X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Fdecoders%2Fhostinfo.c;fp=src%2Fanalysisd%2Fdecoders%2Fhostinfo.c;h=51c4e3a433849b161399fe7a761e4b1d6fb55f3d;hp=fa7c41408da052938cd60b0c3c4924f7611655ae;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/analysisd/decoders/hostinfo.c b/src/analysisd/decoders/hostinfo.c old mode 100755 new mode 100644 index fa7c414..51c4e3a --- a/src/analysisd/decoders/hostinfo.c +++ b/src/analysisd/decoders/hostinfo.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/analysisd/decoders/hostinfo.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -10,79 +7,66 @@ * Foundation */ - /* Hostinfo decoder */ - +#include "decoder.h" #include "config.h" #include "os_regex/os_regex.h" #include "eventinfo.h" #include "alerts/alerts.h" - #define HOSTINFO_FILE "/queue/fts/hostinfo" #define HOST_HOST "Host: " -#define HOST_PORT " open ports: " - +/*#define HOST_PORT " open ports: " #define HOST_CHANGED "Host information changed." -#define HOST_NEW "New host information added." +#define HOST_NEW "New host information added."*/ #define PREV_OPEN "Previously" - -/** Global variables **/ -int hi_err = 0; -int id_new = 0; -int id_mod = 0; -char _hi_buf[OS_MAXSTR +1]; -FILE *_hi_fp = NULL; - +/* Local variables */ +static int hi_err = 0; +static int id_new = 0; +static int id_mod = 0; +static char _hi_buf[OS_MAXSTR + 1]; +static FILE *_hi_fp = NULL; /* Hostinfo decoder */ -OSDecoderInfo *hostinfo_dec = NULL; - +static OSDecoderInfo *hostinfo_dec = NULL; -/* Check if the string matches. - */ -static char *__go_after(char *x, char *y) +/* Check if the string matches */ +static char *__go_after(char *x, const char *y) { - int x_s; - int y_s; + size_t x_s; + size_t y_s; /* X and Y must be not null */ - if(!x || !y) - return(NULL); + if (!x || !y) { + return (NULL); + } x_s = strlen(x); y_s = strlen(y); - if(x_s <= y_s) - { - return(NULL); + if (x_s <= y_s) { + return (NULL); } /* String does not match */ - if(strncmp(x,y,y_s) != 0) - { - return(NULL); + if (strncmp(x, y, y_s) != 0) { + return (NULL); } - x+=y_s; + x += y_s; - return(x); + return (x); } - - -/* HostinfoInit - * Initialize the necessary information to process the host information - */ +/* Initialize the necessary information to process the host information */ void HostinfoInit() { hi_err = 0; - - /* Zeroing decoder */ + /* Zero decoder */ os_calloc(1, sizeof(OSDecoderInfo), hostinfo_dec); hostinfo_dec->id = getDecoderfromlist(HOSTINFO_MOD); hostinfo_dec->type = OSSEC_RL; @@ -91,63 +75,49 @@ void HostinfoInit() id_new = getDecoderfromlist(HOSTINFO_NEW); id_mod = getDecoderfromlist(HOSTINFO_MOD); - - - /* Opening HOSTINFO_FILE */ - snprintf(_hi_buf,OS_SIZE_1024, "%s", HOSTINFO_FILE); - + /* Open HOSTINFO_FILE */ + snprintf(_hi_buf, OS_SIZE_1024, "%s", HOSTINFO_FILE); /* r+ to read and write. Do not truncate */ - _hi_fp = fopen(_hi_buf,"r+"); - if(!_hi_fp) - { - /* try opening with a w flag, file probably does not exist */ + _hi_fp = fopen(_hi_buf, "r+"); + if (!_hi_fp) { + /* Try opening with a w flag, file probably does not exist */ _hi_fp = fopen(_hi_buf, "w"); - if(_hi_fp) - { + if (_hi_fp) { fclose(_hi_fp); _hi_fp = fopen(_hi_buf, "r+"); } } - if(!_hi_fp) - { - merror(FOPEN_ERROR, ARGV0, _hi_buf); + if (!