X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fconfig%2Freports-config.c;fp=src%2Fconfig%2Freports-config.c;h=2f5ce6615c4eb76391c09b2a21d63b90c83e86dd;hp=0000000000000000000000000000000000000000;hb=301048b51990573e58a30dc4a5bb4ec285cad554;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a diff --git a/src/config/reports-config.c b/src/config/reports-config.c new file mode 100644 index 0000000..2f5ce66 --- /dev/null +++ b/src/config/reports-config.c @@ -0,0 +1,246 @@ +/* @(#) $Id$ */ + +/* Copyright (C) 2009 Trend Micro Inc. + * All right reserved. + * + * This program is a free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public + * License (version 2) as published by the FSF - Free Software + * Foundation + */ + +/* Functions to handle the configuration files + */ + + +#include "shared.h" +#include "reports-config.h" + + +/* Filter argument. */ +static int _filter_arg(char *mystr) +{ + if(!mystr) + { + return(0); + } + + while(*mystr) + { + if((*mystr >= 'a' && *mystr <= 'z') || + (*mystr >= 'A' && *mystr <= 'Z') || + (*mystr >= '0' && *mystr <= '9') || + *mystr == '-' || *mystr == '_') + { + mystr++; + } + else + { + *mystr = '-'; + mystr++; + } + } + + return(1); +} + + +int Read_CReports(XML_NODE node, void *config, void *config2) +{ + int i = 0,s = 0; + + /* XML definitions */ + char *xml_title = "title"; + char *xml_type = "type"; + char *xml_categories = "category"; + char *xml_group = "group"; + char *xml_rule = "rule"; + char *xml_level = "level"; + char *xml_location = "location"; + char *xml_showlogs = "showlogs"; + char *xml_srcip = "srcip"; + char *xml_user = "user"; + char *xml_frequency = "frequency"; + char *xml_email = "email_to"; + + + monitor_config *mon_config = (monitor_config *)config; + + + /* Getting any configured entry. */ + if(mon_config->reports) + { + while(mon_config->reports[s]) + s++; + } + + + /* Allocating the memory for the config. */ + os_realloc(mon_config->reports, (s + 2) * sizeof(report_config *), + mon_config->reports); + os_calloc(1, sizeof(report_config), mon_config->reports[s]); + mon_config->reports[s + 1] = NULL; + + + /* Zeroing the elements. */ + mon_config->reports[s]->title = NULL; + mon_config->reports[s]->args = NULL; + mon_config->reports[s]->relations = NULL; + mon_config->reports[s]->type = NULL; + mon_config->reports[s]->emailto = NULL; + + mon_config->reports[s]->r_filter.group = NULL; + mon_config->reports[s]->r_filter.rule = NULL; + mon_config->reports[s]->r_filter.level = NULL; + mon_config->reports[s]->r_filter.location = NULL; + mon_config->reports[s]->r_filter.srcip = NULL; + mon_config->reports[s]->r_filter.user = NULL; + mon_config->reports[s]->r_filter.related_group = 0; + mon_config->reports[s]->r_filter.related_rule = 0; + mon_config->reports[s]->r_filter.related_level = 0; + mon_config->reports[s]->r_filter.related_location = 0; + mon_config->reports[s]->r_filter.related_srcip = 0; + mon_config->reports[s]->r_filter.related_user = 0; + mon_config->reports[s]->r_filter.report_name = NULL; + mon_config->reports[s]->r_filter.show_alerts = 0; + + + + /* Reading the XML. */ + while(node[i]) + { + if(!node[i]->element) + { + merror(XML_ELEMNULL, __local_name); + return(OS_INVALID); + } + else if(!node[i]->content) + { + merror(XML_VALUENULL, __local_name, node[i]->element); + return(OS_INVALID); + } + else if(strcmp(node[i]->element, xml_title) == 0) + { + if(!mon_config->reports[s]->title) + { + os_strdup(node[i]->content, mon_config->reports[s]->title); + } + } + else if(strcmp(node[i]->element, xml_type) == 0) + { + if(strcmp(node[i]->content, "email") == 0) + { + if(!mon_config->reports[s]->type) + { + os_strdup(node[i]->content, mon_config->reports[s]->type); + } + } + else + { + merror(XML_VALUEERR, __local_name,node[i]->element,node[i]->content); + } + } + else if(strcmp(node[i]->element, xml_frequency) == 0) + { + } + else if(strcmp(node[i]->element, xml_showlogs) == 0) + { + if(strcasecmp(node[i]->content, "yes") == 0) + { + mon_config->reports[s]->r_filter.show_alerts = 1; + } + } + else if(strcmp(node[i]->element, xml_categories) == 0) + { + char *ncat = NULL; + _filter_arg(node[i]->content); + + + os_strdup(node[i]->content, ncat); + + if(os_report_configfilter("group", ncat, + &mon_config->reports[s]->r_filter, REPORT_FILTER) < 0) + { + merror(CONFIG_ERROR, __local_name, "user argument"); + } + } + else if((strcmp(node[i]->element, xml_group) == 0)|| + (strcmp(node[i]->element, xml_rule) == 0)|| + (strcmp(node[i]->element, xml_level) == 0)|| + (strcmp(node[i]->element, xml_location) == 0)|| + (strcmp(node[i]->element, xml_srcip) == 0)|| + (strcmp(node[i]->element, xml_user) == 0)) + { + int reportf = REPORT_FILTER; + char *ncat = NULL; + _filter_arg(node[i]->content); + + if(node[i]->attributes && node[i]->values) + { + if(node[i]->attributes[0] && node[i]->values[0]) + { + if(strcmp(node[i]->attributes[0], "type") == 0) + { + if(strcmp(node[i]->values[0], "relation") == 0) + { + reportf = REPORT_RELATED; + } + else + { + merror("%s: WARN: Invalid value for 'relation' attribute: '%s'. (ignored).", __local_name, node[i]->values[0]); + i++; + continue; + } + } + else + { + merror("%s: WARN: Invalid attribute: %s (ignored). ", __local_name, node[i]->attributes[0]); + i++; + continue; + } + } + } + + os_strdup(node[i]->content, ncat); + + if(os_report_configfilter(node[i]->element, ncat, + &mon_config->reports[s]->r_filter, reportf) < 0) + { + merror("%s: Invalid filter: %s:%s (ignored).", __local_name, node[i]->element, node[i]->content); + } + } + else if(strcmp(node[i]->element, xml_email) == 0) + { + mon_config->reports[s]->emailto = os_AddStrArray(node[i]->content, mon_config->reports[s]->emailto); + } + else + { + merror(XML_INVELEM, __local_name, node[i]->element); + return(OS_INVALID); + } + i++; + } + + + /* Setting proper report type. */ + mon_config->reports[s]->r_filter.report_type = REPORT_TYPE_DAILY; + + if(mon_config->reports[s]->emailto == NULL) + { + if(mon_config->reports[s]->title) + merror("%s: No \"email to\" configured for the report '%s'. Ignoring it.", __local_name, mon_config->reports[s]->title); + else + merror("%s: No \"email to\" and title configured for report. Ignoring it.", __local_name); + } + + if(!mon_config->reports[s]->title) + { + os_strdup("OSSEC Report (unnamed)", mon_config->reports[s]->title); + } + mon_config->reports[s]->r_filter.report_name = mon_config->reports[s]->title; + + return(0); +} + + +/* EOF */