X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fshared%2Freport_op.c;fp=src%2Fshared%2Freport_op.c;h=813bc74c34be3625266233cdfb4ae257c7fc1715;hp=e7236fdc07d815e3548511e10e10b194dfd68e09;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/shared/report_op.c b/src/shared/report_op.c old mode 100755 new mode 100644 index e7236fd..813bc74 --- a/src/shared/report_op.c +++ b/src/shared/report_op.c @@ -1,7 +1,4 @@ -/* @(#) $Id: ./src/shared/report_op.c, 2011/09/08 dcid Exp $ - */ - -/* Copyright (C) 2009 Trend Micro Inc. +/* Copyright (C) 2019 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it @@ -10,506 +7,412 @@ * Foundation */ - #include "shared.h" +/* Helper functions */ +static void l_print_out(const char *msg, ...) __attribute__((format(printf, 1, 2))) __attribute__((nonnull)); +static void *_os_report_sort_compare(void *d1, void *d2) __attribute__((nonnull)); +static void _os_header_print(int t, const char *hname) __attribute__((nonnull)); +static int _os_report_str_int_compare(const char *str, int id) __attribute__((nonnull)); +static int _os_report_check_filters(const alert_data *al_data, const report_filter *r_filter) __attribute__((nonnull)); +static int _report_filter_value(const char *filter_by, int prev_filter) __attribute__((nonnull)); +static int _os_report_print_related(int print_related, OSList *st_data) __attribute__((nonnull)); +static int _os_report_add_tostore(const char *key, OSStore *top, void *data) __attribute__((nonnull(1, 2))); +static FILE *__g_rtype = NULL; -/** Helper functions. */ -FILE *__g_rtype = NULL; -void l_print_out(const char *msg, ...) + +static void l_print_out(const char *msg, ...) { va_list args; va_start(args, msg); - if(__g_rtype) - { + if (__g_rtype) { (void)vfprintf(__g_rtype, msg, args); - (void)fprintf(__g_rtype, "\n"); - } - else - { + (void)fprintf(__g_rtype, "\r\n"); + } else { (void)vfprintf(stderr, msg, args); - (void)fprintf(stderr, "\n"); + (void)fprintf(stderr, "\r\n"); } va_end(args); } - -/* Sort function used by OSStore sort. - * Returns if d1 > d2. +/* Sort function used by OSStore sort + * Returns if d1 > d2 */ -void *_os_report_sort_compare(void *d1, void *d2) +static void *_os_report_sort_compare(void *d1, void *d2) { - OSList *d1l = (OSList *)d1; - OSList *d2l = (OSList *)d2; + OSList *d1l = (OSList *)d1; + OSList *d2l = (OSList *)d2; - if(d1l->currently_size > d2l->currently_size) - { - return(d1l); - } + if (d1l->currently_size > d2l->currently_size) { + return (d1l); + } - return(NULL); + return (NULL); } - -/* Print output header. */ -void _os_header_print(int t, char *hname) +/* Print output header */ +static void _os_header_print(int t, const char *hname) { - if(!t) - { + if (!t) { l_print_out("Top entries for '%s':", hname); l_print_out("------------------------------------------------"); - } - else - { + } else { l_print_out("Related entries for '%s':", hname); l_print_out("------------------------------------------------"); } } - -/* Compares if the id is present in the string. */ -int _os_report_str_int_compare(char *str, int id) +/* Compare if the id is present in the string */ +static int _os_report_str_int_compare(const char *str, int id) { int pt_check = 0; - do - { - if((*str == ',')||(*str == ' ')) - { + do { + if ((*str == ',') || (*str == ' ')) { pt_check = 0; continue; - } - else if(*str == '\0') - { + } else if (*str == '\0') { break; - } - else if(isdigit((int)*str)) - { - if(pt_check == 0) - { - if(id == atoi(str)) - { - return(1); + } else if (isdigit((int)*str)) { + if (pt_check == 0) { + if (id == atoi(str)) { + return (1); } } pt_check = 1; + } else { + return (-1); } - else - { - return(-1); - } - }while(*str++ != '\0'); + } while (*str++ != '\0'); - return(0); + return (0); } - - -/* Check if the al_data should be filtered. */ -int _os_report_check_filters(alert_data *al_data, report_filter *r_filter) +/* Check if the al_data should be filtered */ +static int _os_report_check_filters(const alert_data *al_data, const report_filter *r_filter) { - /* Checking for the filters. */ - if(r_filter->group) - { - if(al_data->group) /* Probably unnecessary, all (?) alerts should have groups) */ - { - if(!strstr(al_data->group, r_filter->group)) - { - return(0); - } - } - } - if(r_filter->rule) - { - if(_os_report_str_int_compare(r_filter->rule, al_data->rule) != 1) - { - return(0); + /* Check for the filters */ + if (r_filter->group) { + if (al_data->group) { /* Probably unnecessary, all (?) alerts should have groups) */ + if (!strstr(al_data->group, r_filter->group)) { + return (0); + } } } - if(r_filter->location) - { - if(!OS_Match(r_filter->location, al_data->location)) - { - return(0); + if (r_filter->rule) { + if (_os_report_str_int_compare(r_filter->rule, al_data->rule) != 1) { + return (0); } } - if(r_filter->level) - { - if(al_data->level < atoi(r_filter->level)) - { - return(0); + if (r_filter->location) { + if (!OS_Match(r_filter->location, al_data->location)) { + return (0); } } - if(r_filter->srcip) - { - - if(al_data->srcip) - { - if(!strstr(al_data->srcip, r_filter->srcip)) - { - return(0); - } - } - } - if(r_filter->user) - { - if(al_data->user) - { - if(!strstr(al_data->user, r_filter->user)) - { - return(0); - } - } - } - if(r_filter->files) - { - if(al_data->filename) - { - if(!strstr(al_data->filename, r_filter->files)) - { - return(0); - } - } - } - return(1); -} - - - -/* Sets the proper value for the related entries. */ -int _report_filter_value(char *filter_by, int prev_filter) -{ - if(strcmp(filter_by, "group") == 0) - { - if(!(prev_filter & REPORT_REL_GROUP)) - { - prev_filter|=REPORT_REL_GROUP; + if (r_filter->level) { + if (al_data->level < (unsigned int) atoi(r_filter->level)) { + return (0); } - return(prev_filter); } - else if(strcmp(filter_by, "rule") == 0) - { - if(!(prev_filter & REPORT_REL_RULE)) - { - prev_filter|=REPORT_REL_RULE; + if (r_filter->srcip) { + if(!al_data->srcip) { + return(0); } - return(prev_filter); - } - else if(strcmp(filter_by, "level") == 0) - { - if(!(prev_filter & REPORT_REL_LEVEL)) - { - prev_filter|=REPORT_REL_LEVEL; + if (al_data->srcip) { + if (!strstr(al_data->srcip, r_filter->srcip)) { + return (0); + } + } else { + return (0); } - return(prev_filter); } - else if(strcmp(filter_by, "location") == 0) - { - if(!(prev_filter & REPORT_REL_LOCATION)) - { - prev_filter|=REPORT_REL_LOCATION; + if (r_filter->user) { + if(!al_data->user) { + return(0); } - return(prev_filter); - } - else if(strcmp(filter_by, "srcip") == 0) - { - if(!(prev_filter & REPORT_REL_SRCIP)) - { - prev_filter|=REPORT_REL_SRCIP; + if (al_data->user) { + if (!strstr(al_data->user, r_filter->user)) { + return (0); + } + } else { + return (0); } - return(prev_filter); } - else if(strcmp(filter_by, "user") == 0) - { - if(!(prev_filter & REPORT_REL_USER)) - { - prev_filter|=REPORT_REL_USER; + if (r_filter->files) { + if(!al_data->filename) { + return(0); } - return(prev_filter); - } - else if(strcmp(filter_by, "filename") == 0) - { - if(!(prev_filter & REPORT_REL_FILE)) - { - prev_filter|=REPORT_REL_FILE; + if (al_data->filename) { + if (!strstr(al_data->filename, r_filter->files)) { + return (0); + } + } else { + return (0); } - return(prev_filter); } - else - { + return (1); +} + +/* Set the proper value for the related entries */ +static int _report_filter_value(const char *filter_by, int prev_filter) +{ + if (strcmp(filter_by, "group") == 0) { + if (!