_hi_fp) { + merror(FOPEN_ERROR, ARGV0, _hi_buf, errno, strerror(errno)); return; } - - /* clearing the buffer */ - memset(_hi_buf, '\0', OS_MAXSTR +1); + /* Clear the buffer */ + memset(_hi_buf, '\0', OS_MAXSTR + 1); return; } - - -/* HI_File - * Return the file pointer to be used - */ -FILE *HI_File() +/* Return the file pointer to be used */ +static FILE *HI_File(void) { - if(_hi_fp) - { + if (_hi_fp) { fseek(_hi_fp, 0, SEEK_SET); - return(_hi_fp); + return (_hi_fp); } - return(NULL); + return (NULL); } - - /* Special decoder for Hostinformation * Not using the default rendering tools for simplicity - * and to be less resource intensive. + * and to be less resource intensive */ int DecodeHostinfo(Eventinfo *lf) { int changed = 0; - int bf_size; + size_t bf_size; char *ip; char *portss; @@ -157,129 +127,98 @@ int DecodeHostinfo(Eventinfo *lf) char opened[OS_MAXSTR + 1]; FILE *fp; - - /* Checking maximum number of errors */ - if(hi_err > 30) - { + /* Check maximum number of errors */ + if (hi_err > 30) { merror("%s: Too many errors handling host information db. " "Ignoring it.", ARGV0); - return(0); + return (0); } - - /* Zeroing buffers */ + /* Zero buffers */ buffer[OS_MAXSTR] = '\0'; opened[OS_MAXSTR] = '\0'; fp = HI_File(); - if(!fp) - { - merror("%s: Error handling host information database.",ARGV0); - hi_err++; /* Increment hi error */ - - return(0); + if (!fp) { + merror("%s: Error handling host information database.", ARGV0); + hi_err++; + return (0); } + /* Copy log to buffer */ + strncpy(buffer, lf->log, OS_MAXSTR); - /* Copying log to buffer */ - strncpy(buffer,lf->log, OS_MAXSTR); - - - /* Getting ip */ + /* Get IP */ tmpstr = __go_after(buffer, HOST_HOST); - if(!tmpstr) - { - merror("%s: Error handling host information database.",ARGV0); + if (!tmpstr) { + merror("%s: Error handling host information database.", ARGV0); hi_err++; - return(0); + return (0); } - - /* Setting ip */ + /* Setting IP */ ip = tmpstr; tmpstr = strchr(tmpstr, ','); - if(!tmpstr) - { - merror("%s: Error handling host information database.",ARGV0); + if (!tmpstr) { + merror("%s: Error handling host information database.", ARGV0); hi_err++; - return(0); + return (0); } *tmpstr = '\0'; tmpstr++; portss = tmpstr; - - /* Getting ip only information -- to store */ + /* Get IP only information -- to store */ tmpstr = strchr(ip, ' '); - if(tmpstr) - { + if (tmpstr) { *tmpstr = '\0'; } bf_size = strlen(ip); - - /* Reads the file and search for a possible - * entry - */ - while(fgets(_hi_buf, OS_MAXSTR -1, fp) != NULL) - { + /* Read the file and search for a possible entry */ + while (fgets(_hi_buf, OS_MAXSTR - 1, fp) != NULL) { /* Ignore blank lines and lines with a comment */ - if(_hi_buf[0] == '\n' || _hi_buf[0] == '#') - { + if (_hi_buf[0] == '\n' || _hi_buf[0] == '#') { continue; } - /* Removing new line */ + /* Remove newline */ tmpstr = strchr(_hi_buf, '\n'); - if(tmpstr) + if (tmpstr) { *tmpstr = '\0'; + } - - /* Checking for ip */ - if(strncmp(ip, _hi_buf, bf_size) == 0) - { + /* Check for IP */ + if (strncmp(ip, _hi_buf, bf_size) == 0) { /* Cannot use strncmp to avoid errors with crafted files */ - if(strcmp(portss, _hi_buf + bf_size) == 0) - { - return(0); - } - else - { + if (strcmp(portss, _hi_buf + bf_size) == 0) { + return (0); + } else { char *tmp_ports; - tmp_ports = _hi_buf + (bf_size +1); + tmp_ports = _hi_buf + (bf_size + 1); snprintf(opened, OS_MAXSTR, "%s %s", PREV_OPEN, tmp_ports); changed = 1; } } } - - /* Adding the new entry at the end of the file */ + /* Add the new entry at the end of the file */ fseek(fp, 0, SEEK_END); - fprintf(fp,"%s%s\n", ip, portss); - + fprintf(fp, "%s%s\n", ip, portss); - /* Setting decoder */ + /* Set decoder */ lf->decoder_info = hostinfo_dec; - - /* Setting comment */ - if(changed == 1) - { + /* Set comment */ + if (changed == 1) { hostinfo_dec->id = id_mod; - //lf->generated_rule->last_events[0] = opened; - } - else - { + /* lf->generated_rule->last_events[0] = opened; */ + } else { hostinfo_dec->id = id_new; } - - return(1); + return (1); } - - -/* EOF */