X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fsyscheckd%2Fcreate_db.c;h=91875cffb947c0b6b490e8defed530de4dd0db3b;hp=ff2a72b3a7a1dbbe62f1537311ddedabec62466d;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/syscheckd/create_db.c b/src/syscheckd/create_db.c index ff2a72b..91875cf 100755 --- a/src/syscheckd/create_db.c +++ b/src/syscheckd/create_db.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/syscheckd/create_db.c, 2011/11/02 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. @@ -8,7 +9,7 @@ * License (version 2) as published by the FSF - Free Software * Foundation * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ @@ -39,7 +40,7 @@ int check_file(char *file_name) /* New file */ sleep(1); - + debug2("%s: DEBUG: new file '%s'.", ARGV0, file_name); return(0); } @@ -54,7 +55,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) char *buf; char sha1s = '+'; struct stat statbuf; - + /* Checking if file is to be ignored */ if(syscheck.ignore) @@ -62,10 +63,10 @@ int read_file(char *file_name, int opts, OSMatch *restriction) int i = 0; while(syscheck.ignore[i] != NULL) { - if(strncasecmp(syscheck.ignore[i], file_name, + if(strncasecmp(syscheck.ignore[i], file_name, strlen(syscheck.ignore[i])) == 0) { - return(0); + return(0); } i++; @@ -78,7 +79,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) int i = 0; while(syscheck.ignore_regex[i] != NULL) { - if(OSMatch_Execute(file_name, strlen(file_name), + if(OSMatch_Execute(file_name, strlen(file_name), syscheck.ignore_regex[i])) { return(0); @@ -98,7 +99,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) merror("%s: Error accessing '%s'.",ARGV0, file_name); return(-1); } - + if(S_ISDIR(statbuf.st_mode)) { #ifdef DEBUG @@ -112,20 +113,20 @@ int read_file(char *file_name, int opts, OSMatch *restriction) /* restricting file types. */ if(restriction) { - if(!OSMatch_Execute(file_name, strlen(file_name), + if(!OSMatch_Execute(file_name, strlen(file_name), restriction)) { return(0); } } - - + + /* No S_ISLNK on windows */ #ifdef WIN32 - else if(S_ISREG(statbuf.st_mode)) + if(S_ISREG(statbuf.st_mode)) #else - else if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode)) - #endif + if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode)) + #endif { os_md5 mf_sum; os_sha1 sf_sum; @@ -152,7 +153,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) { if(S_ISREG(statbuf_lnk.st_mode)) { - if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0) + if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0) { strncpy(mf_sum, "xxx", 4); strncpy(sf_sum, "xxx", 4); @@ -160,12 +161,12 @@ int read_file(char *file_name, int opts, OSMatch *restriction) } } } - else if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0) + else if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0) #else - if(OS_MD5_SHA1_File(file_name, mf_sum, sf_sum) < 0) + if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0) #endif - + { strncpy(mf_sum, "xxx", 4); strncpy(sf_sum, "xxx", 4); @@ -182,15 +183,15 @@ int read_file(char *file_name, int opts, OSMatch *restriction) if(opts & CHECK_SEECHANGES) sha1s = 'n'; else - sha1s = '-'; + sha1s = '-'; } - - + + buf = OSHash_Get(syscheck.fp, file_name); if(!buf) { char alert_msg[912 +1]; - + alert_msg[912] = '\0'; if(opts & CHECK_SEECHANGES) @@ -203,7 +204,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) } } - + snprintf(alert_msg, 912, "%c%c%c%c%c%c%d:%d:%d:%d:%s:%s", opts & CHECK_SIZE?'+':'-', opts & CHECK_PERM?'+':'-', @@ -225,8 +226,8 @@ int read_file(char *file_name, int opts, OSMatch *restriction) /* Sending the new checksum to the analysis server */ - alert_msg[912 +1] = '\0'; - snprintf(alert_msg, 912, "%d:%d:%d:%d:%s:%s %s", + alert_msg[912] = '\0'; + snprintf(alert_msg, 912, "%d:%d:%d:%d:%s:%s %s", opts & CHECK_SIZE?