(prev_filter & REPORT_REL_GROUP)) { + prev_filter |= REPORT_REL_GROUP; + } + return (prev_filter); + } else if (strcmp(filter_by, "rule") == 0) { + if (!(prev_filter & REPORT_REL_RULE)) { + prev_filter |= REPORT_REL_RULE; + } + return (prev_filter); + } else if (strcmp(filter_by, "level") == 0) { + if (!(prev_filter & REPORT_REL_LEVEL)) { + prev_filter |= REPORT_REL_LEVEL; + } + return (prev_filter); + } else if (strcmp(filter_by, "location") == 0) { + if (!(prev_filter & REPORT_REL_LOCATION)) { + prev_filter |= REPORT_REL_LOCATION; + } + return (prev_filter); + } else if (strcmp(filter_by, "srcip") == 0) { + if (!(prev_filter & REPORT_REL_SRCIP)) { + prev_filter |= REPORT_REL_SRCIP; + } + return (prev_filter); + } else if (strcmp(filter_by, "user") == 0) { + if (!(prev_filter & REPORT_REL_USER)) { + prev_filter |= REPORT_REL_USER; + } + return (prev_filter); + } else if (strcmp(filter_by, "filename") == 0) { + if (!(prev_filter & REPORT_REL_FILE)) { + prev_filter |= REPORT_REL_FILE; + } + return (prev_filter); + } else { merror("%s: ERROR: Invalid relation '%s'.", __local_name, filter_by); - return(-1); + return (-1); } } - - -/* Prints related entries. */ -int _os_report_print_related(int print_related, OSList *st_data) +/* Print related entries */ +static int _os_report_print_related(int print_related, OSList *st_data) { OSListNode *list_entry; alert_data *list_aldata; alert_data *saved_aldata; - list_entry = OSList_GetFirstNode(st_data); - while(list_entry) - { + while (list_entry) { saved_aldata = (alert_data *)list_entry->data; - /* Removing duplicates. */ + /* Remove duplicates */ list_entry = list_entry->prev; - while(list_entry) - { - if(print_related & REPORT_REL_LOCATION) - { + while (list_entry) { + if (print_related & REPORT_REL_LOCATION) { list_aldata = (alert_data *)list_entry->data; - if(strcmp(list_aldata->location, saved_aldata->location) == 0) - { + if (strcmp(list_aldata->location, saved_aldata->location) == 0) { break; } } - else if(print_related & REPORT_REL_GROUP) - { + else if (print_related & REPORT_REL_GROUP) { list_aldata = (alert_data *)list_entry->data; - if(strcmp(list_aldata->group, saved_aldata->group) == 0) - { + if (strcmp(list_aldata->group, saved_aldata->group) == 0) { break; } } - else if(print_related & REPORT_REL_RULE) - { + else if (print_related & REPORT_REL_RULE) { list_aldata = (alert_data *)list_entry->data; - if(list_aldata->rule == saved_aldata->rule) - { + if (list_aldata->rule == saved_aldata->rule) { break; } } - else if(print_related & REPORT_REL_USER) - { + else if (print_related & REPORT_REL_USER) { list_aldata = (alert_data *)list_entry->data; - if(list_aldata->user == NULL || saved_aldata->user == NULL) - { - } - else if(strcmp(list_aldata->user, saved_aldata->user) == 0) - { + if (list_aldata->user == NULL || saved_aldata->user == NULL) { + } else if (strcmp(list_aldata->user, saved_aldata->user) == 0) { break; } } - else if(print_related & REPORT_REL_SRCIP) - { + else if (print_related & REPORT_REL_SRCIP) { list_aldata = (alert_data *)list_entry->data; - if(list_aldata->srcip == NULL || saved_aldata->srcip == NULL) - { - } - else if(strcmp(list_aldata->srcip, saved_aldata->srcip) == 0) - { + if (list_aldata->srcip == NULL || saved_aldata->srcip == NULL) { + } else if (strcmp(list_aldata->srcip, saved_aldata->srcip) == 0) { break; } } - else if(print_related & REPORT_REL_LEVEL) - { + else if (print_related & REPORT_REL_LEVEL) { list_aldata = (alert_data *)list_entry->data; - if(list_aldata->level == saved_aldata->level) - { + if (list_aldata->level == saved_aldata->level) { break; } - } - else if(print_related & REPORT_REL_FILE) - { + } else if (print_related & REPORT_REL_FILE) { list_aldata = (alert_data *)list_entry->data; - if(list_aldata->filename == NULL || saved_aldata->filename == NULL) - { - } - else if(strcmp(list_aldata->filename, saved_aldata->filename) == 0) - { + if (list_aldata->filename == NULL || saved_aldata->filename == NULL) { + } else if (strcmp(list_aldata->filename, saved_aldata->filename) == 0) { break; } } list_entry = list_entry->prev; } - if(!list_entry) - { - if(print_related & REPORT_REL_LOCATION) + if (!list_entry) { + if (print_related & REPORT_REL_LOCATION) { l_print_out(" location: '%s'", saved_aldata->location); - else if(print_related & REPORT_REL_GROUP) + } else if (print_related & REPORT_REL_GROUP) { l_print_out(" group: '%s'", saved_aldata->group); - else if(print_related & REPORT_REL_RULE) + } else if (print_related & REPORT_REL_RULE) { l_print_out(" rule: '%d'", saved_aldata->rule); - else if((print_related & REPORT_REL_SRCIP) && saved_aldata->srcip) + } else if ((print_related & REPORT_REL_SRCIP) && saved_aldata->srcip) { l_print_out(" srcip: '%s'", saved_aldata->srcip); - else if((print_related & REPORT_REL_USER) && saved_aldata->user) + } else if ((print_related & REPORT_REL_USER) && saved_aldata->user) { l_print_out(" user: '%s'", saved_aldata->user); - else if(print_related & REPORT_REL_LEVEL) + } else if (print_related & REPORT_REL_LEVEL) { l_print_out(" level: '%d'", saved_aldata->level); - else if((print_related & REPORT_REL_FILE) && saved_aldata->filename) + } else if ((print_related & REPORT_REL_FILE) && saved_aldata->filename) { l_print_out(" filename: '%s'", saved_aldata->filename); + } } list_entry = OSList_GetNextNode(st_data); } - return(0); + return (0); } - - -/* Add the entry to the hash. */ -int _os_report_add_tostore(char *key, OSStore *top, void *data) +/* Add the entry to the hash */ +static int _os_report_add_tostore(const char *key, OSStore *top, void *data) { OSList *top_list; - /* Adding data to the hash. */ - top_list = OSStore_Get(top, key); - if(top_list) - { + /* Add data to the hash */ + top_list = (OSList *) OSStore_Get(top, key); + if (top_list) { OSList_AddData(top_list, data); - } - else - { + } else { top_list = OSList_Create(); - if(!top_list) - { - merror(MEM_ERROR, __local_name); - return(0); + if (!top_list) { + merror(MEM_ERROR, __local_name, errno, strerror(errno)); + return (0); } OSList_AddData(top_list, data); OSStore_Put(top, key, top_list); } - return(1); + return (1); } - - -void os_report_printtop(void *topstore_pt, char *hname, int print_related) +void os_report_printtop(void *topstore_pt, const char *hname, int print_related) { int dopdout = 0; OSStore *topstore = (OSStore *)topstore_pt; OSStoreNode *next_node; next_node = OSStore_GetFirstNode(topstore); - while(next_node) - { + while (next_node) { OSList *st_data = (OSList *)next_node->data; char *lkey = (char *)next_node->key; - - /* With location we leave more space to be clearer. */ - if(!print_related) - { - if(strlen(lkey) > 76) - { + /* With location we leave more space to be clearer */ + if (!print_related) { + if (strlen(lkey) > 76) { lkey[74] = '.'; lkey[75] = '.'; lkey[76] = '\0'; } - if(!dopdout) - { + if (!dopdout) { _os_header_print(print_related, hname); dopdout = 1; } l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size); } - - /* Print each destination. */ - else - { - if(!dopdout) - { + /* Print each destination */ + else { + if (!dopdout) { _os_header_print(print_related, hname); dopdout = 