projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.7
[ossec-hids.git]
/
src
/
syscheckd
/
create_db.c
diff --git
a/src/syscheckd/create_db.c
b/src/syscheckd/create_db.c
index
ff2a72b
..
91875cf
100755
(executable)
--- a/
src/syscheckd/create_db.c
+++ b/
src/syscheckd/create_db.c
@@
-1,4
+1,5
@@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/syscheckd/create_db.c, 2011/11/02 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
@@
-8,7
+9,7
@@
* License (version 2) as published by the FSF - Free Software
* Foundation
*
* License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
* online at: http://www.ossec.net/en/licensing.html
*/
@@
-39,7
+40,7
@@
int check_file(char *file_name)
/* New file */
sleep(1);
/* New file */
sleep(1);
-
+
debug2("%s: DEBUG: new file '%s'.", ARGV0, file_name);
return(0);
}
debug2("%s: DEBUG: new file '%s'.", ARGV0, file_name);
return(0);
}
@@
-54,7
+55,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
char *buf;
char sha1s = '+';
struct stat statbuf;
char *buf;
char sha1s = '+';
struct stat statbuf;
-
+
/* Checking if file is to be ignored */
if(syscheck.ignore)
/* Checking if file is to be ignored */
if(syscheck.ignore)
@@
-62,10
+63,10
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
int i = 0;
while(syscheck.ignore[i] != NULL)
{
int i = 0;
while(syscheck.ignore[i] != NULL)
{
- if(strncasecmp(syscheck.ignore[i], file_name,
+ if(strncasecmp(syscheck.ignore[i], file_name,
strlen(syscheck.ignore[i])) == 0)
{
strlen(syscheck.ignore[i])) == 0)
{
- return(0);
+ return(0);
}
i++;
}
i++;
@@
-78,7
+79,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
int i = 0;
while(syscheck.ignore_regex[i] != NULL)
{
int i = 0;
while(syscheck.ignore_regex[i] != NULL)
{
- if(OSMatch_Execute(file_name, strlen(file_name),
+ if(OSMatch_Execute(file_name, strlen(file_name),
syscheck.ignore_regex[i]))
{
return(0);
syscheck.ignore_regex[i]))
{
return(0);
@@
-98,7
+99,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
merror("%s: Error accessing '%s'.",ARGV0, file_name);
return(-1);
}
merror("%s: Error accessing '%s'.",ARGV0, file_name);
return(-1);
}
-
+
if(S_ISDIR(statbuf.st_mode))
{
#ifdef DEBUG
if(S_ISDIR(statbuf.st_mode))
{
#ifdef DEBUG
@@
-112,20
+113,20
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
/* restricting file types. */
if(restriction)
{
/* restricting file types. */
if(restriction)
{
- if(!OSMatch_Execute(file_name, strlen(file_name),
+ if(!OSMatch_Execute(file_name, strlen(file_name),
restriction))
{
return(0);
}
}
restriction))
{
return(0);
}
}
-
-
+
+
/* No S_ISLNK on windows */
#ifdef WIN32
/* No S_ISLNK on windows */
#ifdef WIN32
- else if(S_ISREG(statbuf.st_mode))
+ if(S_ISREG(statbuf.st_mode))
#else
#else
- else if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode))
- #endif
+ if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode))
+ #endif
{
os_md5 mf_sum;
os_sha1 sf_sum;
{
os_md5 mf_sum;
os_sha1 sf_sum;
@@
-152,7
+153,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
{
if(S_ISREG(statbuf_lnk.st_mode))
{
{
if(S_ISREG(statbuf_lnk.st_mode))
{
- if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0)
+ if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0)
{
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
{
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
@@
-160,12
+161,12
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
}
}
}
}
}
}
- else if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0)
