X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fcheck_rc_files.c;h=b8c6f649733459cd0eec9a84a77765dd08dfbec5;hp=5d60a82460f9938d193634ac554a6b66d68e015f;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/rootcheck/check_rc_files.c b/src/rootcheck/check_rc_files.c index 5d60a82..b8c6f64 100755 --- a/src/rootcheck/check_rc_files.c +++ b/src/rootcheck/check_rc_files.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/rootcheck/check_rc_files.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. @@ -9,7 +10,7 @@ * Foundation */ - + #include "shared.h" #include "rootcheck.h" @@ -27,17 +28,17 @@ void check_rc_files(char *basedir, FILE *fp) char *file; char *name; char *link; - + int _errors = 0; int _total = 0; - - + + debug1("%s: DEBUG: Starting on check_rc_files", ARGV0); - + while(fgets(buf, OS_SIZE_1024, fp) != NULL) { char *nbuf; - + /* Removing end of line */ nbuf = strchr(buf, '\n'); if(nbuf) @@ -47,8 +48,8 @@ void check_rc_files(char *basedir, FILE *fp) /* Assigning buf to be used */ nbuf = buf; - - /* Excluding commented lines or blanked ones */ + + /* Excluding commented lines or blanked ones */ while(*nbuf != '\0') { if(*nbuf == ' ' || *nbuf == '\t') @@ -61,15 +62,15 @@ void check_rc_files(char *basedir, FILE *fp) else break; } - + if(*nbuf == '\0') goto newline; - + /* File now may be valid */ file = nbuf; - name = nbuf; - - + name = nbuf; + + /* Getting the file and the rootkit name */ while(*nbuf != '\0') { @@ -85,12 +86,12 @@ void check_rc_files(char *basedir, FILE *fp) nbuf++; } } - + if(*nbuf == '\0') goto newline; - - - /* Some ugly code to remove spaces and \t */ + + + /* Some ugly code to remove spaces and \t */ while(*nbuf != '\0') { if(*nbuf == '!') @@ -115,21 +116,21 @@ void check_rc_files(char *basedir, FILE *fp) } } - + /* Getting the link (if present) */ link = strchr(nbuf, ':'); if(link) { *link = '\0'; - - link++; + + link++; if(*link == ':') { link++; } } - - + + /* Cleaning any space of \t at the end */ nbuf = strchr(nbuf, ' '); if(nbuf) @@ -142,7 +143,7 @@ void check_rc_files(char *basedir, FILE *fp) { *nbuf = '\0'; } - + _total++; @@ -153,15 +154,15 @@ void check_rc_files(char *basedir, FILE *fp) { merror(MAX_RK_MSG, ARGV0, MAX_RK_SYS); } - + else { /* Removing * / from the file */ file++; if(*file == '/') file++; - - /* Memory assignment */ + + /* Memory assignment */ rk_sys_file[rk_sys_count] = strdup(file); rk_sys_name[rk_sys_count] = strdup(name); @@ -169,16 +170,16 @@ void check_rc_files(char *basedir, FILE *fp) !rk_sys_file[rk_sys_count] ) { merror(MEM_ERROR, ARGV0); - + if(rk_sys_file[rk_sys_count]) free(rk_sys_file[rk_sys_count]); if(rk_sys_name[rk_sys_count]) free(rk_sys_name[rk_sys_count]); - + rk_sys_file[rk_sys_count] = NULL; - rk_sys_name[rk_sys_count] = NULL; + rk_sys_name[rk_sys_count] = NULL; } - + rk_sys_count++; /* Always assigning the last as NULL */ @@ -187,23 +188,23 @@ void check_rc_files(char *basedir, FILE *fp) } continue; } - + snprintf(file_path, OS_SIZE_1024, "%s/%s",basedir, file); - - /* Checking if file exists */ + + /* Checking if file exists */ if(is_file(file_path)) { char op_msg[OS_SIZE_1024 +1]; - + _errors = 1; snprintf(op_msg, OS_SIZE_1024, "Rootkit '%s' detected " "by the presence of file '%s'.",name, file_path); - + notify_rk(ALERT_ROOTKIT_FOUND, op_msg); } - + newline: - continue; + continue; } if(_errors == 0)