1; } l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size); - if(print_related & REPORT_REL_LOCATION) + if (print_related & REPORT_REL_LOCATION) { _os_report_print_related(REPORT_REL_LOCATION, st_data); - if(print_related & REPORT_REL_SRCIP) + } + if (print_related & REPORT_REL_SRCIP) { _os_report_print_related(REPORT_REL_SRCIP, st_data); - if(print_related & REPORT_REL_USER) + } + if (print_related & REPORT_REL_USER) { _os_report_print_related(REPORT_REL_USER, st_data); - if(print_related & REPORT_REL_RULE) + } + if (print_related & REPORT_REL_RULE) { _os_report_print_related(REPORT_REL_RULE, st_data); - if(print_related & REPORT_REL_GROUP) + } + if (print_related & REPORT_REL_GROUP) { _os_report_print_related(REPORT_REL_GROUP, st_data); - if(print_related & REPORT_REL_LEVEL) + } + if (print_related & REPORT_REL_LEVEL) { _os_report_print_related(REPORT_REL_LEVEL, st_data); - if(print_related & REPORT_REL_FILE) + } + if (print_related & REPORT_REL_FILE) { _os_report_print_related(REPORT_REL_FILE, st_data); - + } } next_node = next_node->next; } - - if(dopdout == 1) - { + if (dopdout == 1) { l_print_out(" "); l_print_out(" "); } return; } - - void os_ReportdStart(report_filter *r_filter) { int alerts_processed = 0; int alerts_filtered = 0; char *first_alert = NULL; char *last_alert = NULL; - void **data_to_clean = NULL; - + alert_data **data_to_clean = NULL; time_t tm; struct tm *p; - file_queue *fileq; alert_data *al_data; - - /* Getting current time before starting */ + /* Get current time before starting */ tm = time(NULL); p = localtime(&tm); - - - - /* Initating file queue - to read the alerts */ + /* Initiate file queue - to read the alerts */ os_calloc(1, sizeof(file_queue), fileq); - if(r_filter->report_type == REPORT_TYPE_DAILY && r_filter->filename) - { + if (r_filter->report_type == REPORT_TYPE_DAILY && r_filter->filename) { fileq->fp = fopen(r_filter->filename, "r"); - if(!fileq->fp) - { + if (!fileq->fp) { merror("%s: ERROR: Unable to open alerts file to generate report.", __local_name); - return; + goto cleanup; } - if(r_filter->fp) - { + if (r_filter->fp) { __g_rtype = r_filter->fp; } - } - else - { + } else { fileq->fp = stdin; } - - /* Creating top hashes. */ + /* Create top hashes */ r_filter->top_user = OSStore_Create(); r_filter->top_srcip = OSStore_Create(); r_filter->top_level = OSStore_Create(); @@ -518,137 +421,161 @@ void os_ReportdStart(report_filter *r_filter) r_filter->top_location = OSStore_Create(); r_filter->top_files = OSStore_Create(); - Init_FileQueue(fileq, p, CRALERT_READ_ALL|CRALERT_FP_SET); + if (!r_filter->top_user || !r_filter->top_srcip || !r_filter->top_level || !r_filter->top_rule + || !r_filter->top_group || !r_filter->top_location || !r_filter->top_files) { + merror(MEM_ERROR, __local_name, errno, strerror((errno))); + if (r_filter->top_user) { + OSStore_Free(r_filter->top_user); + } + if (r_filter->top_srcip) { + OSStore_Free(r_filter->top_srcip); + } + if (r_filter->top_level) { + OSStore_Free(r_filter->top_level); + } + if (r_filter->top_rule) { + OSStore_Free(r_filter->top_rule); + } + if (r_filter->top_group) { + OSStore_Free(r_filter->top_group); + } + if (r_filter->top_location) { + OSStore_Free(r_filter->top_location); + } + if (r_filter->top_files) { + OSStore_Free(r_filter->top_files); + } + + goto cleanup; + } - /* Reading the alerts. */ - while(1) - { + + Init_FileQueue(fileq, p, CRALERT_READ_ALL | CRALERT_FP_SET); + + /* Read the alerts */ + while (1) { /* Get message if available */ al_data = Read_FileMon(fileq, p, 1); - if(!al_data) - { + if (!al_data) { break; } alerts_processed++; - - /* Checking the filters. */ - if(!