X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Frootcheck-config.c;fp=src%2Frootcheck%2Frootcheck-config.c;h=6d5ca79c1340c6c75efb19631918f8ad8a5580e2;hp=70e52d7369a0bcb39b09ef415d149901753597aa;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/rootcheck/rootcheck-config.c b/src/rootcheck/rootcheck-config.c old mode 100755 new mode 100644 index 70e52d7..6d5ca79 --- a/src/rootcheck/rootcheck-config.c +++ b/src/rootcheck/rootcheck-config.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/rootcheck/rootcheck-config.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -10,21 +7,19 @@ * Foundation */ - #ifndef OSSECHIDS + #include #include #include #include #include "shared.h" - #include "os_xml/os_xml.h" - #include "rootcheck.h" -/*evaluate boolean with two arguments +/* Evaluate boolean with two arguments * str: input string, "yes"|"no" * default_val: 1(yes)|0(no) */ @@ -32,191 +27,134 @@ short eval_bool2(char *str, short default_val) { short ret = default_val; - if (str == NULL) - return(ret); - else if (strcmp(str, "yes") == 0) + if (str == NULL) { + return (ret); + } else if (strcmp(str, "yes") == 0) { ret = 1; - else if (strcmp(str, "no") == 0) + } else if (strcmp(str, "no") == 0) { ret = 0; + } free(str); - return(ret); + return (ret); } - -/* Read_Rootcheck_Config: Reads the rootcheck config - */ -int Read_Rootcheck_Config(char * cfgfile) +/* Read the rootcheck config */ +int Read_Rootcheck_Config(const char *cfgfile) { OS_XML xml; - +#ifdef OSSECHIDS char *str = NULL; - +#endif /* XML Definitions */ - const char *(xml_daemon[])={xml_rootcheck,"daemon", NULL}; - const char *(xml_notify[])={xml_rootcheck, "notify", NULL}; - const char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL}; - const char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL}; - const char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL}; - const char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL}; - const char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL}; - const char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL}; - const char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL}; - const char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL}; - const char *(xml_scanall[])={xml_rootcheck, "scanall", NULL}; - const char *(xml_readall[])={xml_rootcheck, "readall", NULL}; - const char *(xml_time[])={xml_rootcheck, "frequency", NULL}; - - const char *(xml_check_dev[])={xml_rootcheck, "check_dev", NULL}; - const char *(xml_check_files[])={xml_rootcheck, "check_files", NULL}; - const char *(xml_check_if[])={xml_rootcheck, "check_if", NULL}; - const char *(xml_check_pids[])={xml_rootcheck, "check_pids", NULL}; - const char *(xml_check_ports[])={xml_rootcheck, "check_ports", NULL}; - const char *(xml_check_sys[])={xml_rootcheck, "check_sys", NULL}; - const char *(xml_check_trojans[])={xml_rootcheck, "check_trojans", NULL}; - - #ifdef WIN32 - - const char *(xml_check_winapps[])={xml_rootcheck, "check_winapps", NULL}; - const char *(xml_check_winaudit[])={xml_rootcheck, "check_winaudit", NULL}; - const char *(xml_check_winmalware[])={xml_rootcheck, "check_winmalware", NULL}; - - #else - - const char *(xml_check_unixaudit[])={xml_rootcheck, "check_unixaudit", NULL}; - - #endif + const char *(xml_base_dir[]) = {xml_rootcheck, "base_directory", NULL}; + const char *(xml_workdir[]) = {xml_rootcheck, "work_directory", NULL}; + const char *(xml_rootkit_files[]) = {xml_rootcheck, "rootkit_files", NULL}; + const char *(xml_rootkit_trojans[]) = {xml_rootcheck, "rootkit_trojans", NULL}; + const char *(xml_rootkit_unixaudit[]) = {xml_rootcheck, "system_audit", NULL}; + const char *(xml_rootkit_winaudit[]) = {xml_rootcheck, "windows_audit", NULL}; + const char *(xml_rootkit_winapps[]) = {xml_rootcheck, "windows_apps", NULL}; + const char *(xml_rootkit_winmalware[]) = {xml_rootcheck, "windows_malware", NULL}; + const char *(xml_scanall[]) = {xml_rootcheck, "scanall", NULL}; + const char *(xml_readall[]) = {xml_rootcheck, "readall", NULL}; +#ifdef OSSECHIDS + const char *(xml_time[]) = {xml_rootcheck, "frequency", NULL}; +#endif + const char *(xml_check_dev[]) = {xml_rootcheck, "check_dev", NULL}; + const char *(xml_check_files[]) = {xml_rootcheck, "check_files", NULL}; + const char *(xml_check_if[]) = {xml_rootcheck, "check_if", NULL}; + const char *(xml_check_pids[]) = {xml_rootcheck, "check_pids", NULL}; + const char *(xml_check_ports[]) = {xml_rootcheck, "check_ports", NULL}; + const char *(xml_check_sys[]) = {xml_rootcheck, "check_sys", NULL}; + const char *(xml_check_trojans[]) = {xml_rootcheck, "check_trojans", NULL}; +#ifdef WIN32 + const char *(xml_check_winapps[]) = {xml_rootcheck, "check_winapps", NULL}; + const char *(xml_check_winaudit[]) = {xml_rootcheck, "check_winaudit", NULL}; + const char *(xml_check_winmalware[]) = {xml_rootcheck, "check_winmalware", NULL}; +#else + const char *(xml_check_unixaudit[]) = {xml_rootcheck, "check_unixaudit", NULL}; +#endif +#ifdef OSSECHIDS /* :) */ xml_time[2] = NULL; +#endif - if(OS_ReadXML(cfgfile,&xml) < 0) - { - merror("config_op: XML error: %s",xml.err); - return(OS_INVALID); + if (OS_ReadXML(cfgfile, &xml) < 0) { + merror("config_op: XML error: %s", xml.err); + return (OS_INVALID); } - if(!OS_RootElementExist(&xml,xml_rootcheck)) - { + if (!OS_RootElementExist(&xml, xml_rootcheck)) { OS_ClearXML(&xml); - merror("%s: Rootcheck configuration not found. ",ARGV0); - return(-1); + merror("%s: Rootcheck configuration not found. ", ARGV0); + return (-1); } - /* run as a daemon */ - rootcheck.daemon = eval_bool2(OS_GetOneContentforElement(&xml,xml_daemon), rootcheck.daemon); - +#ifdef OSSECHIDS /* time */ - #ifdef OSSECHIDS - str = OS_GetOneContentforElement(&xml,xml_time); - if(str) - { - if(!OS_StrIsNum(str)) - { + str = OS_GetOneContentforElement(&xml, xml_time); + if (str) { + if (!OS_StrIsNum(str)) { merror("Invalid frequency time '%s' for the rootkit " - "detection (must be int).", str); - return(OS_INVALID); + "detection (must be int).", str); + return (OS_INVALID); } rootcheck.time = atoi(str); - free(str); str = NULL; } - #endif - +#endif /* OSSECHIDS */ - /* Scan all flag */ - if(!rootcheck.scanall) - { - rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml,xml_scanall), 0); + /* Scan all flags */ + if (!rootcheck.scanall) { + rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml, xml_scanall), 0); } - - /* read all flag */ - if(!rootcheck.readall) - { - rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml,xml_readall), 0); + /* Read all flags */ + if (!rootcheck.readall) { + rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml, xml_readall), 0); } - - /* Notifications type */ - str = OS_GetOneContentforElement(&xml,xml_notify); - if(str) - { - if(strcasecmp(str,"queue") == 0) - rootcheck.notify = QUEUE; - else if(strcasecmp(str,"syslog") == 0) - rootcheck.notify = SYSLOG; - else - { - merror("%s: Invalid notification option. Only " - "'syslog' or 'queue' are allowed.",ARGV0); - return(-1); - } - - free(str); - str = NULL; + /* Get work directory */ + if (!rootcheck.workdir) { + rootcheck.workdir = OS_GetOneContentforElement(&xml, xml_workdir); } - else - { - /* Default to SYSLOG */ - rootcheck.notify = SYSLOG; - } - - /* Getting work directory */ - if(!rootcheck.workdir) - rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir); - rootcheck.rootkit_files = OS_GetOneContentforElement - (&xml,xml_rootkit_files); + (&xml, xml_rootkit_files); rootcheck.rootkit_trojans = OS_GetOneContentforElement - (&xml,xml_rootkit_trojans); - + (&xml, xml_rootkit_trojans); rootcheck.unixaudit = OS_GetContents - (&xml,xml_rootkit_unixaudit); - + (&xml, xml_rootkit_unixaudit); rootcheck.winaudit = OS_GetOneContentforElement - (&xml,xml_rootkit_winaudit); - + (&xml, xml_rootkit_winaudit); rootcheck.winapps = OS_GetOneContentforElement - (&xml,xml_rootkit_winapps); - + (&xml, xml_rootkit_winapps); rootcheck.winmalware = OS_GetOneContentforElement - (&xml,xml_rootkit_winmalware); - + (&xml, xml_rootkit_winmalware); rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir); - - rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_dev), 1); - rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_files), 1); - rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_if), 1); - rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_pids), 1); - rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_ports), 1); - rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_sys), 1); - rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_trojans), 1); - - #ifdef WIN32 - - rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winapps), 1); - rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winaudit), 1); - rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winmalware), 1); - - #else - - rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_unixaudit), 1); - - #endif - + rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_dev), 1); + rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_files), 1); + rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_if), 1); + rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_pids), 1); + rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_ports), 1); + rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_sys), 1); + rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_trojans), 1); +#ifdef WIN32 + rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winapps), 1); + rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winaudit), 1); + rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winmalware), 1); +#else + rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_unixaudit), 1); +#endif /* WIN32 */ OS_ClearXML(&xml); - debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon); - debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify); - return(0); + return (0); } - -/* EOF */ #endif +