X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Frootcheck%2Frootcheck-config.c;h=6d5ca79c1340c6c75efb19631918f8ad8a5580e2;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=9b7bc5f21a9b11193580e2af0a90ce536429e57b;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/rootcheck/rootcheck-config.c b/src/rootcheck/rootcheck-config.c old mode 100755 new mode 100644 index 9b7bc5f..6d5ca79 --- a/src/rootcheck/rootcheck-config.c +++ b/src/rootcheck/rootcheck-config.c @@ -1,183 +1,160 @@ -/* @(#) $Id: rootcheck-config.c,v 1.11 2009/06/24 18:53:07 dcid Exp $ */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ - #ifndef OSSECHIDS + #include #include #include #include #include "shared.h" - #include "os_xml/os_xml.h" - #include "rootcheck.h" -/* Read_Rootcheck_Config: Reads the rootcheck config +/* Evaluate boolean with two arguments + * str: input string, "yes"|"no" + * default_val: 1(yes)|0(no) */ -int Read_Rootcheck_Config(char * cfgfile) +short eval_bool2(char *str, short default_val) { - OS_XML xml; + short ret = default_val; + + if (str == NULL) { + return (ret); + } else if (strcmp(str, "yes") == 0) { + ret = 1; + } else if (strcmp(str, "no") == 0) { + ret = 0; + } - char *str = NULL; + free(str); + return (ret); +} +/* Read the rootcheck config */ +int Read_Rootcheck_Config(const char *cfgfile) +{ + OS_XML xml; +#ifdef OSSECHIDS + char *str = NULL; +#endif /* XML Definitions */ - char *(xml_daemon[])={xml_rootcheck,"daemon", NULL}; - char *(xml_notify[])={xml_rootcheck, "notify", NULL}; - char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL}; - char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL}; - char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL}; - char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL}; - char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL}; - char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL}; - char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL}; - char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL}; - char *(xml_scanall[])={xml_rootcheck, "scanall", NULL}; - char *(xml_readall[])={xml_rootcheck, "readall", NULL}; - char *(xml_time[])={xml_rootcheck, "frequency", NULL}; + const char *(xml_base_dir[]) = {xml_rootcheck, "base_directory", NULL}; + const char *(xml_workdir[]) = {xml_rootcheck, "work_directory", NULL}; + const char *(xml_rootkit_files[]) = {xml_rootcheck, "rootkit_files", NULL}; + const char *(xml_rootkit_trojans[]) = {xml_rootcheck, "rootkit_trojans", NULL}; + const char *(xml_rootkit_unixaudit[]) = {xml_rootcheck, "system_audit", NULL}; + const char *(xml_rootkit_winaudit[]) = {xml_rootcheck, "windows_audit", NULL}; + const char *(xml_rootkit_winapps[]) = {xml_rootcheck, "windows_apps", NULL}; + const char *(xml_rootkit_winmalware[]) = {xml_rootcheck, "windows_malware", NULL}; + const char *(xml_scanall[]) = {xml_rootcheck, "scanall", NULL}; + const char *(xml_readall[]) = {xml_rootcheck, "readall", NULL}; +#ifdef OSSECHIDS + const char *(xml_time[]) = {xml_rootcheck, "frequency", NULL}; +#endif + const char *(xml_check_dev[]) = {xml_rootcheck, "check_dev", NULL}; + const char *(xml_check_files[]) = {xml_rootcheck, "check_files", NULL}; + const char *(xml_check_if[]) = {xml_rootcheck, "check_if", NULL}; + const char *(xml_check_pids[]) = {xml_rootcheck, "check_pids", NULL}; + const char *(xml_check_ports[]) = {xml_rootcheck, "check_ports", NULL}; + const char *(xml_check_sys[]) = {xml_rootcheck, "check_sys", NULL}; + const char *(xml_check_trojans[]) = {xml_rootcheck, "check_trojans", NULL}; +#ifdef WIN32 + const char *(xml_check_winapps[]) = {xml_rootcheck, "check_winapps", NULL}; + const char *(xml_check_winaudit[]) = {xml_rootcheck, "check_winaudit", NULL}; + const char *(xml_check_winmalware[]) = {xml_rootcheck, "check_winmalware", NULL}; +#else + const char *(xml_check_unixaudit[]) = {xml_rootcheck, "check_unixaudit", NULL}; +#endif +#ifdef OSSECHIDS /* :) */ xml_time[2] = NULL; - - if(OS_ReadXML(cfgfile,&xml) < 0) - { - merror("config_op: XML error: %s",xml.err); - return(OS_INVALID); +#endif + + if (OS_ReadXML(cfgfile, &xml) < 0) { + merror("config_op: XML