-/* @(#) $Id: common_rcl.c,v 1.17 2009/06/24 18:53:07 dcid Exp $ */
+/* @(#) $Id: ./src/rootcheck/common_rcl.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/main/license/
*/
-
+
#include "shared.h"
#include "rootcheck.h"
#define RKCL_COND_ALL 0x001
#define RKCL_COND_ANY 0x002
#define RKCL_COND_REQ 0x004
-#define RKCL_COND_INV 0x010
+#define RKCL_COND_INV 0x010
final_file[0] = '\0';
final_file[2048] = '\0';
-
+
ExpandEnvironmentStrings("%WINDIR%", final_file, 2047);
tmp = strchr(final_file, '\\');
strncpy(root_dir, final_file, dir_size);
return(root_dir);
}
-
+
return(NULL);
#endif
char *var_name;
char *var_value;
char *tmp;
-
+
/* If not a variable, return 0 */
if(*nbuf != '$')
{
{
return(-1);
}
-
+
/* Getting value. */
tmp = strchr(nbuf, '=');
{
char *tmp_location;
char *tmp_location2;
-
+
*condition = 0;
/* Checking if name is valid */
return(NULL);
}
*tmp_location = '\0';
-
-
+
+
/* Getting condition */
tmp_location++;
if(*tmp_location != ' ' && tmp_location[1] != '[')
}
*tmp_location2 = '\0';
tmp_location2++;
-
-
+
+
/* Getting condition */
if(strcmp(tmp_location, "all") == 0)
{
*tmp_location = '\0';
/* Copying reference */
- strncpy(ref, tmp_location2, 255);
+ strncpy(ref, tmp_location2, 255);
return(strdup(buf));
}
*value = '\0';
value++;
-
+
tmp_str = strchr(value, ';');
if(tmp_str == NULL)
{
return(NULL);
}
*tmp_str = '\0';
-
+
/* Getting types - removing negate flag (using later) */
if(*buf == '!')
{
buf++;
}
-
+
if(strcmp(buf, "f") == 0)
{
*type = RKCL_TYPE_FILE;
memset(final_file, '\0', sizeof(final_file));
memset(ref, '\0', sizeof(ref));
-
+
root_dir_len = sizeof(root_dir) -1;
_rkcl_getrootdir(root_dir, root_dir_len);
if(root_dir[0] == '\0')
{
- merror(INVALID_ROOTDIR, ARGV0);
+ merror(INVALID_ROOTDIR, ARGV0);
}
- #endif
+ #endif
/* Getting variables */
vars = OSStore_Create();
-
+
/* We first read all variables -- they must be defined at the top. */
while(1)
merror(INVALID_RKCL_NAME, ARGV0, nbuf);
goto clean_return;
}
-
+
/* Getting the real entries. */
do
{
int g_found = 0;
-
-
+
+
/* Getting entry name */
if(name == NULL)
{
int negate = 0;
int found = 0;
value = NULL;
-
+
nbuf = _rkcl_getfp(fp, buf);
if(nbuf == NULL)
{
break;
}
-
+
/* We first try to get the name, looking for new entries */
if(_rkcl_is_name(nbuf))
{
break;
}
-
-
+
+
/* Getting value to look for */
value = _rkcl_get_value(nbuf, &type);
if(value == NULL)
continue;
}
}
-
+
#ifdef WIN32
else if(value[0] == '\\')
{
final_file[0] = '\0';
final_file[sizeof(final_file) -1] = '\0';
-
- snprintf(final_file, sizeof(final_file) -2, "%s%s",
+
+ snprintf(final_file, sizeof(final_file) -2, "%s%s",
root_dir, value);
f_value = final_file;
}
{
final_file[0] = '\0';
final_file[sizeof(final_file) -1] = '\0';
-
- ExpandEnvironmentStrings(value, final_file,
+
+ ExpandEnvironmentStrings(value, final_file,
sizeof(final_file) -2);
f_value = final_file;
}
found = 1;
}
}
-
+
/* Checking for a registry entry */
else if(type == RKCL_TYPE_REGISTRY)
{
char *entry = NULL;
char *pattern = NULL;
-
-
+
+
/* Looking for additional entries in the registry
* and a pattern to match.
*/
{
pattern = _rkcl_get_pattern(entry);
}
-
-
+
+
#ifdef WIN32
debug2("%s: DEBUG: Checking registry: '%s'.", ARGV0, value);
if(is_registry(value, entry, pattern))
char *f_value = NULL;
char *dir = NULL;
-
+
file = _rkcl_get_pattern(value);
if(file)
{
f_value = value;
}
-
+
/* Checking for multiple, comma separated directories. */
dir = f_value;
f_value = strchr(dir, ',');
{
*f_value = '\0';
}
-
+
while(dir)
{
debug2("%s: DEBUG: Found dir.", ARGV0);
found = 1;
}
-
+
if(f_value)
{
*f_value = ',';
f_value++;
-
+
dir = f_value;
-
+
f_value = strchr(dir, ',');
if(f_value)
{
}
}
}
-
+
/* Checking for a process. */
else if(type == RKCL_TYPE_PROCESS)
}
}
}while(value != NULL);
-
-
+
+
/* Alerting if necessary */
if(g_found == 1)
{
char op_msg[OS_SIZE_1024 +1];
char **p_alert_msg = rootcheck.alert_msg;
- while(1)
+ while(1)
{
if(ref[0] != '\0')
{
snprintf(op_msg, OS_SIZE_1024, "%s %s.%s"
- " Reference: %s .",msg, name,
+ " Reference: %s .",msg, name,
p_alert_msg[j]?p_alert_msg[j]:"\0",
ref);
}
else
{
- snprintf(op_msg, OS_SIZE_1024, "%s %s.%s",msg,
+ snprintf(op_msg, OS_SIZE_1024, "%s %s.%s",msg,
name, p_alert_msg[j]?p_alert_msg[j]:"\0");
}
goto clean_return;
}
}
-
+
/* Ending if we don't have anything else. */
if(!nbuf)
free(name);
name = NULL;
}
-
+
/* Getting name already read */
name = _rkcl_get_name(nbuf, ref, &condition);
name = NULL;
}
vars = OSStore_Free(vars);
-
-
+
+
return(1);
}