X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fconfig%2Frootcheck-config.c;h=51af27e3fe320e1f9fbe2ca760912fab61d70a48;hp=79a3cecde0a1e7c2f390cdac7b5475d32231f956;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/config/rootcheck-config.c b/src/config/rootcheck-config.c index 79a3cec..51af27e 100755 --- a/src/config/rootcheck-config.c +++ b/src/config/rootcheck-config.c @@ -14,14 +14,26 @@ #include "rootcheck-config.h" +short eval_bool(char *str) +{ + if (str == NULL) + return(OS_INVALID); + else if (strcmp(str, "yes") == 0) + return(1); + else if (strcmp(str, "no") == 0) + return(0); + else + return(OS_INVALID); +} + /* Read_Rootcheck: Reads the rootcheck config */ -int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) +int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) { int i = 0; - + rkconfig *rootcheck; - + /* XML Definitions */ char *xml_rootkit_files = "rootkit_files"; char *xml_rootkit_trojans = "rootkit_trojans"; @@ -36,9 +48,20 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) char *xml_base_dir = "base_directory"; char *xml_ignore = "ignore"; + char *xml_check_dev = "check_dev"; + char *xml_check_files = "check_files"; + char *xml_check_if = "check_if"; + char *xml_check_pids = "check_pids"; + char *xml_check_ports = "check_ports"; + char *xml_check_sys = "check_sys"; + char *xml_check_trojans = "check_trojans"; + char *xml_check_unixaudit = "check_unixaudit"; + char *xml_check_winapps = "check_winapps"; + char *xml_check_winaudit = "check_winaudit"; + char *xml_check_winmalware = "check_winmalware"; rootcheck = (rkconfig *)configp; - + while(node[i]) { if(!node[i]->element) @@ -66,11 +89,8 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) /* getting scan all */ else if(strcmp(node[i]->element,xml_scanall) == 0) { - if(strcmp(node[i]->content, "yes") == 0) - rootcheck->scanall = 1; - else if(strcmp(node[i]->content, "no") == 0) - rootcheck->scanall = 0; - else + rootcheck->scanall = eval_bool(node[i]->content); + if (rootcheck->scanall == OS_INVALID) { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); return(OS_INVALID); @@ -78,11 +98,8 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) } else if(strcmp(node[i]->element, xml_disabled) == 0) { - if(strcmp(node[i]->content, "yes") == 0) - rootcheck->disabled = 1; - else if(strcmp(node[i]->content, "no") == 0) - rootcheck->disabled = 0; - else + rootcheck->disabled = eval_bool(node[i]->content); + if (rootcheck->disabled == OS_INVALID) { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); return(OS_INVALID); @@ -90,11 +107,8 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) } else if(strcmp(node[i]->element,xml_readall) == 0) { - if(strcmp(node[i]->content, "yes") == 0) - rootcheck->readall = 1; - else if(strcmp(node[i]->content, "no") == 0) - rootcheck->readall = 0; - else + rootcheck->readall = eval_bool(node[i]->content); + if (rootcheck->readall == OS_INVALID) { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); return(OS_INVALID); @@ -117,12 +131,12 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) int j = 0; while(rootcheck->unixaudit && rootcheck->unixaudit[j]) j++; - - os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2), + + os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2), rootcheck->unixaudit); rootcheck->unixaudit[j] = NULL; rootcheck->unixaudit[j + 1] = NULL; - + os_strdup(node[i]->content, rootcheck->unixaudit[j]); } else if(strcmp(node[i]->element, xml_ignore) == 0) @@ -130,12 +144,12 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) int j = 0; while(rootcheck->ignore && rootcheck->ignore[j]) j++; - - os_realloc(rootcheck->ignore, sizeof(char *)*(j+2), + + os_realloc(rootcheck->ignore, sizeof(char *)*(j+2), rootcheck->ignore); rootcheck->ignore[j] = NULL; rootcheck->ignore[j + 1] = NULL; - + os_strdup(node[i]->content, rootcheck->ignore[j]); } else if(strcmp(node[i]->element, xml_winmalware) == 0) @@ -150,6 +164,113 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp) { os_strdup(node[i]->content, rootcheck->basedir); } + else if (strcmp(node[i]->element, xml_check_dev) == 0) + { + rootcheck->checks.rc_dev = eval_bool(node[i]->content); + if (rootcheck->checks.rc_dev == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_files) == 0) + { + rootcheck->checks.rc_files = eval_bool(node[i]->content); + if (rootcheck->checks.rc_files == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_if) == 0) + { + rootcheck->checks.rc_if = eval_bool(node[i]->content); + if (rootcheck->checks.rc_if == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_pids) == 0) + { + rootcheck->checks.rc_pids = eval_bool(node[i]->content); + if (rootcheck->checks.rc_pids == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_ports) == 0) + { + rootcheck->checks.rc_ports = eval_bool(node[i]->content); + if (rootcheck->checks.rc_ports == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_sys) == 0) + { + rootcheck->checks.rc_sys = eval_bool(node[i]->content); + if (rootcheck->checks.rc_sys == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_trojans) == 0) + { + rootcheck->checks.rc_trojans = eval_bool(node[i]->content); + if (rootcheck->checks.rc_trojans == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } + else if (strcmp(node[i]->element, xml_check_unixaudit) == 0) + { + #ifndef WIN32 + rootcheck->checks.rc_unixaudit = eval_bool(node[i]->content); + if (rootcheck->checks.rc_unixaudit == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + #endif + } + else if (strcmp(node[i]->element, xml_check_winapps) == 0) + { + #ifdef WIN32 + rootcheck->checks.rc_winapps = eval_bool(node[i]->content); + if (rootcheck->checks.rc_winapps == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + #endif + } + else if (strcmp(node[i]->element, xml_check_winaudit) == 0) + { + #ifdef WIN32 + rootcheck->checks.rc_winaudit = eval_bool(node[i]->content); + if (rootcheck->checks.rc_winaudit == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + #endif + } + else if (strcmp(node[i]->element, xml_check_winmalware) == 0) + { + #ifdef WIN32 + rootcheck->checks.rc_winmalware = eval_bool(node[i]->content); + if (rootcheck->checks.rc_winmalware == OS_INVALID) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + #endif + } else { merror(XML_INVELEM, ARGV0, node[i]->element);