1 /* @(#) $Id: active-response.c,v 1.15 2009/06/24 17:06:24 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
14 #include "os_xml/os_xml.h"
15 #include "os_regex/os_regex.h"
17 #include "active-response.h"
20 /** int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
21 * Generates a list with all active responses.
23 int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
32 char *xml_ar_command = "command";
33 char *xml_ar_location = "location";
34 char *xml_ar_agent_id = "agent_id";
35 char *xml_ar_rules_id = "rules_id";
36 char *xml_ar_rules_group = "rules_group";
37 char *xml_ar_level = "level";
38 char *xml_ar_timeout = "timeout";
39 char *xml_ar_disabled = "disabled";
44 /* Currently active response */
45 active_response *tmp_ar;
48 /* Opening shared ar file */
49 fp = fopen(DEFAULTARPATH, "a");
52 merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH);
55 chmod(DEFAULTARPATH, 0444);
58 /* Allocating for the active-response */
59 tmp_ar = calloc(1, sizeof(active_response));
62 merror(MEM_ERROR, ARGV0);
66 /* Initializing variables */
68 tmp_ar->command = NULL;
72 tmp_ar->agent_id = NULL;
73 tmp_ar->rules_id = NULL;
74 tmp_ar->rules_group = NULL;
75 tmp_ar->ar_cmd = NULL;
80 /* Searching for the commands */
85 merror(XML_ELEMNULL, ARGV0);
88 else if(!node[i]->content)
90 merror(XML_VALUENULL, ARGV0, node[i]->element);
95 if(strcmp(node[i]->element, xml_ar_command) == 0)
97 tmp_ar->command = strdup(node[i]->content);
100 else if(strcmp(node[i]->element, xml_ar_location) == 0)
102 tmp_location = strdup(node[i]->content);
104 else if(strcmp(node[i]->element, xml_ar_agent_id) == 0)
106 tmp_ar->agent_id = strdup(node[i]->content);
108 else if(strcmp(node[i]->element, xml_ar_rules_id) == 0)
110 tmp_ar->rules_id = strdup(node[i]->content);
112 else if(strcmp(node[i]->element, xml_ar_rules_group) == 0)
114 tmp_ar->rules_group = strdup(node[i]->content);
116 else if(strcmp(node[i]->element, xml_ar_level) == 0)
118 /* Level must be numeric */
119 if(!OS_StrIsNum(node[i]->content))
121 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
125 tmp_ar->level = atoi(node[i]->content);
127 /* Making sure the level is valid */
128 if((tmp_ar->level < 0) || (tmp_ar->level > 20))
130 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
134 else if(strcmp(node[i]->element, xml_ar_timeout) == 0)
136 tmp_ar->timeout = atoi(node[i]->content);
138 else if(strcmp(node[i]->element, xml_ar_disabled) == 0)
140 if(strcmp(node[i]->content, "yes") == 0)
144 else if(strcmp(node[i]->content, "no") == 0)
146 /* Don't do anything if disabled is set to "no" */
150 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
156 merror(XML_INVELEM, ARGV0, node[i]->element);
162 /* Checking if ar is disabled */
169 /* Command and location must be there */
170 if(!tmp_ar->command || !tmp_location)
172 merror(AR_MISS, ARGV0);
177 if(OS_Regex("AS|analysisd|analysis-server|server", tmp_location))
179 tmp_ar->location|= AS_ONLY;
182 if(OS_Regex("local", tmp_location))
184 tmp_ar->location|= REMOTE_AGENT;
187 if(OS_Regex("defined-agent", tmp_location))
189 if(!tmp_ar->agent_id)
191 merror(AR_DEF_AGENT, ARGV0);
195 tmp_ar->location|= SPECIFIC_AGENT;
198 if(OS_Regex("all|any", tmp_location))
200 tmp_ar->location|=ALL_AGENTS;
203 /* If we didn't set any value for the location */
204 if(tmp_ar->location == 0)
206 merror(AR_INV_LOC, ARGV0, tmp_location);
