projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.7
[ossec-hids.git]
/
src
/
syscheckd
/
run_realtime.c
diff --git
a/src/syscheckd/run_realtime.c
b/src/syscheckd/run_realtime.c
index
19f7c7b
..
839e5b8
100755
(executable)
--- a/
src/syscheckd/run_realtime.c
+++ b/
src/syscheckd/run_realtime.c
@@
-1,4
+1,5
@@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/syscheckd/run_realtime.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
@@
-113,7
+114,7
@@
int realtime_checksumfile(char *file_name)
#include <sys/inotify.h>
#include <sys/inotify.h>
-#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_TO|IN_DELETE|IN_MOVED_FROM
+#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF
#define REALTIME_EVENT_SIZE (sizeof (struct inotify_event))
#define REALTIME_EVENT_BUFFER (2048 * (REALTIME_EVENT_SIZE + 16))
#define REALTIME_EVENT_SIZE (sizeof (struct inotify_event))
#define REALTIME_EVENT_BUFFER (2048 * (REALTIME_EVENT_SIZE + 16))
@@
-139,7
+140,7
@@
int realtime_start()
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
- #endif
+ #endif
return(1);
}
return(1);
}
@@
-166,10
+167,10
@@
int realtime_adddir(char *dir)
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
- REALTIME_MONITOR_FLAGS);
+ REALTIME_MONITOR_FLAGS);
if(wd < 0)
{
if(wd < 0)
{
- merror("%s: ERROR: Unable to add directory to real time "
+ merror("%s: ERROR: Unable to add directory to real time "
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
@@
-211,13
+212,13
@@
int realtime_process()
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
- if (len < 0)
+ if (len < 0)
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
- }
+ }
else if (len > 0)
{
else if (len > 0)
{
- while (i < len)
+ while (i < len)
{
event = (struct inotify_event *) &buf[i];
{
event = (struct inotify_event *) &buf[i];
@@
-231,7
+232,7
@@
int realtime_process()
snprintf(wdchar, 32, "%d", event->wd);
snprintf(wdchar, 32, "%d", event->wd);
- snprintf(final_name, MAX_LINE, "%s/%s",
+ snprintf(final_name, MAX_LINE, "%s/%s",
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
@@
-280,7
+281,7
@@
void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
if(dwerror != ERROR_SUCCESS)
{
if(dwerror != ERROR_SUCCESS)
{
- merror("%s: ERROR: real time call back called, but error is set.",
+ merror("%s: ERROR: real time call back called, but error is set.",
ARGV0);
return;
}
ARGV0);
return;
}
@@
-292,12
+293,12
@@
void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
- merror("%s: ERROR: real time call back called, but hash is empty.",
+ merror("%s: ERROR: real time call back called, but hash is empty.",
ARGV0);
return;
}
ARGV0);
return;
}
-
+
do
{
do
{
@@
-369,11
+370,11
@@
int realtime_win32read(win32rtfim *rtlocald)
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
- &rtlocald->overlap,
+ &rtlocald->overlap,
RTCallBack);
if(rc == 0)
{
RTCallBack);
if(rc == 0)
{
- merror("%s: ERROR: Unable to set directory for monitoring: %s",
+ merror("%s: ERROR: Unable to set directory for monitoring: %s",
ARGV0, rtlocald->dir);
sleep(2);
}
ARGV0, rtlocald->dir);
sleep(2);
}
@@
-403,7
+404,7
@@
int realtime_adddir(char *dir)
os_calloc(1, sizeof(win32rtfim), rtlocald);
os_calloc(1, sizeof(win32rtfim), rtlocald);
-
+
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
@@
-414,8
+415,8
@@
int realtime_adddir(char *dir)
NULL);
NULL);
- if(rtlocald->h == INVALID_HANDLE_VALUE ||
- rtlocald->h == NULL)
+ if(rtlocald->h == INVALID_HANDLE_VALUE ||
+ rtlocald->h == NULL)
{
free(rtlocald);
rtlocald = NULL;
{
free(rtlocald);
rtlocald = NULL;
@@
-435,7
+436,7
@@
int realtime_adddir(char *dir)
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
- merror("%s: ERROR: Entry already in the real time hash: %s",
+ merror("%s: ERROR: Entry already in the real time hash: %s",
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);