(node[i]->element,xml_localfile_location) == 0) { #ifdef WIN32 /* Expand variables on Windows. */ if(strchr(node[i]->content, '%')) { - int expandreturn = 0; + int expandreturn = 0; char newfile[OS_MAXSTR +1]; newfile[OS_MAXSTR] = '\0'; - expandreturn = ExpandEnvironmentStrings(node[i]->content, + expandreturn = ExpandEnvironmentStrings(node[i]->content, newfile, OS_MAXSTR); if((expandreturn > 0) && (expandreturn < OS_MAXSTR)) @@ -113,7 +145,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(newfile, node[i]->content); } - } + } #endif @@ -121,17 +153,17 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) * We will call this file multiple times until * there is no one else available. */ - #ifndef WIN32 /* No windows support for glob */ + #ifndef WIN32 /* No windows support for glob */ if(strchr(node[i]->content, '*') || strchr(node[i]->content, '?') || strchr(node[i]->content, '[')) { glob_t g; - + /* Setting ot the first entry of the glob */ if(glob_set == 0) glob_set = pl +1; - + if(glob(node[i]->content, 0, NULL, &g) != 0) { merror(GLOB_ERROR, ARGV0, node[i]->content); @@ -139,7 +171,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) i++; continue; } - + /* Checking for the last entry */ if((g.gl_pathv[glob_offset]) == NULL) { @@ -180,7 +212,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(g.gl_pathv[glob_offset], logf[pl].file); } - + glob_offset++; globfree(&g); @@ -188,13 +220,15 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) pl++; os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; - + logf[pl].file = NULL; + logf[pl].alias = NULL; logf[pl].logformat = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; - + logf[pl +1].file = NULL; + logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; /* We can not increment the file count in here */ @@ -202,7 +236,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } else if(strchr(node[i]->content, '%')) #else - if(strchr(node[i]->content, '%')) + if(strchr(node[i]->content, '%')) #endif /* WIN32 */ /* We need the format file (based on date) */ @@ -225,8 +259,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(node[i]->content, logf[pl].ffile); os_strdup(node[i]->content, logf[pl].file); } - - + + /* Normal file */ else { @@ -242,6 +276,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) if(strcmp(logf[pl].logformat, "syslog") == 0) { } + else if(strcmp(logf[pl].logformat, "generic") == 0) + { + } else if(strcmp(logf[pl].logformat, "snort-full") == 0) { } @@ -263,6 +300,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, "mysql_log") == 0) { } + else if(strcmp(logf[pl].logformat, "ossecalert") == 0) + { + } else if(strcmp(logf[pl].logformat, "mssql_log") == 0) { } @@ -278,6 +318,39 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, "command") == 0) { } + else if(strcmp(logf[pl].logformat, "full_command") == 0) + { + } + else if(strncmp(logf[pl].logformat, "multi-line", 10) == 0) + { + int x = 0; + logf[pl].logformat+=10; + + while(logf[pl].logformat[0] == ' ') + logf[pl].logformat++; + + if(logf[pl].logformat[0] != ':') + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + logf[pl].logformat++; + + while(*logf[pl].logformat == ' ') + logf[pl].logformat++; + + while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9') + x++; + + while(logf[pl].logformat[x] == ' ') + x++; + + if(logf[pl].logformat[x] != '\0') + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } else if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { } @@ -287,6 +360,10 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) return(OS_INVALID); } } + else if(strcasecmp(node[i]->element,xml_localfile_alias) == 0) + { + os_strdup(node[i]->content, logf[pl].alias); + } else { merror(XML_INVELEM, ARGV0, node[i]->element); @@ -301,7 +378,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) if(glob_set) { char *format; - + /* Getting log format */ if(logf[pl].logformat) { @@ -330,7 +407,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + if(logf[i].logformat == NULL) { logf[i].logformat = format; @@ -352,7 +429,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + /* Verifying a valid event log config */ if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { @@ -366,7 +443,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } } - if(strcmp(logf[pl].logformat, "command") == 0) + if((strcmp(logf[pl].logformat, "command") == 0)|| + (strcmp(logf[pl].logformat, "full_command") == 0)) { if(!logf[pl].command) {