+ else if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0)
#else
#else
- if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0)
+ if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0)
#endif
#endif
-
+
{
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
{
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
@@
-182,15
+183,15
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
if(opts & CHECK_SEECHANGES)
sha1s = 'n';
else
if(opts & CHECK_SEECHANGES)
sha1s = 'n';
else
- sha1s = '-';
+ sha1s = '-';
}
}
-
-
+
+
buf = OSHash_Get(syscheck.fp, file_name);
if(!buf)
{
char alert_msg[912 +1];
buf = OSHash_Get(syscheck.fp, file_name);
if(!buf)
{
char alert_msg[912 +1];
-
+
alert_msg[912] = '\0';
if(opts & CHECK_SEECHANGES)
alert_msg[912] = '\0';
if(opts & CHECK_SEECHANGES)
@@
-203,7
+204,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
}
}
}
}
-
+
snprintf(alert_msg, 912, "%c%c%c%c%c%c%d:%d:%d:%d:%s:%s",
opts & CHECK_SIZE?'+':'-',
opts & CHECK_PERM?'+':'-',
snprintf(alert_msg, 912, "%c%c%c%c%c%c%d:%d:%d:%d:%s:%s",
opts & CHECK_SIZE?'+':'-',
opts & CHECK_PERM?'+':'-',
@@
-225,8
+226,8
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
/* Sending the new checksum to the analysis server */
/* Sending the new checksum to the analysis server */
- alert_msg[912 +1] = '\0';
- snprintf(alert_msg, 912, "%d:%d:%d:%d:%s:%s %s",
+ alert_msg[912] = '\0';
+ snprintf(alert_msg, 912, "%d:%d:%d:%d:%s:%s %s",
opts & CHECK_SIZE?(int)statbuf.st_size:0,
opts & CHECK_PERM?(int)statbuf.st_mode:0,
opts & CHECK_OWNER?(int)statbuf.st_uid:0,
opts & CHECK_SIZE?(int)statbuf.st_size:0,
opts & CHECK_PERM?(int)statbuf.st_mode:0,
opts & CHECK_OWNER?(int)statbuf.st_uid:0,
@@
-240,7
+241,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
{
char alert_msg[OS_MAXSTR +1];
char c_sum[256 +2];
{
char alert_msg[OS_MAXSTR +1];
char c_sum[256 +2];
-
+
c_sum[0] = '\0';
c_sum[256] = '\0';
alert_msg[0] = '\0';
c_sum[0] = '\0';
c_sum[256] = '\0';
alert_msg[0] = '\0';
@@
-276,8
+277,8
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
send_syscheck_msg(alert_msg);
}
}
send_syscheck_msg(alert_msg);
}
}
-
-
+
+
/* Sleeping in here too */
if(__counter >= (syscheck.sleep_after))
{
/* Sleeping in here too */
if(__counter >= (syscheck.sleep_after))
{
@@
-287,7
+288,7
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
__counter++;
__counter++;
- #ifdef DEBUG
+ #ifdef DEBUG
verbose("%s: file '%s %s'",ARGV0, file_name, mf_sum);
#endif
}
verbose("%s: file '%s %s'",ARGV0, file_name, mf_sum);
#endif
}
@@
-308,11
+309,11
@@
int read_file(char *file_name, int opts, OSMatch *restriction)
int read_dir(char *dir_name, int opts, OSMatch *restriction)
{
int dir_size;
int read_dir(char *dir_name, int opts, OSMatch *restriction)
{
int dir_size;
-
- char f_name[PATH_MAX +2];
+
+ char f_name[PATH_MAX +2];
DIR *dp;
DIR *dp;
-
- struct dirent *entry;
+
+ struct dirent *entry;
f_name[PATH_MAX +1] = '\0';
f_name[PATH_MAX +1] = '\0';
@@
-321,21
+322,21
@@
int read_dir(char *dir_name, int opts, OSMatch *restriction)
if((dir_name == NULL)||((dir_size = strlen(dir_name)) > PATH_MAX))
{
merror(NULL_ERROR, ARGV0);
if((dir_name == NULL)||((dir_size = strlen(dir_name)) > PATH_MAX))
{
merror(NULL_ERROR, ARGV0);
-
+
return(-1);
}
return(-1);
}
-
-
+
+
/* Opening the directory given */
dp = opendir(dir_name);
/* Opening the directory given */
dp = opendir(dir_name);
- if(!dp)
+ if(!dp)
{
if(errno == ENOTDIR)
{
if(read_file(dir_name, opts, restriction) == 0)
