X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Frootcheck.h;fp=src%2Frootcheck%2Frootcheck.h;h=5ceb574c94a2a49852bf78d8cc721a0a4c711be7;hp=a8f5b2f1bec633b0ee4ef1ff431144ef6e10aac1;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/rootcheck/rootcheck.h b/src/rootcheck/rootcheck.h old mode 100755 new mode 100644 index a8f5b2f..5ceb574 --- a/src/rootcheck/rootcheck.h +++ b/src/rootcheck/rootcheck.h @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/rootcheck/rootcheck.h, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -10,23 +7,20 @@ * Foundation */ - #ifndef __ROOTCHECK_H #define __ROOTCHECK_H +#include "list_op.h" #include "config/rootcheck-config.h" -rkconfig rootcheck; +extern rkconfig rootcheck; - -/* output types */ +/* Output types */ #define QUEUE 101 #define SYSLOG 102 - /* Maximum files to search on the whole system */ #define MAX_RK_SYS 512 - /* rk_types */ #define ALERT_OK 0 #define ALERT_SYSTEM_ERR 1 @@ -39,134 +33,97 @@ rkconfig rootcheck; /* Default to 10 hours */ #define ROOTCHECK_WAIT 72000 - - - /** Prototypes **/ -/* common isfile_ondir: Check if file is present on dir */ -int isfile_ondir(char *file, char *dir); +/* Check if file is present on dir */ +int isfile_ondir(const char *file, const char *dir); -/* int rk_check_file(char *value, char *pattern) */ int rk_check_file(char *file, char *pattern); -/* int rk_check_dir(char *dir, char *file, char *pattern) */ -int rk_check_dir(char *dir, char *file, char *pattern); +int rk_check_dir(const char *dir, const char *file, char *pattern); -/* pt_matches: Checks if pattern is present on string */ -int pt_matches(char *str, char *pattern); +/* Check if pattern is present on string */ +int pt_matches(const char *str, char *pattern); -/* pt_check_negate: checks if the patterns is made up - * completely of negate matches */ -int pt_check_negate(char *pattern); +/* Check if the patterns is made up completely of negate matches */ +int pt_check_negate(const char *pattern); -/* common is_file: Check if a file exist (using stat, fopen and opendir) */ +/* Check if a file exist (using stat, fopen and opendir) */ int is_file(char *file_name); -/* win_common is_registry: Check if a entry is in the registry */ +/* Check if an entry is in the registry */ int is_registry(char *entry_name, char *reg_option, char *reg_value); -/* int rkcl_get_entry: Reads cl configuration file. */ -int rkcl_get_entry(FILE *fp, char *msg, void *p_list); - +/* Read cl configuration file */ +int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list); -/** char *normalize_string - * Normalizes a string, removing white spaces and tabs - * from the begining and the end of it. +/* Normalize a string, removing white spaces and tabs + * from the beginning and the end of it. */ char *normalize_string(char *str); - /* Check if regex is present on the file. * Similar to `strings file | grep -r regex` */ int os_string(char *file, char *regex); -/* check for NTFS ADS (Windows only) - */ -int os_check_ads(char *full_path); +/* Check for NTFS ADS (Windows only) */ +int os_check_ads(const char *full_path); -/* os_get_process_list: Get list of processes - */ -void *os_get_process_list(); +/* Get list of processes */ +OSList *os_get_process_list(void); -/* is_process: Check is a process is running. - */ -int is_process(char *value, void *p_list); - - -/* del_plist:. Deletes the process list - */ -int del_plist(void *p_list); +/* Check if a process is running */ +int is_process(char *value, OSList *p_list); +/* Delete the process list */ +int del_plist(OSList *p_list); /* Used to report messages */ -int notify_rk(int rk_type, char *msg); - - +int notify_rk(int rk_type, const char *msg); -/* rootcheck_init: Starts the rootcheck externally - */ +/* Start the rootcheck externally */ int rootcheck_init(int test_config); /* run_rk_check: checks the integrity of the files against the * saved database */ -void run_rk_check(); - -/* start_rk_daemon: Runs run_rk_check periodically. - */ -void start_rk_daemon(); - +void run_rk_check(void); /*** Plugins prototypes ***/ -void check_rc_files(char *basedir, FILE *fp); - -void check_rc_trojans(char *basedir, FILE *fp); - -void check_rc_unixaudit(FILE *fp, void *p_list); - -void check_rc_winaudit(FILE *fp, void *p_list); - -void check_rc_winmalware(FILE *fp, void *p_list); - -void check_rc_winapps(FILE *fp, void *p_list); - -void check_rc_dev(char *basedir); - -void check_rc_sys(char *basedir); - -void check_rc_pids(); - -/* Verifies if "pid" is in the proc directory */ +void check_rc_files(const char *basedir, FILE *fp); +void check_rc_trojans(const char *basedir, FILE *fp); +void check_rc_unixaudit(FILE *fp, OSList *p_list); +void check_rc_winaudit(FILE *fp, OSList *p_list); +void check_rc_winmalware(FILE *fp, OSList *p_list); +void check_rc_winapps(FILE *fp, OSList *p_list); +void check_rc_dev(const char *basedir); +void check_rc_sys(const char *basedir); +void check_rc_pids(void); + +/* Verify if "pid" is in the proc directory */ int check_rc_readproc(int pid); -void check_rc_ports(); - -void check_open_ports(); +void check_rc_ports(void); +void check_open_ports(void); +void check_rc_if(void); -void check_rc_if(); - - -/* Global vars */ -char **rk_sys_file; -char **rk_sys_name; -int rk_sys_count; +int Read_Rootcheck_Config(const char *cfgfile); +/* Global variables */ +extern char **rk_sys_file; +extern char **rk_sys_name; +extern int rk_sys_count; /* All the ports */ -char total_ports_udp[65535 +1]; -char total_ports_tcp[65535 +1]; - +extern char total_ports_udp[65535 + 1]; +extern char total_ports_tcp[65535 + 1]; /* Process struct */ -typedef struct _Proc_Info -{ +typedef struct _Proc_Info { char *p_name; char *p_path; -}Proc_Info; - +} Proc_Info; -#endif +#endif /* __ROOTCHECK_H */ -/* EOF */