-/* @(#) $Id: syscheck.c,v 1.53 2009/11/04 18:45:38 dcid Exp $ */
+/* @(#) $Id$ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
{
merror("%s: Error handling integrity database.",ARGV0);
sdb.db_err++; /* Increment db error */
+ lf->data = NULL;
return(0);
}
/* checksum match, we can just return and keep going */
if(strcmp(saved_sum, c_sum) == 0)
+ {
+ lf->data = NULL;
return(0);
+ }
/* If we reached here, the checksum of the file has changed */
break;
default:
+ lf->data = NULL;
return(0);
break;
}
snprintf(sdb.size, OS_FLSIZE,
"Size changed from '%s' to '%s'\n",
oldsize, newsize);
+
+ #ifdef PRELUDE
+ os_strdup(oldsize, lf->size_before);
+ os_strdup(newsize, lf->size_after);
+ #endif
}
/* Permission message */
}
else if(oldperm > 0 && newperm > 0)
{
+
snprintf(sdb.perm, OS_FLSIZE, "Permissions changed from "
"'%c%c%c%c%c%c%c%c%c' "
"to '%c%c%c%c%c%c%c%c%c'\n",
(newperm & S_ISVTX)? 't' :
(newperm & S_IXOTH)? 'x' : '-');
+
+ #ifdef PRELUDE
+ lf->perm_before = oldperm;
+ lf->perm_after = newperm;
+ #endif
}
/* Ownership message */
snprintf(sdb.owner, OS_FLSIZE, "Ownership was '%s', "
"now it is '%s'\n",
olduid, newuid);
+
+
+ #ifdef PRELUDE
+ os_strdup(olduid, lf->owner_before);
+ os_strdup(newuid, lf->owner_after);
+ #endif
}
/* group ownership message */
snprintf(sdb.gowner, OS_FLSIZE,"Group ownership was '%s', "
"now it is '%s'\n",
oldgid, newgid);
+ #ifdef PRELUDE
+ os_strdup(oldgid, lf->gowner_before);
+ os_strdup(newgid, lf->gowner_after);
+ #endif
}
/* md5 message */
snprintf(sdb.md5, OS_FLSIZE, "Old md5sum was: '%s'\n"
"New md5sum is : '%s'\n",
oldmd5, newmd5);
+ #ifdef PRELUDE
+ os_strdup(oldmd5, lf->md5_before);
+ os_strdup(newmd5, lf->md5_after);
+ #endif
}
/* sha1 */
snprintf(sdb.sha1, OS_FLSIZE, "Old sha1sum was: '%s'\n"
"New sha1sum is : '%s'\n",
oldsha1, newsha1);
+ #ifdef PRELUDE
+ os_strdup(oldsha1, lf->sha1_before);
+ os_strdup(newsha1, lf->sha1_after);
+ #endif
}
+ #ifdef PRELUDE
+ os_strdup(f_name, lf->filename);
+ #endif
/* Provide information about the file */
- snprintf(sdb.comment, 512, "Integrity checksum changed for: "
+ snprintf(sdb.comment, OS_MAXSTR, "Integrity checksum changed for: "
"'%.756s'\n"
"%s"
"%s"
"%s"
"%s"
"%s"
- "%s",
+ "%s"
+ "%s%s",
f_name,
sdb.size,
sdb.perm,
sdb.owner,
sdb.gowner,
sdb.md5,
- sdb.sha1);
+ sdb.sha1,
+ lf->data == NULL?"":"What changed:\n",
+ lf->data == NULL?"":lf->data
+ );
}
free(lf->full_log);
os_strdup(sdb.comment, lf->full_log);
lf->log = lf->full_log;
+ lf->data = NULL;
/* Setting decoder */
/* Setting decoder */
lf->decoder_info = sdb.syscheck_dec;
+ lf->data = NULL;
return(1);
}
+ lf->data = NULL;
return(0);
}
merror(SK_INV_MSG, ARGV0);
return(0);
}
-
-
+
+
/* Zeroing to get the check sum */
*f_name = '\0';
f_name++;
+ /* Getting diff. */
+ lf->data = strchr(f_name, '\n');
+ if(lf->data)
+ {
+ *lf->data = '\0';
+ lf->data++;
+ }
+ else
+ {
+ lf->data = NULL;
+ }
+
+
+
/* Checking if file is supposed to be ignored */
if(Config.syscheck_ignore)
{
{
if(strncasecmp(*ff_ig, f_name, strlen(*ff_ig)) == 0)
{
+ lf->data = NULL;
return(0);
}
projects / ossec-hids.git / blobdiff