X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Ffts.c;h=9ab65c6681f5a138fa29b859097716e759489cae;hp=2f155bf84ee2e20903e28d135d7aba312d265710;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554

diff --git a/src/analysisd/fts.c b/src/analysisd/fts.c
index 2f155bf..9ab65c6 100755
--- a/src/analysisd/fts.c
+++ b/src/analysisd/fts.c
@@ -1,4 +1,5 @@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/analysisd/fts.c, 2011/09/08 dcid Exp $
+ */
 
 /* Copyright (C) 2009 Trend Micro Inc.
  * All rights reserved.
@@ -8,12 +9,12 @@
  * License (version 2) as published by the FSF - Free Software
  * Foundation.
  *
- * License details at the LICENSE file included with OSSEC or 
+ * License details at the LICENSE file included with OSSEC or
  * online at: http://www.ossec.net/en/licensing.html
  */
 
 
-/* First time seen functions 
+/* First time seen functions
  */
 
 
@@ -38,8 +39,8 @@ int FTS_Init()
     char _line[OS_FLSIZE + 1];
 
     _line[OS_FLSIZE] = '\0';
-            
-    
+
+
     fts_list = OSList_Create();
     if(!fts_list)
     {
@@ -59,7 +60,7 @@ int FTS_Init()
         merror(LIST_ERROR, ARGV0);
         return(0);
     }
-    
+
 
     /* Getting default list size */
     fts_list_size = getDefine_Int("analysisd",
@@ -70,7 +71,7 @@ int FTS_Init()
     fts_minsize_for_str = getDefine_Int("analysisd",
                                         "fts_min_size_for_str",
                                         6, 128);
-    
+
     if(!OSList_SetMaxSize(fts_list, fts_list_size))
     {
         merror(LIST_SIZE_ERROR, ARGV0);
@@ -86,7 +87,14 @@ int FTS_Init()
         fp_list = fopen(FTS_QUEUE, "w+");
         if(fp_list)
             fclose(fp_list);
-        
+
+        chmod(FTS_QUEUE, 0640);
+
+        int uid = Privsep_GetUser(USER);
+        int gid = Privsep_GetGroup(GROUPGLOBAL);
+        if(uid>=0 && gid>=0)
+            chown(FTS_QUEUE, uid, gid);
+
         fp_list = fopen(FTS_QUEUE, "r+");
         if(!fp_list)
         {
@@ -118,7 +126,7 @@ int FTS_Init()
         }
     }
 
-    
+
     /* Creating ignore list */
     fp_ignore = fopen(IG_QUEUE, "r+");
     if(!fp_ignore)
@@ -127,7 +135,14 @@ int FTS_Init()
         fp_ignore = fopen(IG_QUEUE, "w+");
         if(fp_ignore)
             fclose(fp_ignore);
-        
+
+        chmod(IG_QUEUE, 0640);
+
+        int uid = Privsep_GetUser(USER);
+        int gid = Privsep_GetGroup(GROUPGLOBAL);
+        if(uid>=0 && gid>=0)
+            chown(IG_QUEUE, uid, gid);
+
         fp_ignore = fopen(IG_QUEUE, "r+");
         if(!fp_ignore)
         {
@@ -137,7 +152,7 @@ int FTS_Init()
     }
 
     debug1("%s: DEBUG: FTSInit completed.", ARGV0);
-                                                            
+
     return(1);
 }
 
@@ -145,12 +160,12 @@ int FTS_Init()
  */
 void AddtoIGnore(Eventinfo *lf)
 {
-    fseek(fp_ignore, 0, SEEK_END);    
+    fseek(fp_ignore, 0, SEEK_END);
 
     #ifdef TESTRULE
     return;
     #endif
-    
+
     /* Assigning the values to the FTS */
     fprintf(fp_ignore, "%s %s %s %s %s %s %s %s\n",
             (lf->decoder_info->name && (lf->generated_rule->ignore & FTS_NAME))?
@@ -163,9 +178,9 @@ void AddtoIGnore(Eventinfo *lf)
             (lf->dstip && (lf->generated_rule->ignore & FTS_DSTIP))?
                         lf->dstip:"",
             (lf->data && (lf->generated_rule->ignore & FTS_DATA))?
-                        lf->data:"",            
+                        lf->data:"",
             (lf->systemname && (lf->generated_rule->ignore & FTS_SYSTEMNAME))?
-                        lf->systemname:"",            
+                        lf->systemname:"",
             (lf->generated_rule->ignore & FTS_LOCATION)?lf->location:"");
 
     fflush(fp_ignore);
@@ -200,7 +215,7 @@ int IGnore(Eventinfo *lf)
             (lf->data && (lf->generated_rule->ignore & FTS_DATA))?
                             lf->data:"",
             (lf->systemname && (lf->generated_rule->ignore & FTS_SYSTEMNAME))?
-                            lf->systemname:"",                                
+                            lf->systemname:"",
             (lf->generated_rule->ckignore & FTS_LOCATION)?lf->location:"");
 
     _fline[OS_FLSIZE] = '\0';
@@ -225,13 +240,13 @@ int IGnore(Eventinfo *lf)
 /* FTS v0.1
  *  Check if the word "msg" is present on the "queue".
  *  If it is not, write it there.
- */ 
+ */
 int FTS(Eventinfo *lf)
 {
     int number_of_matches = 0;
 
     char _line[OS_FLSIZE + 1];
-    
+
     char *line_for_list = NULL;
 
     OSListNode *fts_node;
@@ -256,9 +271,9 @@ int FTS(Eventinfo *lf)
     if(OSHash_Get(fts_store, _line))
     {
         return(0);
-    }        
+    }
+
 
-    
     /* Checking if from the last FTS events, we had
      * at least 3 "similars" before. If yes, we just
      * ignore it.
@@ -268,7 +283,7 @@ int FTS(Eventinfo *lf)
         fts_node = OSList_GetLastNode(fts_list);
         while(fts_node)
         {
-            if(OS_StrHowClosedMatch((char *)fts_node->data, _line) > 
+            if(OS_StrHowClosedMatch((char *)fts_node->data, _line) >
                     fts_minsize_for_str)
             {
                 number_of_matches++;
@@ -287,8 +302,8 @@ int FTS(Eventinfo *lf)
         os_strdup(_line, line_for_list);
         OSList_AddData(fts_list, line_for_list);
     }
-    
-    
+
+
     /* Storing new entry */
     if(line_for_list == NULL)
     {
@@ -300,12 +315,12 @@ int FTS(Eventinfo *lf)
         return(0);
     }
 
-    
+
     #ifdef TESTRULE
     return(1);
     #endif
-    
-    
+
+
     /* Saving to fts fp */	
     fseek(fp_list, 0, SEEK_END);
     fprintf(fp_list,"%s\n", _line);