X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Fcompiled_rules%2Fgeneric_samples.c;h=57da7b0e1cd9e24a89286527e5553c05d2f1b40b;hp=9aae6bebc0986005d23f53e277945109c1fa5ffb;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/analysisd/compiled_rules/generic_samples.c b/src/analysisd/compiled_rules/generic_samples.c index 9aae6be..57da7b0 100644 --- a/src/analysisd/compiled_rules/generic_samples.c +++ b/src/analysisd/compiled_rules/generic_samples.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/analysisd/compiled_rules/generic_samples.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. @@ -8,7 +9,7 @@ * License (version 2) as published by the FSF - Free Software * Foundation. * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ @@ -19,10 +20,10 @@ -/** Note: If the rule fails to match it should return NULL. +/** Note: If the rule fails to match it should return NULL. * If you want processing to continue, return lf (the eventinfo structure). */ - + /* Example 1: @@ -114,17 +115,17 @@ void *comp_mswin_targetuser_calleruser_diff(Eventinfo *lf) if(*target_user != *caller_user) return(lf); - if(*target_user == '\t' || + if(*target_user == '\t' || (*target_user == ' ' && target_user[1] == ' ')) - break; + break; - target_user++;caller_user++; + target_user++;caller_user++; } /* If we got in here, the accounts are the same. * So, we return NULL since we only want to alert if they are different. - */ + */ return(NULL); } @@ -142,7 +143,7 @@ void *is_simple_http_request(Eventinfo *lf) return(lf); } - + /* Simple request, no query. */ if(!strchr(lf->url,'?')) {