X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fcheck_rc_if.c;h=ccedb668bf65c6980c3a1660f193e9b94ede7aa5;hp=1d4dd62fadc9afe0ecb87884bafef2fb056fd17c;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/src/rootcheck/check_rc_if.c b/src/rootcheck/check_rc_if.c
old mode 100755
new mode 100644
index 1d4dd62..ccedb66
--- a/src/rootcheck/check_rc_if.c
+++ b/src/rootcheck/check_rc_if.c
@@ -1,6 +1,3 @@
-/* @(#) $Id: ./src/rootcheck/check_rc_if.c, 2011/09/08 dcid Exp $
- */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
@@ -13,50 +10,46 @@
 #ifndef WIN32
 #include <sys/types.h>
 #include <sys/socket.h>
-
 #include <sys/ioctl.h>
 #include <net/if.h>
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
 
-/* Solaris happy again */
 #ifdef SOLARIS
 #include <stropts.h>
 #include <sys/sockio.h>
 #endif
 
-#include "headers/defs.h"
 #include "headers/debug_op.h"
-
+#include "headers/defs.h"
 #include "rootcheck.h"
 
 #ifndef IFCONFIG
 #define IFCONFIG "ifconfig %s | grep PROMISC > /dev/null 2>&1"
 #endif
 
+/* Prototypes */
+static int run_ifconfig(const char *ifconfig);
 
-/* run_ifconfig: Execute the ifconfig command.
- * Returns 1 if interface in promisc mode.
+
+/* Execute the ifconfig command
+ * Returns 1 if the interface is in promiscuous mode
  */
-int run_ifconfig(char *ifconfig)
+static int run_ifconfig(const char *ifconfig)
 {
-    char nt[OS_SIZE_1024 +1];
+    char nt[OS_SIZE_1024 + 1];
 
     snprintf(nt, OS_SIZE_1024, IFCONFIG, ifconfig);
+    if (system(nt) == 0) {
+        return (1);
+    }
 
-    if(system(nt) == 0)
-        return(1);
-
-    return(0);
+    return (0);
 }
 
-
-/*  check_rc_if: v0.1
- *  Check all interfaces for promiscuous mode
- */
+/* Check all interfaces for promiscuous mode */
 void check_rc_if()
 {
     int _fd, _errors = 0, _total = 0;
@@ -68,55 +61,45 @@ void check_rc_if()
     struct ifreq _ifr;
 
     _fd = socket(AF_INET, SOCK_DGRAM, 0);
-    if(_fd < 0)
-    {
+    if (_fd < 0) {
         merror("%s: Error checking interfaces (socket)", ARGV0);
         return;
     }
 
-
-    memset(tmp_str, 0, sizeof(struct ifreq)*16);
+    memset(tmp_str, 0, sizeof(struct ifreq) * 16);
     _if.ifc_len = sizeof(tmp_str);
     _if.ifc_buf = (caddr_t)(tmp_str);
 
-    if (ioctl(_fd, SIOCGIFCONF, &_if) < 0)
-    {
+    if (ioctl(_fd, SIOCGIFCONF, &_if) < 0) {
         close(_fd);
         merror("%s: Error checking interfaces (ioctl)", ARGV0);
         return;
     }
 
-    _ifend = (struct ifreq*) ((char*)tmp_str + _if.ifc_len);
+    _ifend = (struct ifreq *) (void *) ((char *)tmp_str + _if.ifc_len);
     _ir = tmp_str;
 
-    /* Looping on all interfaces */
-    for (; _ir < _ifend; _ir++)
-    {
+    /* Loop over all interfaces */
+    for (; _ir < _ifend; _ir++) {
         strncpy(_ifr.ifr_name, _ir->ifr_name, sizeof(_ifr.ifr_name));
 
-        /* Getting information from each interface */
-        if (ioctl(_fd, SIOCGIFFLAGS, (char*)&_ifr) == -1)
-        {
+        /* Get information from each interface */
+        if (ioctl(_fd, SIOCGIFFLAGS, (char *)&_ifr) == -1) {
             continue;
         }
 
         _total++;
 
-
-        if ((_ifr.ifr_flags & IFF_PROMISC) )
-        {
-            char op_msg[OS_SIZE_1024 +1];
-            if(run_ifconfig(_ifr.ifr_name))
-            {
-                snprintf(op_msg, OS_SIZE_1024,"Interface '%s' in promiscuous"
-                                            " mode.", _ifr.ifr_name);
+        if ((_ifr.ifr_flags & IFF_PROMISC) ) {
+            char op_msg[OS_SIZE_1024 + 1];
+            if (run_ifconfig(_ifr.ifr_name)) {
+                snprintf(op_msg, OS_SIZE_1024, "Interface '%s' in promiscuous"
+                         " mode.", _ifr.ifr_name);
                 notify_rk(ALERT_SYSTEM_CRIT, op_msg);
-            }
-            else
-            {
-                snprintf(op_msg, OS_SIZE_1024,"Interface '%s' in promiscuous"
-                                 " mode, but ifconfig is not showing it"
-                                 "(probably trojaned).", _ifr.ifr_name);
+            } else {
+                snprintf(op_msg, OS_SIZE_1024, "Interface '%s' in promiscuous"
+                         " mode, but ifconfig is not showing it"
+                         "(probably trojaned).", _ifr.ifr_name);
                 notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
             }
             _errors++;
@@ -124,22 +107,23 @@ void check_rc_if()
     }
     close(_fd);
 
-    if(_errors == 0)
-    {
-        char op_msg[OS_SIZE_1024 +1];
+    if (_errors == 0) {
+        char op_msg[OS_SIZE_1024 + 1];
         snprintf(op_msg, OS_SIZE_1024, "No problem detected on ifconfig/ifs."
-                                    " Analyzed %d interfaces.", _total);
+                 " Analyzed %d interfaces.", _total);
         notify_rk(ALERT_OK, op_msg);
     }
 
     return;
 }
 
-/* EOF */
+#else /* WIN32 */
 
-#else
+/* Not implemented on Windows */
 void check_rc_if()
 {
     return;
 }
-#endif
+
+#endif /* WIN32 */
+