src/rootcheck/check_rc_dev.c

   1 /* @(#) $Id: ./src/rootcheck/check_rc_dev.c, 2011/09/08 dcid Exp $
   2  */
   3
   4 /* Copyright (C) 2009 Trend Micro Inc.
   5  * All right reserved.
   6  *
   7  * This program is a free software; you can redistribute it
   8  * and/or modify it under the terms of the GNU General Public
   9  * License (version 2) as published by the FSF - Free Software
  10  * Foundation
  11  */
  12
  13
  14 #ifndef WIN32
  15 #include "shared.h"
  16 #include "rootcheck.h"
  17
  18 int _dev_errors;
  19 int _dev_total;
  20
  21 /** Prototypes **/
  22 int read_dev_dir(char *dir_name);
  23
  24 int read_dev_file(char *file_name)
  25 {
  26     struct stat statbuf;
  27
  28     if(lstat(file_name, &statbuf) < 0)
  29     {
  30         return(-1);
  31     }
  32
  33     if(S_ISDIR(statbuf.st_mode))
  34     {
  35         #ifdef DEBUG
  36         verbose("%s: Reading dir: %s\n",ARGV0, file_name);
  37         #endif
  38
  39         return(read_dev_dir(file_name));
  40     }
  41
  42     else if(S_ISREG(statbuf.st_mode))
  43     {
  44         char op_msg[OS_SIZE_1024 +1];
  45
  46         snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev."
  47                                     " Possible hidden file.", file_name);
  48         notify_rk(ALERT_SYSTEM_CRIT, op_msg);
  49
  50         _dev_errors++;
  51     }
  52
  53     return(0);
  54 }
  55
  56 /* read_dir v0.1
  57  *
  58  */
  59 int read_dev_dir(char *dir_name)
  60 {
  61     int i;
  62
  63     DIR *dp;
  64
  65         struct dirent *entry;
  66
  67     /* when will these people learn that dev is not
  68      * meant to store log files or other kind of texts..
  69      */
  70     char *(ignore_dev[]) = {"MAKEDEV","README.MAKEDEV",
  71                             "MAKEDEV.README", ".udevdb",
  72                             ".udev.tdb", ".initramfs-tools",
  73                             "MAKEDEV.local", ".udev", ".initramfs",
  74                             "oprofile","fd","cgroup",
  75     #ifdef SOLARIS
  76                             ".devfsadm_dev.lock",
  77                             ".devlink_db_lock",
  78                             ".devlink_db",
  79                             ".devfsadm_daemon.lock",
  80                             ".devfsadm_deamon.lock",
  81                             ".devfsadm_synch_door",
  82                             ".zone_reg_door",
  83     #endif
  84                             NULL};
  85
  86
  87     /* Full path ignore */
  88     char *(ignore_dev_full_path[]) = {"/dev/shm/sysconfig",
  89                                       "/dev/bus/usb/.usbfs",
  90                                       "/dev/shm",
  91                                       "/dev/gpmctl",
  92                                       NULL};
  93
  94     if((dir_name == NULL)||(strlen(dir_name) > PATH_MAX))
  95     {
  96         merror("%s: Invalid directory given.",ARGV0);
  97         return(-1);
  98     }
  99
 100     /* Opening the directory given */
 101     dp = opendir(dir_name);
 102         if(!dp)
 103     {
 104         return(-1);
 105     }
 106
 107     while((entry = readdir(dp)) != NULL)
 108     {
 109         char f_name[PATH_MAX +2];
 110
 111         /* Just ignore . and ..  */
 112         if((strcmp(entry->d_name,".") == 0) ||
 113            (strcmp(entry->d_name,"..") == 0))
 114             continue;
 115
 116         _dev_total++;
 117
 118         /* Do not look for the ignored files */
 119         for(i = 0;ignore_dev[i] != NULL;i++)
 120         {
 121             if(strcmp(ignore_dev[i], entry->d_name) == 0)
 122                 break;
 123         }
 124
 125         if(ignore_dev[i] != NULL)
 126             continue;
 127
 128         f_name[PATH_MAX +1] = '\0';
 129         snprintf(f_name, PATH_MAX +1, "%s/%s",dir_name, entry->d_name);
 130
 131
 132         /* Do not look for the full ignored files */
 133         for(i = 0;ignore_dev_full_path[i] != NULL;i++)
 134         {
 135             if(strcmp(ignore_dev_full_path[i], f_name) == 0)
 136                 break;
 137         }
 138
 139
 140         /* Checking against the full path. */
 141         if(ignore_dev_full_path[i] != NULL)
 142         {
 143             continue;
 144         }
 145
 146
 147         read_dev_file(f_name);
 148
 149     }
 150
 151     closedir(dp);
 152
 153     return(0);
 154 }
 155
 156
 157 /*  check_rc_dev: v0.1
 158  *
 159  */
 160 void check_rc_dev(char *basedir)
 161 {
 162     char file_path[OS_SIZE_1024 +1];
 163
 164     _dev_total = 0, _dev_errors = 0;
 165
 166     debug1("%s: DEBUG: Starting on check_rc_dev", ARGV0);
 167
 168     snprintf(file_path, OS_SIZE_1024, "%s/dev", basedir);
 169
 170     read_dev_dir(file_path);
 171
 172     if(_dev_errors == 0)
 173     {
 174         char op_msg[OS_SIZE_1024 +1];
 175         snprintf(op_msg, OS_SIZE_1024, "No problem detected on the /dev "
 176                                     "directory. Analyzed %d files",
 177                                     _dev_total);
 178         notify_rk(ALERT_OK, op_msg);
 179     }
 180
 181     return;
 182 }
 183
 184 /* EOF */
 185
 186 #else
 187 /* Windows */
 188 void check_rc_dev(char *basedir)
 189 {
 190     return;
 191 }
 192 #endif