X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fconfig%2Factive-response.c;h=72e470b20cff97bcd318ec5aff19bb04bca10737;hp=20e0cf6672ead0e51feda80c625bdc2de50ea21a;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554

diff --git a/src/config/active-response.c b/src/config/active-response.c
index 20e0cf6..72e470b 100755
--- a/src/config/active-response.c
+++ b/src/config/active-response.c
@@ -1,4 +1,5 @@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/config/active-response.c, 2011/09/08 dcid Exp $
+ */
 
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
@@ -9,7 +10,7 @@
  * Foundation
  */
 
- 
+
 #include "shared.h"
 #include "os_xml/os_xml.h"
 #include "os_regex/os_regex.h"
@@ -26,6 +27,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     int i = 0;
     int r_ar = 0;
     int l_ar = 0;
+    int rpt = 0;
 
 
     /* Xml options */
@@ -37,6 +39,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     char *xml_ar_level = "level";
     char *xml_ar_timeout = "timeout";
     char *xml_ar_disabled = "disabled";
+    char *xml_ar_repeated = "repeated_offenders";
 
     char *tmp_location;
 
@@ -52,7 +55,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
         merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH);
         return(-1);
     }
-    chmod(DEFAULTARPATH, 0444);
+    chmod(DEFAULTARPATH, 0440);
 
 
     /* Allocating for the active-response */
@@ -77,7 +80,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
 
 
 
-    /* Searching for the commands */ 
+    /* Searching for the commands */
     while(node[i])
     {
         if(!node[i]->element)
@@ -92,12 +95,12 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
         }
 
         /* Command */
-        if(strcmp(node[i]->element, xml_ar_command) == 0)    
+        if(strcmp(node[i]->element, xml_ar_command) == 0)
         {
             tmp_ar->command = strdup(node[i]->content);
         }
         /* Target */
-        else if(strcmp(node[i]->element, xml_ar_location) == 0)    
+        else if(strcmp(node[i]->element, xml_ar_location) == 0)
         {
             tmp_location = strdup(node[i]->content);
         }
@@ -121,7 +124,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
                 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                 return(OS_INVALID);
             }
-                                                                            
+
             tmp_ar->level = atoi(node[i]->content);
 
             /* Making sure the level is valid */
@@ -151,13 +154,18 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
                 return(OS_INVALID);
             }
         }
+        else if(strcmp(node[i]->element, xml_ar_repeated) == 0)
+        {
+            /* Nothing - we deal with it on execd. */
+            rpt = 1;
+        }
         else
         {
             merror(XML_INVELEM, ARGV0, node[i]->element);
             return(OS_INVALID);
         }
         i++;
-    } 
+    }
 
     /* Checking if ar is disabled */
     if(ar_flag == -1)
@@ -169,6 +177,11 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     /* Command and location must be there */
     if(!tmp_ar->command || !tmp_location)
     {
+        if(rpt == 1)
+        {
+            fclose(fp);
+            return(0);
+        }
         merror(AR_MISS, ARGV0);
         return(-1);
     }
@@ -201,14 +214,14 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     }
 
     /* If we didn't set any value for the location */
-    if(tmp_ar->location == 0) 
+    if(tmp_ar->location == 0)
     {
         merror(AR_INV_LOC, ARGV0, tmp_location);
         return(-1);
     }
 
 
-    /* cleaning tmp_location */ 
+    /* cleaning tmp_location */
     free(tmp_location);
     tmp_location = NULL;
 
@@ -261,13 +274,13 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     {
         ErrorExit(MEM_ERROR, ARGV0);
     }
-    snprintf(tmp_ar->name, OS_FLSIZE, "%s%d", 
+    snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
             tmp_ar->ar_cmd->name,
-            tmp_ar->timeout);  
+            tmp_ar->timeout);
 
 
     /* Adding to shared file */
-    fprintf(fp, "%s - %s - %d\n", 
+    fprintf(fp, "%s - %s - %d\n",
             tmp_ar->name,
             tmp_ar->ar_cmd->executable,
             tmp_ar->timeout);
@@ -301,7 +314,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
     {
         ar_flag|= LOCAL_AR;
     }
-    
+
     /* Closing shared file for active response */
     fclose(fp);
 
@@ -342,7 +355,7 @@ int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
     tmp_command->timeout_allowed = 0;
 
 
-    /* Searching for the commands */ 
+    /* Searching for the commands */
     while(node[i])
     {
         if(!node[i]->element)
@@ -355,11 +368,11 @@ int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
             merror(XML_VALUENULL, ARGV0, node[i]->element);
             return(OS_INVALID);
         }
-        if(strcmp(node[i]->element, command_name) == 0)    
+        if(strcmp(node[i]->element, command_name) == 0)
         {
             tmp_command->name = strdup(node[i]->content);
         }
-        else if(strcmp(node[i]->element, command_expect) == 0)    
+        else if(strcmp(node[i]->element, command_expect) == 0)
         {
             tmp_str = strdup(node[i]->content);
         }
@@ -395,10 +408,13 @@ int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
 
 
     /* Getting the expect */
-    if(OS_Regex("user", tmp_str))
-        tmp_command->expect |= USERNAME;
-    if(OS_Regex("srcip", tmp_str))
-        tmp_command->expect |= SRCIP;
+    if(strlen(tmp_str) >= 4)
+    {
+        if(OS_Regex("user", tmp_str))
+            tmp_command->expect |= USERNAME;
+        if(OS_Regex("srcip", tmp_str))
+            tmp_command->expect |= SRCIP;
+    }
 
     free(tmp_str);
     tmp_str = NULL;