-/* @(#) $Id$ */
+/* @(#) $Id: ./src/config/active-response.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
* Foundation
*/
-
+
#include "shared.h"
#include "os_xml/os_xml.h"
#include "os_regex/os_regex.h"
int i = 0;
int r_ar = 0;
int l_ar = 0;
+ int rpt = 0;
/* Xml options */
char *xml_ar_level = "level";
char *xml_ar_timeout = "timeout";
char *xml_ar_disabled = "disabled";
+ char *xml_ar_repeated = "repeated_offenders";
char *tmp_location;
merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH);
return(-1);
}
- chmod(DEFAULTARPATH, 0444);
+ chmod(DEFAULTARPATH, 0440);
/* Allocating for the active-response */
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
}
/* Command */
- if(strcmp(node[i]->element, xml_ar_command) == 0)
+ if(strcmp(node[i]->element, xml_ar_command) == 0)
{
tmp_ar->command = strdup(node[i]->content);
}
/* Target */
- else if(strcmp(node[i]->element, xml_ar_location) == 0)
+ else if(strcmp(node[i]->element, xml_ar_location) == 0)
{
tmp_location = strdup(node[i]->content);
}
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
return(OS_INVALID);
}
-
+
tmp_ar->level = atoi(node[i]->content);
/* Making sure the level is valid */
return(OS_INVALID);
}
}
+ else if(strcmp(node[i]->element, xml_ar_repeated) == 0)
+ {
+ /* Nothing - we deal with it on execd. */
+ rpt = 1;
+ }
else
{
merror(XML_INVELEM, ARGV0, node[i]->element);
return(OS_INVALID);
}
i++;
- }
+ }
/* Checking if ar is disabled */
if(ar_flag == -1)
/* Command and location must be there */
if(!tmp_ar->command || !tmp_location)
{
+ if(rpt == 1)
+ {
+ fclose(fp);
+ return(0);
+ }
merror(AR_MISS, ARGV0);
return(-1);
}
}
/* If we didn't set any value for the location */
- if(tmp_ar->location == 0)
+ if(tmp_ar->location == 0)
{
merror(AR_INV_LOC, ARGV0, tmp_location);
return(-1);
}
- /* cleaning tmp_location */
+ /* cleaning tmp_location */
free(tmp_location);
tmp_location = NULL;
{
ErrorExit(MEM_ERROR, ARGV0);
}
- snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
+ snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
tmp_ar->ar_cmd->name,
- tmp_ar->timeout);
+ tmp_ar->timeout);
/* Adding to shared file */
- fprintf(fp, "%s - %s - %d\n",
+ fprintf(fp, "%s - %s - %d\n",
tmp_ar->name,
tmp_ar->ar_cmd->executable,
tmp_ar->timeout);
{
ar_flag|= LOCAL_AR;
}
-
+
/* Closing shared file for active response */
fclose(fp);
tmp_command->timeout_allowed = 0;
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
merror(XML_VALUENULL, ARGV0, node[i]->element);
return(OS_INVALID);
}
- if(strcmp(node[i]->element, command_name) == 0)
+ if(strcmp(node[i]->element, command_name) == 0)
{
tmp_command->name = strdup(node[i]->content);
}
- else if(strcmp(node[i]->element, command_expect) == 0)
+ else if(strcmp(node[i]->element, command_expect) == 0)
{
tmp_str = strdup(node[i]->content);
}
/* Getting the expect */
- if(OS_Regex("user", tmp_str))
- tmp_command->expect |= USERNAME;
- if(OS_Regex("srcip", tmp_str))
- tmp_command->expect |= SRCIP;
+ if(strlen(tmp_str) >= 4)
+ {
+ if(OS_Regex("user", tmp_str))
+ tmp_command->expect |= USERNAME;
+ if(OS_Regex("srcip", tmp_str))
+ tmp_command->expect |= SRCIP;
+ }
free(tmp_str);
tmp_str = NULL;
projects / ossec-hids.git / blobdiff