return(0);
}
{
if(errno == ENOTDIR)
{
if(read_file(dir_name, opts, restriction) == 0)
return(0);
}
-
+
#ifdef WIN32
int di = 0;
char *(defaultfilesn[])= {
#ifdef WIN32
int di = 0;
char *(defaultfilesn[])= {
@@
-359,20
+360,20
@@
int read_dir(char *dir_name, int opts, OSMatch *restriction)
if(defaultfilesn[di] == NULL)
{
merror("%s: WARN: Error opening directory: '%s': %s ",
if(defaultfilesn[di] == NULL)
{
merror("%s: WARN: Error opening directory: '%s': %s ",
- ARGV0, dir_name, strerror(errno));
+ ARGV0, dir_name, strerror(errno));
}
}
-
+
#else
#else
-
+
merror("%s: WARN: Error opening directory: '%s': %s ",
ARGV0,
dir_name,
strerror(errno));
#endif
merror("%s: WARN: Error opening directory: '%s': %s ",
ARGV0,
dir_name,
strerror(errno));
#endif
-
+
return(-1);
}
return(-1);
}
-
+
/* Checking for real time flag. */
if(opts & CHECK_REALTIME)
/* Checking for real time flag. */
if(opts & CHECK_REALTIME)
@@
-386,26
+387,28
@@
int read_dir(char *dir_name, int opts, OSMatch *restriction)
while((entry = readdir(dp)) != NULL)
{
char *s_name;
while((entry = readdir(dp)) != NULL)
{
char *s_name;
-
+
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
continue;
continue;
-
+
strncpy(f_name, dir_name, PATH_MAX);
strncpy(f_name, dir_name, PATH_MAX);
-
+
s_name = f_name;
s_name = f_name;
-
+
s_name += dir_size;
/* checking if the file name is already null terminated */
if(*(s_name-1) != '/')
*s_name++ = '/';
s_name += dir_size;
/* checking if the file name is already null terminated */
if(*(s_name-1) != '/')
*s_name++ = '/';
-
+
*s_name = '\0';
*s_name = '\0';
-
+
strncpy(s_name, entry->d_name, PATH_MAX - dir_size -2);
strncpy(s_name, entry->d_name, PATH_MAX - dir_size -2);
+
+ /* Check integrity of the file */
read_file(f_name, opts, restriction);
}
read_file(f_name, opts, restriction);
}
@@
-420,11
+423,11
@@
int run_dbcheck()
int i = 0;
__counter = 0;
int i = 0;
__counter = 0;
- do
+ while(syscheck.dir[i] != NULL)
{
read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i]);
i++;
{
read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i]);
i++;
- }while(syscheck.dir[i] != NULL);
+ }
return(0);
}
return(0);
}
@@
-443,7
+446,7
@@
int create_db()
{
ErrorExit("%s: Unable to create syscheck database."
". Exiting.",ARGV0);
{
ErrorExit("%s: Unable to create syscheck database."
". Exiting.",ARGV0);
- return(0);
+ return(0);
}
if(!OSHash_setSize(syscheck.fp, 2048))
}
if(!OSHash_setSize(syscheck.fp, 2048))
@@
-452,14
+455,14
@@
int create_db()
return(0);
}
return(0);
}
-
+
/* dir_name can't be null */
if((syscheck.dir == NULL) || (syscheck.dir[0] == NULL))
{
merror("%s: No directories to check.",ARGV0);
return(-1);
}
/* dir_name can't be null */
if((syscheck.dir == NULL) || (syscheck.dir[0] == NULL))
{
merror("%s: No directories to check.",ARGV0);
return(-1);
}
-
+
merror("%s: INFO: Starting syscheck database (pre-scan).", ARGV0);
merror("%s: INFO: Starting syscheck database (pre-scan).", ARGV0);
@@
-480,7
+483,11
@@
int create_db()
i++;
}while(syscheck.dir[i] != NULL);
i++;
}while(syscheck.dir[i] != NULL);
-
+ #if defined (USEINOTIFY) || defined (WIN32)
+ if(syscheck.realtime && (syscheck.realtime->fd >= 0))
+ verbose("%s: INFO: Real time file monitoring started.", ARGV0);
+ #endif
+
merror("%s: INFO: Finished creating syscheck database (pre-scan "
"completed).", ARGV0);
return(0);
merror("%s: INFO: Finished creating syscheck database (pre-scan "
"completed).", ARGV0);
return(0);