novi upstream verzije 2.8.3

[ossec-hids.git] / src / analysisd / rules.c

diff --git a/src/analysisd/rules.c b/src/analysisd/rules.c
index d018cef..bf9c651 100755 (executable)
--- a/src/analysisd/rules.c
+++ b/src/analysisd/rules.c
@@ -36,6 +36,7 @@ int getattributes(char **attributes,
                   int *maxsize, int *timeframe,
                   int *frequency, int *accuracy,
                   int *noalert, int *ignore_time, int *overwrite);
+int doesRuleExist(int sid, RuleNode *r_node);
 
 
 void Rule_AddAR(RuleInfo *config_rule);
@@ -315,6 +316,13 @@ int Rules_OP_ReadRules(char * rulefile)
                     return(-1);
                 }
 
+                if(overwrite != 1 && doesRuleExist(id, NULL))
+                {
+                    merror("%s: Duplicate rule ID:%d",ARGV0, id);
+                    OS_ClearXML(&xml);
+                    return(-1);
+                }
+
                 /* Allocating memory and initializing structure */
                 config_ruleinfo = zerorulemember(id, level, maxsize,
                             frequency,timeframe,
@@ -849,7 +857,7 @@ int Rules_OP_ReadRules(char * rulefile)
                         }
                         else if(strcmp(rule_opt[k]->content,"windows") == 0)
                         {
-                            config_ruleinfo->category = WINDOWS;
+                            config_ruleinfo->category = DECODER_WINDOWS;
                         }
                         else if(strcmp(rule_opt[k]->content,"ossec") == 0)
                         {
@@ -2108,5 +2116,36 @@ int _setlevels(RuleNode *node, int nnode)
     return(l_size);
 }
 
+/* test if a rule id exists
+ * return 1 when exists
+ * return 0 when not
+ */
+int doesRuleExist(int sid, RuleNode *r_node)
+{
+    /* start from the beginning of the list by default */
+    if(!r_node)
+        r_node = OS_GetFirstRule();
+
+    while(r_node)
+    {
+        /* Checking if the sigid matches */
+        if(r_node->ruleinfo->sigid == sid)
+            return (1);
+
+        /* Checking if the rule has a child */
+        if(r_node->child)
+        {
+            /* check recursive */
+            if(doesRuleExist(sid, r_node->child))
+                return (1);
+        }
+
+        /* go to the next rule */
+        r_node = r_node->next;
+    }
+
+    return (0);
+}
+
 
 /* EOF */