X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fheaders%2Fdefs.h;h=b18dd1942ed3d7e203b39991458f4f7aabdeaedc;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=9a9e5c45ea94607fbbe1709e625a701e3fc0af17;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/src/headers/defs.h b/src/headers/defs.h old mode 100755 new mode 100644 index 9a9e5c4..b18dd19 --- a/src/headers/defs.h +++ b/src/headers/defs.h @@ -1,31 +1,25 @@ -/* @(#) $Id$ */ - -/* Copyright (C) 2009 Trend Micro Inc. +/* Copyright (C) 2009-2019 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public * License (version 2) as published by the FSF - Free Software * Foundation. - * - * License details at the LICENSE file included with OSSEC or - * online at: http://www.ossec.net/en/licensing.html */ - - -/* Global definitions - */ +/* Global Definitions */ #ifndef __OS_HEADERS #define __OS_HEADERS +#define TRUE 1 +#define FALSE 0 -/* Read / Write definitions - */ -#define READ 1 -#define WRITE 2 +#define READ 1 +#define WRITE 2 +#define OS_BINARY 0 +#define OS_TEXT 1 /* Size limit control */ #define OS_SIZE_8192 8192 @@ -36,21 +30,20 @@ #define OS_SIZE_256 256 #define OS_SIZE_128 128 -#define OS_MAXSTR OS_SIZE_6144 /* Size for logs, sockets, etc */ -#define OS_BUFFER_SIZE OS_SIZE_2048 /* Size of general buffers */ -#define OS_FLSIZE OS_SIZE_256 /* Maximum file size */ -#define OS_HEADER_SIZE OS_SIZE_128 /* Maximum header size */ -#define OS_LOG_HEADER OS_SIZE_256 /* Maximum log header size */ -#define IPSIZE 16 /* IP Address size */ - - -/* Some Global names */ -#define __name "OSSEC HIDS" -#define __version "v2.5.1" -#define __author "Trend Micro Inc." -#define __contact "contact@ossec.net" -#define __site "http://www.ossec.net" -#define __license "\ +#define OS_MAXSTR OS_SIZE_6144 /* Size for logs, sockets, etc */ +#define OS_BUFFER_SIZE OS_SIZE_2048 /* Size of general buffers */ +#define OS_FLSIZE OS_SIZE_256 /* Maximum file size */ +#define OS_HEADER_SIZE OS_SIZE_128 /* Maximum header size */ +#define OS_LOG_HEADER OS_SIZE_256 /* Maximum log header size */ +#define IPSIZE INET6_ADDRSTRLEN /* IP Address size */ + +/* Some global names */ +#define __ossec_name "OSSEC HIDS" +#define __version "v3.3.0" +#define __author "OSSEC Foundation" +#define __contact "contact@ossec.net" +#define __site "https://www.ossec.net" +#define __license "\ This program is free software; you can redistribute it and/or modify\n\ it under the terms of the GNU General Public License (version 2) as \n\ published by the Free Software Foundation. For more details, go to \n\ @@ -58,79 +51,74 @@ http://www.ossec.net/main/license/\n" /* Maximum allowed PID */ #ifdef SOLARIS - #define MAX_PID 29999 +#define MAX_PID 29999 #else - #define MAX_PID 32768 +#define MAX_PID 32768 #endif - -/* Max limit of 256 agents */ +/* Limit of 256 agents */ #ifndef MAX_AGENTS - #define MAX_AGENTS 256 -#endif +#define MAX_AGENTS 256 +#endif +/* First ID assigned by authd */ +#ifndef AUTHD_FIRST_ID +#define AUTHD_FIRST_ID 1024 +#endif -/* manager notification */ -#define NOTIFY_TIME 600 /* every 10 minutes */ +/* Notify the manager */ +#define NOTIFY_TIME 600 /* ... every 600 seconds (10 minutes) */ - /* User Configuration */ #ifndef MAILUSER - #define MAILUSER "ossecm" +#define MAILUSER "ossecm" #endif #ifndef USER - #define USER "ossec" +#define USER "ossec" #endif - + #ifndef REMUSER - #define REMUSER "ossecr" +#define REMUSER "ossecr" #endif - + #ifndef GROUPGLOBAL - #define GROUPGLOBAL "ossec" -#endif - -#ifndef DEFAULTDIR - #define DEFAULTDIR "/var/ossec" +#define GROUPGLOBAL "ossec" #endif +#ifndef DEFAULTDIR +#define DEFAULTDIR "/var/ossec" +#endif /* Default queue */ -#define DEFAULTQUEUE "/queue/ossec/queue" +#define DEFAULTQUEUE "/queue/ossec/queue" - -/* Active response files */ +/* Active Response files */ #ifndef WIN32 - #define DEFAULTAR "/etc/shared/ar.conf" - #define AR_BINDIR "/active-response/bin" - #define AGENTCONFIGINT "/etc/shared/agent.conf" - #define AGENTCONFIG DEFAULTDIR "/etc/shared/agent.conf" +#define DEFAULTAR "/etc/shared/ar.conf" +#define AR_BINDIR "/active-response/bin" +#define AGENTCONFIGINT "/etc/shared/agent.conf" +#define AGENTCONFIG DEFAULTDIR "/etc/shared/agent.conf" #else - #define DEFAULTAR "shared/ar.conf" - #define AR_BINDIR "active-response/bin" - #define AGENTCONFIG "shared/agent.conf" - #define AGENTCONFIGINT "shared/agent.conf" -#endif - +#define DEFAULTAR "shared/ar.conf" +#define AR_BINDIR "active-response/bin" +#define AGENTCONFIG "shared/agent.conf" +#define AGENTCONFIGINT "shared/agent.conf" +#endif /* Exec queue */ -#define EXECQUEUE "/queue/alerts/execq" - +#define EXECQUEUE "/queue/alerts/execq" -/* Active response queue */ +/* Active Response queue */ #define ARQUEUE "/queue/alerts/ar" - /* Decoder file */ #define XML_DECODER "/etc/decoder.xml" #define XML_LDECODER "/etc/local_decoder.xml" - /* Agent information location */ #define AGENTINFO_DIR "/queue/agent-info" - /* Syscheck directory */ #define SYSCHECK_DIR "/queue/syscheck" @@ -143,148 +131,145 @@ http://www.ossec.net/main/license/\n" #define DIFF_NEW_FILE "new-entry" #define DIFF_LAST_FILE "last-entry" - /* Syscheck data */ #define SYSCHECK "syscheck" #define SYSCHECK_REG "syscheck-registry" - /* Rule path */ #define RULEPATH "/rules" - /* Wait file */ #ifndef WIN32 - #define WAIT_FILE "/queue/ossec/.wait" +#define WAIT_FILE "/queue/ossec/.wait" #else - #define WAIT_FILE ".wait" +#define WAIT_FILE ".wait" #endif - /* Agent information file */ #ifndef WIN32 - #define AGENT_INFO_FILE "/queue/ossec/.agent_info" - #define AGENT_INFO_FILEP DEFAULTDIR AGENT_INFO_FILE +#define AGENT_INFO_FILE "/queue/ossec/.agent_info" +#define AGENT_INFO_FILEP DEFAULTDIR AGENT_INFO_FILE #else - #define AGENT_INFO_FILE ".agent_info" - #define AGENT_INFO_FILEP AGENT_INFO_FILE +#define AGENT_INFO_FILE ".agent_info" +#define AGENT_INFO_FILEP AGENT_INFO_FILE #endif - /* Syscheck restart */ #ifndef WIN32 - #define SYSCHECK_RESTART "/var/run/.syscheck_run" - #define SYSCHECK_RESTART_PATH DEFAULTDIR SYSCHECK_RESTART +#define SYSCHECK_RESTART "/var/run/.syscheck_run" +#define SYSCHECK_RESTART_PATH DEFAULTDIR SYSCHECK_RESTART #else - #define SYSCHECK_RESTART "syscheck/.syscheck_run" - #define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run" -#endif - - -/* Agentless directories. */ -#define AGENTLESSDIR "/agentless" -#define AGENTLESSPASS "/agentless/.passlist" +#define SYSCHECK_RESTART "syscheck/.syscheck_run" +#define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run" +#endif + +/* Agentless directories */ +#define AGENTLESSDIR "/agentless" +#define AGENTLESSPASS "/agentless/.passlist" #define AGENTLESS_ENTRYDIR "/queue/agentless" - /* Internal definitions files */ #ifndef WIN32 - #define OSSEC_DEFINES "/etc/internal_options.conf" - #define OSSEC_LDEFINES "/etc/local_internal_options.conf" +#define OSSEC_DEFINES "/etc/internal_options.conf" +#define OSSEC_LDEFINES "/etc/local_internal_options.conf" #else - #define OSSEC_DEFINES "internal_options.conf" - #define OSSEC_LDEFINES "local_internal_options.conf" +#define OSSEC_DEFINES "internal_options.conf" +#define OSSEC_LDEFINES "local_internal_options.conf" #endif - /* Log directories */ -#define EVENTS "/logs/archives" -#define EVENTS_DAILY "/logs/archives/archives.log" -#define ALERTS "/logs/alerts" -#define