211 /* cleaning tmp_location */
216 /* Checking if command name is valid */
218 OSListNode *my_commands_node;
220 my_commands_node = OSList_GetFirstNode(d1);
221 while(my_commands_node)
223 ar_command *my_command;
224 my_command = (ar_command *)my_commands_node->data;
226 if(strcmp(my_command->name, tmp_ar->command) == 0)
228 tmp_ar->ar_cmd = my_command;
232 my_commands_node = OSList_GetNextNode(d1);
235 /* Didn't find a valid command */
236 if(tmp_ar->ar_cmd == NULL)
238 merror(AR_INV_CMD, ARGV0, tmp_ar->command);
243 /* Checking if timeout is allowed */
244 if(tmp_ar->timeout && !tmp_ar->ar_cmd->timeout_allowed)
246 merror(AR_NO_TIMEOUT, ARGV0, tmp_ar->ar_cmd->name);
250 /* d1 is the active response list */
251 if(!OSList_AddData(d2, (void *)tmp_ar))
253 merror(LIST_ADD_ERROR, ARGV0);
258 /* Setting a unique active response name */
259 tmp_ar->name = calloc(OS_FLSIZE +1, sizeof(char));
262 ErrorExit(MEM_ERROR, ARGV0);
264 snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
265 tmp_ar->ar_cmd->name,
269 /* Adding to shared file */
270 fprintf(fp, "%s - %s - %d\n",
272 tmp_ar->ar_cmd->executable,
276 /* Setting the configs to start the right queues */
277 if(tmp_ar->location & AS_ONLY)
281 if(tmp_ar->location & ALL_AGENTS)
285 if(tmp_ar->location & REMOTE_AGENT)
290 if(tmp_ar->location & SPECIFIC_AGENT)
295 /* Setting the configuration for the active response */
296 if(r_ar && (!(ar_flag & REMOTE_AR)))
300 if(l_ar && (!(ar_flag & LOCAL_AR)))
305 /* Closing shared file for active response */
314 /** int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
316 int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
320 char *tmp_str = NULL;
323 char *command_name = "name";
324 char *command_expect = "expect";
325 char *command_executable = "executable";
326 char *timeout_allowed = "timeout_allowed";
328 ar_command *tmp_command;
331 /* Allocating the active-response command */
332 tmp_command = calloc(1, sizeof(ar_command));
335 merror(MEM_ERROR, ARGV0);
339 tmp_command->name = NULL;
340 tmp_command->expect= 0;
341 tmp_command->executable = NULL;
342 tmp_command->timeout_allowed = 0;
345 /* Searching for the commands */
348 if(!node[i]->element)
350 merror(XML_ELEMNULL, ARGV0);
353 else if(!node[i]->content)
355 merror(XML_VALUENULL, ARGV0, node[i]->element);
358 if(strcmp(node[i]->element, command_name) == 0)
360 tmp_command->name = strdup(node[i]->content);
362 else if(strcmp(node[i]->element, command_expect) == 0)
364 tmp_str = strdup(node[i]->content);
366 else if(strcmp(node[i]->element, command_executable) == 0)
368 tmp_command->executable = strdup(node[i]->content);
370 else if(strcmp(node[i]->element, timeout_allowed) == 0)
372 if(strcmp(node[i]->content, "yes") == 0)
373 tmp_command->timeout_allowed = 1;
374 else if(strcmp(node[i]->content, "no") == 0)
375 tmp_command->timeout_allowed = 0;
378 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
384 merror(XML_INVELEM, ARGV0, node[i]->element);
390 if(!tmp_command->name || !tmp_str || !tmp_command->executable)
392 merror(AR_CMD_MISS, ARGV0);
397 /* Getting the expect */
398 if(OS_Regex("user", tmp_str))
399 tmp_command->expect |= USERNAME;
400 if(OS_Regex("srcip", tmp_str))
401 tmp_command->expect |= SRCIP;
407 /* Adding command to the list */
408 if(!OSList_AddData(d1, (void *)tmp_command))
410 merror(LIST_ADD_ERROR, ARGV0);