src/config/rootcheck-config.c

   1 /*   $OSSEC, rootcheck-config.c, v0.1, 2005/09/30, Daniel B. Cid$   */
   2
   3 /* Copyright (C) 2009 Trend Micro Inc.
   4  * All right reserved.
   5  *
   6  * This program is a free software; you can redistribute it
   7  * and/or modify it under the terms of the GNU General Public
   8  * License (version 2) as published by the FSF - Free Software
   9  * Foundation
  10  */
  11
  12
  13 #include "shared.h"
  14 #include "rootcheck-config.h"
  15
  16
  17 short eval_bool(char *str)
  18 {
  19     if (str == NULL)
  20         return(OS_INVALID);
  21     else if (strcmp(str, "yes") == 0)
  22         return(1);
  23     else if (strcmp(str, "no") == 0)
  24         return(0);
  25     else
  26         return(OS_INVALID);
  27 }
  28
  29 /* Read_Rootcheck: Reads the rootcheck config
  30  */
  31 int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
  32 {
  33     int i = 0;
  34
  35     rkconfig *rootcheck;
  36
  37     /* XML Definitions */
  38     char *xml_rootkit_files = "rootkit_files";
  39     char *xml_rootkit_trojans = "rootkit_trojans";
  40     char *xml_winaudit = "windows_audit";
  41     char *xml_unixaudit = "system_audit";
  42     char *xml_winapps = "windows_apps";
  43     char *xml_winmalware = "windows_malware";
  44     char *xml_scanall = "scanall";
  45     char *xml_readall = "readall";
  46     char *xml_time = "frequency";
  47     char *xml_disabled = "disabled";
  48     char *xml_base_dir = "base_directory";
  49     char *xml_ignore = "ignore";
  50
  51     char *xml_check_dev = "check_dev";
  52     char *xml_check_files = "check_files";
  53     char *xml_check_if = "check_if";
  54     char *xml_check_pids = "check_pids";
  55     char *xml_check_ports = "check_ports";
  56     char *xml_check_sys = "check_sys";
  57     char *xml_check_trojans = "check_trojans";
  58     char *xml_check_unixaudit = "check_unixaudit";
  59     char *xml_check_winapps = "check_winapps";
  60     char *xml_check_winaudit = "check_winaudit";
  61     char *xml_check_winmalware = "check_winmalware";
  62
  63     rootcheck = (rkconfig *)configp;
  64
  65     while(node[i])
  66     {
  67         if(!node[i]->element)
  68         {
  69             merror(XML_ELEMNULL, ARGV0);
  70             return(OS_INVALID);
  71         }
  72         else if(!node[i]->content)
  73         {
  74             merror(XML_VALUENULL, ARGV0, node[i]->element);
  75             return(OS_INVALID);
  76         }
  77
  78         /* Getting frequency */
  79         else if(strcmp(node[i]->element,xml_time) == 0)
  80         {
  81             if(!OS_StrIsNum(node[i]->content))
  82             {
  83                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
  84                 return(OS_INVALID);
  85             }
  86
  87             rootcheck->time = atoi(node[i]->content);
  88         }
  89         /* getting scan all */
  90         else if(strcmp(node[i]->element,xml_scanall) == 0)
  91         {
  92             rootcheck->scanall = eval_bool(node[i]->content);
  93             if (rootcheck->scanall == OS_INVALID)
  94             {
  95                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
  96                 return(OS_INVALID);
  97             }
  98         }
  99         else if(strcmp(node[i]->element, xml_disabled) == 0)
 100         {
 101             rootcheck->disabled = eval_bool(node[i]->content);
 102             if (rootcheck->disabled == OS_INVALID)
 103             {
 104                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 105                 return(OS_INVALID);
 106             }
 107         }
 108         else if(strcmp(node[i]->element,xml_readall) == 0)
 109         {
 110             rootcheck->readall = eval_bool(node[i]->content);
 111             if (rootcheck->readall == OS_INVALID)
 112             {
 113                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 114                 return(OS_INVALID);
 115             }
 116         }
 117         else if(strcmp(node[i]->element,xml_rootkit_files) == 0)
 118         {
 119             os_strdup(node[i]->content, rootcheck->rootkit_files);
 120         }
 121         else if(strcmp(node[i]->element,xml_rootkit_trojans) == 0)
 122         {
 123             os_strdup(node[i]->content, rootcheck->rootkit_trojans);
 124         }
 125         else if(strcmp(node[i]->element, xml_winaudit) == 0)
 126         {
 127             os_strdup(node[i]->content, rootcheck->winaudit);
 128         }
 129         else if(strcmp(node[i]->element, xml_unixaudit) == 0)
 130         {
 131             int j = 0;
 132             while(rootcheck->unixaudit && rootcheck->unixaudit[j])
 133                 j++;
 134
 135             os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2),
 136                        rootcheck->unixaudit);
 137             rootcheck->unixaudit[j] = NULL;
 138             rootcheck->unixaudit[j + 1] = NULL;
 139
 140             os_strdup(node[i]->content, rootcheck->unixaudit[j]);
 141         }
 142         else if(strcmp(node[i]->element, xml_ignore) == 0)
 143         {
 144             int j = 0;
 145             while(rootcheck->ignore && rootcheck->ignore[j])
 146                 j++;
 147
 148             os_realloc(rootcheck->ignore, sizeof(char *)*(j+2),
 149                        rootcheck->ignore);