error: %s", xml.err); + return (OS_INVALID); } - if(!OS_RootElementExist(&xml,xml_rootcheck)) - { + if (!OS_RootElementExist(&xml, xml_rootcheck)) { OS_ClearXML(&xml); - merror("%s: Rootcheck configuration not found. ",ARGV0); - return(-1); + merror("%s: Rootcheck configuration not found. ", ARGV0); + return (-1); } - /* run as a daemon */ - str = OS_GetOneContentforElement(&xml,xml_daemon); - if(str) - { - if(str[0] == 'n') - rootcheck.daemon = 0; - free(str); - str = NULL; - } - +#ifdef OSSECHIDS /* time */ - #ifdef OSSECHIDS - str = OS_GetOneContentforElement(&xml,xml_time); - if(str) - { - if(!OS_StrIsNum(str)) - { + str = OS_GetOneContentforElement(&xml, xml_time); + if (str) { + if (!OS_StrIsNum(str)) { merror("Invalid frequency time '%s' for the rootkit " - "detection (must be int).", str); - return(OS_INVALID); + "detection (must be int).", str); + return (OS_INVALID); } rootcheck.time = atoi(str); - free(str); str = NULL; } - #endif - - - /* Scan all flag */ - if(!rootcheck.scanall) - { - str = OS_GetOneContentforElement(&xml,xml_scanall); - if(str) - { - if(str[0] == 'y') - rootcheck.scanall = 1; - free(str); - str = NULL; - } - } +#endif /* OSSECHIDS */ - - /* read all flag */ - if(!rootcheck.readall) - { - str = OS_GetOneContentforElement(&xml,xml_readall); - if(str) - { - if(str[0] == 'y') - rootcheck.readall = 1; - free(str); - str = NULL; - } + /* Scan all flags */ + if (!rootcheck.scanall) { + rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml, xml_scanall), 0); } - - - /* Notifications type */ - str = OS_GetOneContentforElement(&xml,xml_notify); - if(str) - { - if(strcasecmp(str,"queue") == 0) - rootcheck.notify = QUEUE; - else if(strcasecmp(str,"syslog") == 0) - rootcheck.notify = SYSLOG; - else - { - merror("%s: Invalid notification option. Only " - "'syslog' or 'queue' are allowed.",ARGV0); - return(-1); - } - - free(str); - str = NULL; + + /* Read all flags */ + if (!rootcheck.readall) { + rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml, xml_readall), 0); } - else - { - /* Default to SYSLOG */ - rootcheck.notify = SYSLOG; + + /* Get work directory */ + if (!rootcheck.workdir) { + rootcheck.workdir = OS_GetOneContentforElement(&xml, xml_workdir); } - /* Getting work directory */ - if(!rootcheck.workdir) - rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir); - - rootcheck.rootkit_files = OS_GetOneContentforElement - (&xml,xml_rootkit_files); + (&xml, xml_rootkit_files); rootcheck.rootkit_trojans = OS_GetOneContentforElement - (&xml,xml_rootkit_trojans); - - rootcheck.unixaudit = OS_GetContents - (&xml,xml_rootkit_unixaudit); - + (&xml, xml_rootkit_trojans); + rootcheck.unixaudit = OS_GetContents + (&xml, xml_rootkit_unixaudit); rootcheck.winaudit = OS_GetOneContentforElement - (&xml,xml_rootkit_winaudit); - + (&xml, xml_rootkit_winaudit); rootcheck.winapps = OS_GetOneContentforElement - (&xml,xml_rootkit_winapps); - + (&xml, xml_rootkit_winapps); rootcheck.winmalware = OS_GetOneContentforElement - (&xml,xml_rootkit_winmalware); - + (&xml, xml_rootkit_winmalware); rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir); + rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_dev), 1); + rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_files), 1); + rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_if), 1); + rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_pids), 1); + rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_ports), 1); + rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_sys), 1); + rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_trojans), 1); +#ifdef WIN32 + rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winapps), 1); + rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winaudit), 1); + rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winmalware), 1); +#else + rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_unixaudit), 1); +#endif /* WIN32 */ + OS_ClearXML(&xml); - OS_ClearXML(&xml); - - debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon); - debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify); - - return(0); + return (0); } - -/* EOF */ #endif +