_os_report_check_filters(al_data, r_filter)) - { + /* Check the filters */ + if (!_os_report_check_filters(al_data, r_filter)) { FreeAlertData(al_data); continue; } - alerts_filtered++; - data_to_clean = os_AddPtArray(al_data, data_to_clean); + data_to_clean = (alert_data **) os_AddPtArray(al_data, (void **)data_to_clean); - - /* Setting first and last alert for summary. */ - if(!first_alert) + /* Set first and last alert for summary */ + if (!first_alert) { first_alert = al_data->date; + } last_alert = al_data->date; - - /* Adding source ip if it is set properly. */ - if(al_data->srcip != NULL && strcmp(al_data->srcip, "(none)") != 0) + /* Add source IP if it is set properly */ + if (al_data->srcip != NULL && strcmp(al_data->srcip, "(none)") != 0) { _os_report_add_tostore(al_data->srcip, r_filter->top_srcip, al_data); + } - - /* Adding user if it is set properly. */ - if(al_data->user != NULL && strcmp(al_data->user, "(none)") != 0) + /* Add user if it is set properly */ + if (al_data->user != NULL && strcmp(al_data->user, "(none)") != 0) { _os_report_add_tostore(al_data->user, r_filter->top_user, al_data); + } - - /* Adding level and severity. */ + /* Add level and severity */ { char mlevel[16]; - char mrule[76 +1]; + char mrule[76 + 1]; mrule[76] = '\0'; snprintf(mlevel, 16, "Severity %d" , al_data->level); snprintf(mrule, 76, "%d - %s" , al_data->rule, al_data->comment); - _os_report_add_tostore(strdup(mlevel), r_filter->top_level, + _os_report_add_tostore(mlevel, r_filter->top_level, al_data); - _os_report_add_tostore(strdup(mrule), r_filter->top_rule, + _os_report_add_tostore(mrule, r_filter->top_rule, al_data); } - /* Dealing with the group. */ + /* Deal with the group */ { char *tmp_str; char **mgroup; mgroup = OS_StrBreak(',', al_data->group, 32); - if(mgroup) - { - while(*mgroup) - { + if (mgroup) { + while (*mgroup) { tmp_str = *mgroup; - while(*tmp_str == ' ') + while (*tmp_str == ' ') { tmp_str++; - if(*tmp_str == '\0') - { + } + if (*tmp_str == '\0') { + free(*mgroup); mgroup++; continue; } _os_report_add_tostore(tmp_str, r_filter->top_group, al_data); + + free(*mgroup); mgroup++; } - } - else - { + + //free(mgroup); + } else { tmp_str = al_data->group; - while(*tmp_str == ' ') + while (*tmp_str == ' ') { tmp_str++; - if(*tmp_str != '\0') - { + } + if (*tmp_str != '\0') { _os_report_add_tostore(tmp_str, r_filter->top_group, al_data); } } } - - /* Adding to the location top filter. */ + /* Add to the location top filter */ _os_report_add_tostore(al_data->location, r_filter->top_location, al_data); - - if(al_data->filename != NULL) - { + if (al_data->filename != NULL) { _os_report_add_tostore(al_data->filename, r_filter->top_files, al_data); } } + + /* No report available */ - if(alerts_filtered == 0) - { - if(!r_filter->report_name) + if (alerts_filtered == 0) { + if (!r_filter->report_name) { merror("%s: INFO: Report completed and zero alerts post-filter.", __local_name); - else + } else { merror("%s: INFO: Report '%s' completed and zero alerts post-filter.", __local_name, r_filter->report_name); - return; - } + } + goto cleanup; + } - if(r_filter->report_name) + if (r_filter->report_name) { verbose("%s: INFO: Report '%s' completed. Creating output...", __local_name, r_filter->report_name); - else + } else { verbose("%s: INFO: Report completed. Creating output...", __local_name); - + } l_print_out(" "); - if(r_filter->report_name) + if (r_filter->report_name) { l_print_out("Report '%s' completed.", r_filter->report_name); - else + } else { l_print_out("Report completed. =="); + } l_print_out("------------------------------------------------"); l_print_out("->Processed