 150             rootcheck->ignore[j] = NULL;
 151             rootcheck->ignore[j + 1] = NULL;
 152
 153             os_strdup(node[i]->content, rootcheck->ignore[j]);
 154         }
 155         else if(strcmp(node[i]->element, xml_winmalware) == 0)
 156         {
 157             os_strdup(node[i]->content, rootcheck->winmalware);
 158         }
 159         else if(strcmp(node[i]->element, xml_winapps) == 0)
 160         {
 161             os_strdup(node[i]->content, rootcheck->winapps);
 162         }
 163         else if(strcmp(node[i]->element, xml_base_dir) == 0)
 164         {
 165             os_strdup(node[i]->content, rootcheck->basedir);
 166         }
 167         else if (strcmp(node[i]->element, xml_check_dev) == 0)
 168         {
 169             rootcheck->checks.rc_dev = eval_bool(node[i]->content);
 170             if (rootcheck->checks.rc_dev == OS_INVALID)
 171             {
 172                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 173                 return(OS_INVALID);
 174             }
 175         }
 176         else if (strcmp(node[i]->element, xml_check_files) == 0)
 177         {
 178             rootcheck->checks.rc_files = eval_bool(node[i]->content);
 179             if (rootcheck->checks.rc_files == OS_INVALID)
 180             {
 181                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 182                 return(OS_INVALID);
 183             }
 184         }
 185         else if (strcmp(node[i]->element, xml_check_if) == 0)
 186         {
 187             rootcheck->checks.rc_if = eval_bool(node[i]->content);
 188             if (rootcheck->checks.rc_if == OS_INVALID)
 189             {
 190                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 191                 return(OS_INVALID);
 192             }
 193         }
 194         else if (strcmp(node[i]->element, xml_check_pids) == 0)
 195         {
 196             rootcheck->checks.rc_pids = eval_bool(node[i]->content);
 197             if (rootcheck->checks.rc_pids == OS_INVALID)
 198             {
 199                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 200                 return(OS_INVALID);
 201             }
 202         }
 203         else if (strcmp(node[i]->element, xml_check_ports) == 0)
 204         {
 205             rootcheck->checks.rc_ports = eval_bool(node[i]->content);
 206             if (rootcheck->checks.rc_ports == OS_INVALID)
 207             {
 208                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 209                 return(OS_INVALID);
 210             }
 211         }
 212         else if (strcmp(node[i]->element, xml_check_sys) == 0)
 213         {
 214             rootcheck->checks.rc_sys = eval_bool(node[i]->content);
 215             if (rootcheck->checks.rc_sys == OS_INVALID)
 216             {
 217                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 218                 return(OS_INVALID);
 219             }
 220         }
 221         else if (strcmp(node[i]->element, xml_check_trojans) == 0)
 222         {
 223             rootcheck->checks.rc_trojans = eval_bool(node[i]->content);
 224             if (rootcheck->checks.rc_trojans == OS_INVALID)
 225             {
 226                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 227                 return(OS_INVALID);
 228             }
 229         }
 230         else if (strcmp(node[i]->element, xml_check_unixaudit) == 0)
 231         {
 232             #ifndef WIN32
 233             rootcheck->checks.rc_unixaudit = eval_bool(node[i]->content);
 234             if (rootcheck->checks.rc_unixaudit == OS_INVALID)
 235             {
 236                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 237                 return(OS_INVALID);
 238             }
 239             #endif
 240         }
 241         else if (strcmp(node[i]->element, xml_check_winapps) == 0)
 242         {
 243             #ifdef WIN32
 244             rootcheck->checks.rc_winapps = eval_bool(node[i]->content);
 245             if (rootcheck->checks.rc_winapps == OS_INVALID)
 246             {
 247                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 248                 return(OS_INVALID);
 249             }
 250             #endif
 251         }
 252         else if (strcmp(node[i]->element, xml_check_winaudit) == 0)
 253         {
 254             #ifdef WIN32
 255             rootcheck->checks.rc_winaudit = eval_bool(node[i]->content);
 256             if (rootcheck->checks.rc_winaudit == OS_INVALID)
 257             {
 258                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 259                 return(OS_INVALID);
 260             }
 261             #endif
 262         }
 263         else if (strcmp(node[i]->element, xml_check_winmalware) == 0)
 264         {
 265             #ifdef WIN32
 266             rootcheck->checks.rc_winmalware = eval_bool(node[i]->content);
 267             if (rootcheck->checks.rc_winmalware == OS_INVALID)
 268             {
 269                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
 270                 return(OS_INVALID);
 271             }
 272             #endif
 273         }
 274         else
 275         {
 276             merror(XML_INVELEM, ARGV0, node[i]->element);
 277             return(OS_INVALID);
 278         }
 279         i++;
 280     }
 281     return(0);
 282 }
 283
 284 /* EOF */