(int)statbuf.st_size:0, opts & CHECK_PERM?(int)statbuf.st_mode:0, opts & CHECK_OWNER?(int)statbuf.st_uid:0, @@ -240,7 +241,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) { char alert_msg[OS_MAXSTR +1]; char c_sum[256 +2]; - + c_sum[0] = '\0'; c_sum[256] = '\0'; alert_msg[0] = '\0'; @@ -276,8 +277,8 @@ int read_file(char *file_name, int opts, OSMatch *restriction) send_syscheck_msg(alert_msg); } } - - + + /* Sleeping in here too */ if(__counter >= (syscheck.sleep_after)) { @@ -287,7 +288,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction) __counter++; - #ifdef DEBUG + #ifdef DEBUG verbose("%s: file '%s %s'",ARGV0, file_name, mf_sum); #endif } @@ -308,11 +309,11 @@ int read_file(char *file_name, int opts, OSMatch *restriction) int read_dir(char *dir_name, int opts, OSMatch *restriction) { int dir_size; - - char f_name[PATH_MAX +2]; + + char f_name[PATH_MAX +2]; DIR *dp; - - struct dirent *entry; + + struct dirent *entry; f_name[PATH_MAX +1] = '\0'; @@ -321,21 +322,21 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction) if((dir_name == NULL)||((dir_size = strlen(dir_name)) > PATH_MAX)) { merror(NULL_ERROR, ARGV0); - + return(-1); } - - + + /* Opening the directory given */ dp = opendir(dir_name); - if(!dp) + if(!dp) { if(errno == ENOTDIR) { if(read_file(dir_name, opts, restriction) == 0) return(0); } - + #ifdef WIN32 int di = 0; char *(defaultfilesn[])= { @@ -359,20 +360,20 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction) if(defaultfilesn[di] == NULL) { merror("%s: WARN: Error opening directory: '%s': %s ", - ARGV0, dir_name, strerror(errno)); + ARGV0, dir_name, strerror(errno)); } - + #else - + merror("%s: WARN: Error opening directory: '%s': %s ", ARGV0, dir_name, strerror(errno)); #endif - + return(-1); } - + /* Checking for real time flag. */ if(opts & CHECK_REALTIME) @@ -386,26 +387,28 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction) while((entry = readdir(dp)) != NULL) { char *s_name; - + /* Just ignore . and .. */ if((strcmp(entry->d_name,".") == 0) || - (strcmp(entry->d_name,"..") == 0)) + (strcmp(entry->d_name,"..") == 0)) continue; - + strncpy(f_name, dir_name, PATH_MAX); - + s_name = f_name; - + s_name += dir_size; /* checking if the file name is already null terminated */ if(*(s_name-1) != '/') *s_name++ = '/'; - + *s_name = '\0'; - + strncpy(s_name, entry->d_name, PATH_MAX - dir_size -2); + + /* Check integrity of the file */ read_file(f_name, opts, restriction); } @@ -420,11 +423,11 @@ int run_dbcheck() int i = 0; __counter = 0; - do + while(syscheck.dir[i] != NULL) { read_dir(syscheck.dir[i], syscheck.opts[i], syscheck.filerestrict[i]); i++; - }while(syscheck.dir[i] != NULL); + } return(0); } @@ -443,7 +446,7 @@ int create_db() { ErrorExit("%s: Unable to create syscheck database." ". Exiting.",ARGV0); - return(0); + return(0); } if(!OSHash_setSize(syscheck.fp, 2048)) @@ -452,14 +455,14 @@ int create_db() return(0); } - + /* dir_name can't be null */ if((syscheck.dir == NULL) || (syscheck.dir[0] == NULL)) { merror("%s: No directories to check.",ARGV0); return(-1); } - + merror("%s: INFO: Starting syscheck database (pre-scan).", ARGV0); @@ -480,7 +483,11 @@ int create_db() i++; }while(syscheck.dir[i] != NULL); - + #if defined (USEINOTIFY) || defined (WIN32) + if(syscheck.realtime && (syscheck.realtime->fd >= 0)) + verbose("%s: INFO: Real time file monitoring started.", ARGV0); + #endif + merror("%s: INFO: Finished creating syscheck database (pre-scan " "completed).", ARGV0); return(0);