alerts: %d", alerts_processed); @@ -666,201 +593,154 @@ void os_ReportdStart(report_filter *r_filter) OSStore_Sort(r_filter->top_rule, _os_report_sort_compare); OSStore_Sort(r_filter->top_files, _os_report_sort_compare); - if(r_filter->top_srcip) - os_report_printtop(r_filter->top_srcip, "Source ip", 0); - - if(r_filter->top_user) - os_report_printtop(r_filter->top_user, "Username", 0); - - if(r_filter->top_level) - os_report_printtop(r_filter->top_level, "Level", 0); - - if(r_filter->top_group) - os_report_printtop(r_filter->top_group, "Group", 0); - - if(r_filter->top_location) - os_report_printtop(r_filter->top_location, "Location", 0); + os_report_printtop(r_filter->top_srcip, "Source ip", 0); + os_report_printtop(r_filter->top_user, "Username", 0); + os_report_printtop(r_filter->top_level, "Level", 0); + os_report_printtop(r_filter->top_group, "Group", 0); + os_report_printtop(r_filter->top_location, "Location", 0); + os_report_printtop(r_filter->top_rule, "Rule", 0); + os_report_printtop(r_filter->top_files, "Filenames", 0); - if(r_filter->top_rule) - os_report_printtop(r_filter->top_rule, "Rule", 0); - - if(r_filter->top_files) - os_report_printtop(r_filter->top_files, "Filenames", 0); - - - /* Print related events. */ - if(r_filter->related_srcip) + /* Print related events */ + if (r_filter->related_srcip) os_report_printtop(r_filter->top_srcip, "Source ip", r_filter->related_srcip); - if(r_filter->related_user) + if (r_filter->related_user) os_report_printtop(r_filter->top_user, "Username", r_filter->related_user); - if(r_filter->related_level) + if (r_filter->related_level) os_report_printtop(r_filter->top_level, "Level", r_filter->related_level); - if(r_filter->related_group) + if (r_filter->related_group) os_report_printtop(r_filter->top_group, "Group", r_filter->related_group); - if(r_filter->related_location) + if (r_filter->related_location) os_report_printtop(r_filter->top_location, "Location", r_filter->related_location); - if(r_filter->related_rule) + if (r_filter->related_rule) os_report_printtop(r_filter->top_rule, "Rule", r_filter->related_rule); - if(r_filter->related_file) + if (r_filter->related_file) os_report_printtop(r_filter->top_files, "Filename", r_filter->related_file); - - /* If we have to dump the alerts. */ - if(data_to_clean) - { + /* If we have to dump the alerts */ + if (data_to_clean) { int i = 0; - if(r_filter->show_alerts) - { + if (r_filter->show_alerts) { l_print_out("Log dump:"); l_print_out("------------------------------------------------"); } - while(data_to_clean[i]) - { + while (data_to_clean[i]) { alert_data *md = data_to_clean[i]; - if(r_filter->show_alerts) + if (r_filter->show_alerts) { l_print_out("%s %s\nRule: %d (level %d) -> '%s'\n%s\n\n", md->date, md->location, md->rule, md->level, md->comment, md->log[0]); + } FreeAlertData(md); i++; } free(data_to_clean); data_to_clean = NULL; } -} - - + cleanup: + if (fileq->fp && fileq->fp != stdin) { + fclose(fileq->fp); + } + free(fileq); +} -/** int os_report_check_filters(char *filter_by, char *filter_value, - * report_filter *r_filter) - * Checks the configuration filters. - */ -int os_report_configfilter(char *filter_by, char *filter_value, +/* Check the configuration filters */ +int os_report_configfilter(const char *filter_by, const char *filter_value, report_filter *r_filter, int arg_type) { - if(!filter_by || !filter_value) - { - return(-1); + if (!filter_by || !filter_value) { + return (-1); } - if(arg_type == REPORT_FILTER) - { - if(strcmp(filter_by, "group") == 0) - { + if (arg_type == REPORT_FILTER) { + if (strcmp(filter_by, "group") == 0) { r_filter->group = filter_value; - } - else if(strcmp(filter_by, "rule") == 0) - { + } else if (strcmp(filter_by, "rule") == 0) { r_filter->rule = filter_value; - } - else if(strcmp(filter_by, "level") == 0) - { + } else if (strcmp(filter_by, "level") == 0) { r_filter->level = filter_value; - } - else if(strcmp(filter_by, "location") == 0) - { + } else if (strcmp(filter_by, "location") == 0) { r_filter->location = filter_value; - } - else if(strcmp(filter_by, "user") == 0) - { + } else if (strcmp(filter_by, "user") == 0) { r_filter->user = filter_value; - } - else if(strcmp(filter_by, "srcip") == 0) - { + } else if (strcmp(filter_by, "srcip") == 0) { r_filter->srcip = filter_value; - } - else if(strcmp(filter_by, "filename") == 0) - { + } else if (strcmp(filter_by, "filename") == 0) { r_filter->files = filter_value; - } - else - { + } else { merror("%s: ERROR: Invalid filter '%s'.", __local_name, filter_by); - return(-1); + return (-1); } - } - else - { - if(strcmp(filter_by, "group") == 0) - { + } else { + if (strcmp(filter_by, "group") == 0) { r_filter->related_group = - _report_filter_value(filter_value, r_filter->related_group); + _report_filter_value(filter_value, r_filter->related_group); - if(r_filter->related_group == -1) - return(-1); - } - else if(strcmp(filter_by, "rule") == 0) - { + if (r_filter->related_group == -1) { + return (-1); + } + } else if (strcmp(filter_by, "rule") == 0) { r_filter->related_rule = - _report_filter_value(filter_value, r_filter->related_rule); + _report_filter_value(filter_value, r_filter->related_rule); - if(r_filter->related_rule == -1) - return(-1); - } - else if(strcmp(filter_by, "level") == 0) - { + if (r_filter->related_rule == -1) { + return (-1); + } + } else if (strcmp(filter_by, "level") == 0) { r_filter->related_level = - _report_filter_value(filter_value, r_filter->related_level); + _report_filter_value(filter_value, r_filter->related_level); - if(r_filter->related_level == -1) - return(-1); - } - else if(strcmp(filter_by, "location") == 0) - { + if (r_filter->related_level == -1) { + return (-1); + } + } else if (strcmp(filter_by, "location") == 0) { r_filter->related_location = - _report_filter_value(filter_value, r_filter->related_location); + _report_filter_value(filter_value, r_filter->related_location); - if(r_filter->related_location == -1) - return(-1); - } - else if(strcmp(filter_by, "srcip") == 0) - { + if (r_filter->related_location == -1) { + return (-1); + } + } else if (strcmp(filter_by, "srcip") == 0) { r_filter->related_srcip = - _report_filter_value(filter_value, r_filter->related_srcip); + _report_filter_value(filter_value, r_filter->related_srcip); - if(r_filter->related_srcip == -1) - return(-1); - } - else if(strcmp(filter_by, "user") == 0) - { + if (r_filter->related_srcip == -1) { + return (-1); + } + } else if (strcmp(filter_by, "user") == 0) { r_filter->related_user = - _report_filter_value(filter_value, r_filter->related_user); + _report_filter_value(filter_value, r_filter->related_user); - if(r_filter->related_user == -1) - return(-1); - } - else if(strcmp(filter_by, "filename") == 0) - { + if (r_filter->related_user == -1) { + return (-1); + } + } else if (strcmp(filter_by, "filename") == 0) { r_filter->related_file = - _report_filter_value(filter_value, r_filter->related_file); + _report_filter_value(filter_value, r_filter->related_file); - if(r_filter->related_file == -1) - return(-1); - } - else - { + if (r_filter->related_file == -1) { + return (-1); + } + } else { merror("%s: ERROR: Invalid related entry '%s'.", __local_name, filter_by); - return(-1); + return (-1); } } - return(0); + return (0); } - - -/* EOF */