ALERTS_DAILY "/logs/alerts/alerts.log" -#define FWLOGS "/logs/firewall" -#define FWLOGS_DAILY "/logs/firewall/firewall.log" - +#define EVENTS "/logs/archives" +#define EVENTS_DAILY "/logs/archives/archives.log" +#define ALERTS "/logs/alerts" +#define ALERTS_PATH DEFAULTDIR ALERTS +#define ALERTS_DAILY "/logs/alerts/alerts.log" +#define ALERTSJSON_DAILY "/logs/alerts/alerts.json" +#define FWLOGS "/logs/firewall" +#define FWLOGS_DAILY "/logs/firewall/firewall.log" +#define EVENTSJSON_DAILY "/logs/archives/archives.json" /* Stats directories */ #define STATWQUEUE "/stats/weekly-average" #define STATQUEUE "/stats/hourly-average" #define STATSAVED "/stats/totals" - /* Authentication keys file */ #ifndef WIN32 #define KEYS_FILE "/etc/client.keys" +#define AUTHD_PASS "/etc/authd.pass" #define KEYSFILE_PATH DEFAULTDIR KEYS_FILE +#define AUTHDPASS_PATH DEFAULTDIR AUTHD_PASS #else #define KEYS_FILE "client.keys" #define KEYSFILE_PATH KEYS_FILE +#define AUTHD_PASS "authd.pass" +#define AUTHDPASS_PATH AUTHD_PASS #endif #ifndef AUTH_FILE #define AUTH_FILE KEYS_FILE #endif - /* Shared config directory */ #ifndef WIN32 - #define SHAREDCFG_DIR "/etc/shared" +#define SHAREDCFG_DIR "/etc/shared" #else - #define SHAREDCFG_DIR "shared" -#endif +#define SHAREDCFG_DIR "shared" +#endif -/* Built in defines */ -#define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE +/* Built-in defines */ +#define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE #ifndef WIN32 #define OSSECCONF "/etc/ossec.conf" #define DEFAULTCPATH DEFAULTDIR OSSECCONF #else #define OSSECCONF "ossec.conf" -#define DEFAULTCPATH "ossec.conf" +#define DEFAULTCPATH "ossec.conf" #endif #ifndef WIN32 - #define DEFAULTARPATH DEFAULTDIR DEFAULTAR - #define AR_BINDIRPATH DEFAULTDIR AR_BINDIR - #define AGENTLESSDIRPATH DEFAULTDIR AGENTLESSDIR - #define AGENTLESSPASSPATH DEFAULTDIR AGENTLESSPASS - #define AGENTLESS_ENTRYDIRPATH DEFAULTDIR AGENTLESS_ENTRYDIR +#define DEFAULTARPATH DEFAULTDIR DEFAULTAR +#define AR_BINDIRPATH DEFAULTDIR AR_BINDIR +#define AGENTLESSDIRPATH DEFAULTDIR AGENTLESSDIR +#define AGENTLESSPASSPATH DEFAULTDIR AGENTLESSPASS +#define AGENTLESS_ENTRYDIRPATH DEFAULTDIR AGENTLESS_ENTRYDIR #else - #define DEFAULTARPATH "shared/ar.conf" - #define AR_BINDIRPATH "active-response/bin" - #define AGENTLESSDIRPATH AGENTLESSDIR - #define AGENTLESSPASSPATH AGENTLESSPASS - #define AGENTLESS_ENTRYDIRPATH AGENTLESS_ENTRYDIR +#define DEFAULTARPATH "shared/ar.conf" +#define AR_BINDIRPATH "active-response/bin" +#define AGENTLESSDIRPATH AGENTLESSDIR +#define AGENTLESSPASSPATH AGENTLESSPASS +#define AGENTLESS_ENTRYDIRPATH AGENTLESS_ENTRYDIR #endif -#define EXECQUEUEPATH DEFAULTDIR EXECQUEUE +#define EXECQUEUEPATH DEFAULTDIR EXECQUEUE #ifdef WIN32 - #define SHAREDCFG_DIRPATH SHAREDCFG_DIR +#define SHAREDCFG_DIRPATH SHAREDCFG_DIR #else - #define SHAREDCFG_DIRPATH DEFAULTDIR SHAREDCFG_DIR +#define SHAREDCFG_DIRPATH DEFAULTDIR SHAREDCFG_DIR #endif #define SHAREDCFG_FILE SHAREDCFG_DIR "/merged.mg" #define SHAREDCFG_FILEPATH SHAREDCFG_DIRPATH "/merged.mg" #define SHAREDCFG_FILENAME "merged.mg" - #define WAIT_FILE_PATH DEFAULTDIR WAIT_FILE +#define TMP_DIR "tmp" + +/* Windows COMSPEC */ +#define COMSPEC "C:\\Windows\\System32\\cmd.exe" /* Default ports */ #ifndef DEFAULT_SECURE - #define DEFAULT_SECURE 1514 /* Default encrypted */ +#define DEFAULT_SECURE "1514" /* Default encrypted */ #endif #ifndef DEFAULT_SYSLOG - #define DEFAULT_SYSLOG 514 /* Default syslog port - udp */ +#define DEFAULT_SYSLOG "514" /* Default syslog port - udp */ #endif - - -/* Xml global elements */ +/* XML global elements */ #ifndef xml_global #define xml_global "global" #endif