X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fcheck_rc_ports.c;h=d40356d872717151776f93ac952c53b7ed20b536;hp=890407cb0ce2a9fbff6313a56e4e6d71f594582e;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554

diff --git a/src/rootcheck/check_rc_ports.c b/src/rootcheck/check_rc_ports.c
index 890407c..d40356d 100755
--- a/src/rootcheck/check_rc_ports.c
+++ b/src/rootcheck/check_rc_ports.c
@@ -1,4 +1,5 @@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/rootcheck/check_rc_ports.c, 2011/09/08 dcid Exp $
+ */
 
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
@@ -9,9 +10,9 @@
  * Foundation
  */
 
- 
+
 #ifndef WIN32
- 
+
 #include "shared.h"
 #include "rootcheck.h"
 
@@ -30,7 +31,7 @@
 #define NETSTAT_LIST "netstat -an | grep \"^%s\" | "\
                      "cut -d ':' -f 2 | cut -d ' ' -f 1"
 #define NETSTAT "netstat -an | grep \"^%s\" | " \
-                "grep \"[^0-9]%d \" > /dev/null 2>&1"                          
+                "grep \"[^0-9]%d \" > /dev/null 2>&1"
 #endif
 
 #ifndef NETSTAT
@@ -41,6 +42,7 @@
 
 int run_netstat(int proto, int port)
 {
+    int ret;
     char nt[OS_SIZE_1024 +1];
 
     if(proto == IPPROTO_TCP)
@@ -53,10 +55,17 @@ int run_netstat(int proto, int port)
         return(0);
     }
 
-    if(system(nt) == 0)    
+    ret = system(nt);
+
+    if(ret == 0)
         return(1);
-    
-    return(0);    
+
+    else if(ret == 1)
+    {
+        return(0);
+    }
+
+    return(1);
 }
 
 
@@ -83,7 +92,7 @@ int conn_port(int proto, int port)
     server.sin_port = htons( port );
     server.sin_addr.s_addr = htonl(INADDR_ANY);
 
-    
+
     /* If we can't bind, it means the port is open */
     if(bind(ossock, (struct sockaddr *) &server, sizeof(server)) < 0)
     {
@@ -99,10 +108,10 @@ int conn_port(int proto, int port)
     {
         total_ports_udp[port] = rc;
     }
-    
-    close(ossock);  
 
-    return(rc);  
+    close(ossock);
+
+    return(rc);
 }
 
 
@@ -121,7 +130,7 @@ void test_ports(int proto, int *_errors, int *_total)
             if(run_netstat(proto, i))
             {
                 continue;
-                
+
                 #ifdef OSSECHIDS
                 sleep(2);
                 #endif
@@ -140,7 +149,7 @@ void test_ports(int proto, int *_errors, int *_total)
 
                 snprintf(op_msg, OS_SIZE_1024, "Port '%d'(%s) hidden. "
                         "Kernel-level rootkit or trojaned "
-                        "version of netstat.", i, 
+                        "version of netstat.", i,
                         (proto == IPPROTO_UDP)? "udp" : "tcp");
 
                 notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
@@ -178,8 +187,8 @@ void check_rc_ports()
         total_ports_udp[i] = 0;
         i++;
     }
-    
-    /* Trsting TCP ports */ 
+
+    /* Trsting TCP ports */
     test_ports(IPPROTO_TCP, &_errors, &_total);
 
     /* Testing UDP ports */
@@ -193,7 +202,7 @@ void check_rc_ports()
                                     " Analyzed %d ports.", _total);
         notify_rk(ALERT_OK, op_msg);
     }
-    
+
     return;
 }