X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fos_dbd%2Falert.c;h=b37fae3bc260b923f0d21ef2803dc1f2fc2d12c6;hp=cb3842bf1c3ed6bc5746b60a2b1a7e563c0a2824;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/os_dbd/alert.c b/src/os_dbd/alert.c old mode 100755 new mode 100644 index cb3842b..b37fae3 --- a/src/os_dbd/alert.c +++ b/src/os_dbd/alert.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/os_dbd/alert.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * @@ -8,262 +5,202 @@ * and/or modify it under the terms of the GNU General Public * License (version 2) as published by the FSF - Free Software * Foundation - * - * License details at the LICENSE file included with OSSEC or - * online at: http://www.ossec.net/en/licensing.html */ - #include "dbd.h" #include "config/config.h" +#include "config/dbd-config.h" #include "rules_op.h" +/* Prototypes */ +static int __DBSelectLocation(const char *location, const DBConfig *db_config) __attribute__((nonnull)); +static int __DBInsertLocation(const char *location, const DBConfig *db_config) __attribute__((nonnull)); -/** int OS_SelectMaxID(DBConfig *db_config) - * Selects the maximum ID from the alert table. - * Returns 0 if not found. +/* Select the maximum ID from the alert table + * Returns 0 if not found */ -int OS_SelectMaxID(DBConfig *db_config) +int OS_SelectMaxID(const DBConfig *db_config) { int result = 0; char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); + /* Generate SQL */ + snprintf(sql_query, OS_SIZE_1024 - 1, + "SELECT MAX(id) FROM " + "alert WHERE server_id = '%u'", + db_config->server_id); - /* Generating SQL */ - snprintf(sql_query, OS_SIZE_1024 -1, - "SELECT MAX(id) FROM " - "alert WHERE server_id = '%u'", - db_config->server_id); - - - /* Checking return code. */ result = osdb_query_select(db_config->conn, sql_query); - return(result); + return (result); } -/** int __DBSelectLocation(char *locaton, DBConfig *db_config) - * Selects the location ID from the db. - * Returns 0 if not found. +/* Select the location ID from the db + * Returns 0 if not found */ -int __DBSelectLocation(char *location, DBConfig *db_config) +static int __DBSelectLocation(const char *location, const DBConfig *db_config) { int result = 0; char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); + /* Generate SQL */ + snprintf(sql_query, OS_SIZE_1024 - 1, + "SELECT id FROM " + "location WHERE name = '%s' AND server_id = '%d' " + "LIMIT 1", + location, db_config->server_id); - /* Generating SQL */ - snprintf(sql_query, OS_SIZE_1024 -1, - "SELECT id FROM " - "location WHERE name = '%s' AND server_id = '%d' " - "LIMIT 1", - location, db_config->server_id); - - - /* Checking return code. */ result = osdb_query_select(db_config->conn, sql_query); - return(result); + return (result); } - -/** int __DBInsertLocation(char *location, DBConfig *db_config) - * Inserts location in to the db. - */ -int __DBInsertLocation(char *location, DBConfig *db_config) +/* Insert location in to the db */ +static int __DBInsertLocation(const char *location, const DBConfig *db_config) { char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); - /* Generating SQL */ - snprintf(sql_query, OS_SIZE_1024 -1, - "INSERT INTO " - "location(server_id, name) " - "VALUES ('%u', '%s')", - db_config->server_id, location); - + /* Generate SQL */ + snprintf(sql_query, OS_SIZE_1024 - 1, + "INSERT INTO " + "location(server_id, name) " + "VALUES ('%u', '%s')", + db_config->server_id, location); - /* Checking return code. */ - if(!osdb_query_insert(db_config->conn, sql_query)) - { + if (!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } - return(0); + return (0); } - - -/** int OS_Alert_InsertDB(DBConfig *db_config) - * Insert alert into to the db. - * Returns 1 on success or 0 on error. +/* Insert alert into to the db + * Returns 1 on success or 0 on error */ -int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) +int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config) { int i; - unsigned int s_ip = 0, d_ip = 0, location_id = 0; + unsigned int location_id = 0; unsigned short s_port = 0, d_port = 0; int *loc_id; - char sql_query[OS_SIZE_8192 +1]; + char sql_query[OS_SIZE_8192 + 1]; char *fulllog = NULL; - - /* Clearing the memory before insert */ + /* Clear the memory before insert */ sql_query[0] = '\0'; sql_query[OS_SIZE_8192] = '\0'; - - /* Converting srcip to int */ - if(al_data->srcip) - { - struct in_addr net; - - /* Extracting ip address */ - if(inet_aton(al_data->srcip, &net)) - { - s_ip = net.s_addr; - } - } - - /* Converting dstip to int */ - if(al_data->dstip) - { - struct in_addr net; - - /* Extracting ip address */ - if(inet_aton(al_data->dstip, &net)) - { - d_ip = net.s_addr; - } - } - /* Source Port */ s_port = al_data->srcport; /* Destination Port */ d_port = al_data->dstport; - - /* Escaping strings */ + /* Escape strings */ osdb_escapestr(al_data->user); - - + osdb_escapestr(al_data->location); + /* We first need to insert the location */ - loc_id = OSHash_Get(db_config->location_hash, al_data->location); - + loc_id = (int *) OSHash_Get(db_config->location_hash, al_data->location); /* If we dont have location id, we must select and/or insert in the db */ - if(!loc_id) - { + if (!loc_id) { location_id = __DBSelectLocation(al_data->location, db_config); - if(location_id == 0) - { + if (location_id == 0) { /* Insert it */ __DBInsertLocation(al_data->location, db_config); location_id = __DBSelectLocation(al_data->location, db_config); } - if(!location_id) - { + if (!location_id) { merror("%s: Unable to insert location: '%s'.", ARGV0, al_data->location); - return(0); + return (0); } - - /* Adding to hash */ + /* Add to hash */ os_calloc(1, sizeof(int), loc_id); *loc_id = location_id; OSHash_Add(db_config->location_hash, al_data->location, loc_id); } - i = 0; - while(al_data->log[i]) - { - long len = strlen(al_data->log[i]); - char templog[len+2]; - if (al_data->log[i+1]) { - snprintf(templog, len+2, "%s\n", al_data->log[i]); - } - else { - snprintf(templog, len+1, "%s", al_data->log[i]); + while (al_data->log[i]) { + size_t len = strlen(al_data->log[i]); + char templog[len + 2]; + if (al_data->log[i + 1]) { + snprintf(templog, len + 2, "%s\n", al_data->log[i]); + } else { + snprintf(templog, len + 1, "%s", al_data->log[i]); } fulllog = os_LoadString(fulllog, templog); -// fulllog = os_LoadString(fulllog, al_data->log[i]); i++; } + + if (fulllog == NULL) { + merror("%s: Unable to process log.", ARGV0); + return (0); + } + osdb_escapestr(fulllog); - if(strlen(fulllog) > 7456) - { + if (strlen(fulllog) > 7456) { fulllog[7454] = '.'; fulllog[7455] = '.'; fulllog[7456] = '\0'; } - - /* Inserting data */ - if(db_config->db_type == POSTGDB) - { - /* On postgres we need to escape the user field. */ + /* Generate final SQL */ + switch (db_config->db_type) { + case MYSQLDB: snprintf(sql_query, OS_SIZE_8192, - "INSERT INTO " - "data(id, server_id, \"user\", full_log) " - "VALUES ('%u', '%u', '%s', '%s') ", - db_config->alert_id, db_config->server_id, - al_data->user, fulllog); - } - else - { + "INSERT INTO " + "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log,tld) " + "VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s','%.2s')", + db_config->server_id, al_data->rule, + al_data->level, + (unsigned int)time(0), *loc_id, + al_data->srcip, + (unsigned short)s_port, + al_data->dstip, + (unsigned short)d_port, + al_data->alertid, + al_data->user, fulllog, al_data->srcgeoip); + break; + + case POSTGDB: snprintf(sql_query, OS_SIZE_8192, - "INSERT INTO " - "data(id, server_id, user, full_log) " - "VALUES ('%u', '%u', '%s', '%s') ", - db_config->alert_id, db_config->server_id, - al_data->user, fulllog); + "INSERT INTO " + "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,\"user\",full_log) " + "VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s')", + db_config->server_id, al_data->rule, + al_data->level, + (unsigned int)time(0), *loc_id, + al_data->srcip != NULL ? al_data->srcip : "NULL", + (unsigned short)s_port, + al_data->dstip != NULL ? al_data->dstip : "NULL", + (unsigned short)d_port, + al_data->alertid, + al_data->user != NULL ? al_data->user : "NULL", + fulllog); + break; } free(fulllog); fulllog = NULL; - - /* Inserting into the db */ - if(!osdb_query_insert(db_config->conn, sql_query)) - { + /* Insert into the db */ + if (!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } - - - /* Generating final SQL */ - snprintf(sql_query, OS_SIZE_8192, - "INSERT INTO " - "alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid) " - "VALUES ('%u', '%u', '%u','%u', '%u', '%lu', '%u', '%lu', '%u', '%s')", - db_config->alert_id, db_config->server_id, al_data->rule, - (unsigned int)time(0), *loc_id, - (unsigned long)ntohl(s_ip), (unsigned short)s_port, - (unsigned long)ntohl(d_ip), (unsigned short)d_port, - al_data->alertid); - - - /* Inserting into the db */ - if(!osdb_query_insert(db_config->conn, sql_query)) - { - merror(DB_GENERROR, ARGV0); - } - - db_config->alert_id++; - return(1); + return (1); } - - -/* EOF */