X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Frootcheck.c;h=00831b6c4783835ae3ca4b17bed4485e0522b024;hp=83dfb5beb314ec74781c501195e60c4d1cf362fd;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/rootcheck/rootcheck.c b/src/rootcheck/rootcheck.c index 83dfb5b..00831b6 100755 --- a/src/rootcheck/rootcheck.c +++ b/src/rootcheck/rootcheck.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/rootcheck/rootcheck.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. @@ -8,7 +9,7 @@ * License (version 2) as published by the FSF - Free Software * Foundation */ - + /* * Rootcheck v 0.3 * Copyright (C) 2003 Daniel B. Cid @@ -65,16 +66,16 @@ int main(int argc, char **argv) int rootcheck_init(int test_config) { int c; - -#endif - - #ifdef OSSECHIDS + +#endif + + #ifdef OSSECHIDS char *cfg = DEFAULTCPATH; #else char *cfg = "./rootcheck.conf"; #endif - - /* Zeroing the structure */ + + /* Zeroing the structure, initializing default values */ rootcheck.workdir = NULL; rootcheck.basedir = NULL; rootcheck.unixaudit = NULL; @@ -93,6 +94,26 @@ int rootcheck_init(int test_config) rootcheck.time = ROOTCHECK_WAIT; + rootcheck.checks.rc_dev = 1; + rootcheck.checks.rc_files = 1; + rootcheck.checks.rc_if = 1; + rootcheck.checks.rc_pids = 1; + rootcheck.checks.rc_ports = 1; + rootcheck.checks.rc_sys = 1; + rootcheck.checks.rc_trojans = 1; + + #ifdef WIN32 + + rootcheck.checks.rc_winaudit = 1; + rootcheck.checks.rc_winmalware = 1; + rootcheck.checks.rc_winapps = 1; + + #else + + rootcheck.checks.rc_unixaudit = 1; + + #endif + /* We store up to 255 alerts in there. */ os_calloc(256, sizeof(char *), rootcheck.alert_msg); c = 0; @@ -101,7 +122,7 @@ int rootcheck_init(int test_config) rootcheck.alert_msg[c] = NULL; c++; } - + #ifndef OSSECHIDS rootcheck.notify = SYSLOG; @@ -134,18 +155,18 @@ int rootcheck_init(int test_config) break; case 't': test_config = 1; - break; + break; case 'r': rootcheck.readall = 1; - break; + break; default: rootcheck_help(); - break; + break; } } - + #ifdef WIN32 /* Starting Winsock */ { @@ -156,10 +177,10 @@ int rootcheck_init(int test_config) } } #endif - - + + #endif /* OSSECHIDS */ - + /* Staring message */ debug1(STARTED_MSG,ARGV0); @@ -191,8 +212,8 @@ int rootcheck_init(int test_config) verbose("%s: Rootcheck disabled. Exiting.", ARGV0); return(1); } - - + + /* Checking if Unix audit file is configured. */ if(!rootcheck.unixaudit) { @@ -200,32 +221,32 @@ int rootcheck_init(int test_config) log2file("%s: System audit file not configured.", ARGV0); #endif } - - + + /* Setting default values */ if(rootcheck.workdir == NULL) rootcheck.workdir = DEFAULTDIR; #ifdef OSSECHIDS - + /* Start up message */ #ifdef WIN32 verbose(STARTUP_MSG, "ossec-rootcheck", getpid()); #else - + /* Connect to the queue if configured to do so */ if(rootcheck.notify == QUEUE) { debug1("%s: Starting queue ...",ARGV0); - + /* Starting the queue. */ if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + { merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH, strerror(errno)); - + /* 5 seconds to see if the agent starts */ sleep(5); if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) @@ -240,7 +261,7 @@ int rootcheck_init(int test_config) } #endif /* Not win32 */ - + #endif /* ossec hids */ @@ -256,7 +277,7 @@ int rootcheck_init(int test_config) #ifndef OSSECHIDS - + #ifndef WIN32 /* Start the signal handling */ StartSIG(ARGV0); @@ -264,17 +285,17 @@ int rootcheck_init(int test_config) #else return(0); - + #endif - + debug1("%s: DEBUG: Running run_rk_check",ARGV0); - run_rk_check(); + run_rk_check(); - - debug1("%s: DEBUG: Leaving...",ARGV0); - return(0); + debug1("%s: DEBUG: Leaving...",ARGV0); + + return(0); } /* EOF */