1 /* @(#) $Id: rootcheck-config.c,v 1.11 2009/06/24 18:53:07 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
21 #include "os_xml/os_xml.h"
23 #include "rootcheck.h"
26 /* Read_Rootcheck_Config: Reads the rootcheck config
28 int Read_Rootcheck_Config(char * cfgfile)
36 char *(xml_daemon[])={xml_rootcheck,"daemon", NULL};
37 char *(xml_notify[])={xml_rootcheck, "notify", NULL};
38 char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL};
39 char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL};
40 char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL};
41 char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL};
42 char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL};
43 char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL};
44 char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL};
45 char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL};
46 char *(xml_scanall[])={xml_rootcheck, "scanall", NULL};
47 char *(xml_readall[])={xml_rootcheck, "readall", NULL};
48 char *(xml_time[])={xml_rootcheck, "frequency", NULL};
53 if(OS_ReadXML(cfgfile,&xml) < 0)
55 merror("config_op: XML error: %s",xml.err);
59 if(!OS_RootElementExist(&xml,xml_rootcheck))
62 merror("%s: Rootcheck configuration not found. ",ARGV0);
68 str = OS_GetOneContentforElement(&xml,xml_daemon);
79 str = OS_GetOneContentforElement(&xml,xml_time);
84 merror("Invalid frequency time '%s' for the rootkit "
85 "detection (must be int).", str);
89 rootcheck.time = atoi(str);
98 if(!rootcheck.scanall)
100 str = OS_GetOneContentforElement(&xml,xml_scanall);
104 rootcheck.scanall = 1;
112 if(!rootcheck.readall)
114 str = OS_GetOneContentforElement(&xml,xml_readall);
118 rootcheck.readall = 1;
125 /* Notifications type */
126 str = OS_GetOneContentforElement(&xml,xml_notify);
129 if(strcasecmp(str,"queue") == 0)
130 rootcheck.notify = QUEUE;
131 else if(strcasecmp(str,"syslog") == 0)
132 rootcheck.notify = SYSLOG;
135 merror("%s: Invalid notification option. Only "
136 "'syslog' or 'queue' are allowed.",ARGV0);
145 /* Default to SYSLOG */
146 rootcheck.notify = SYSLOG;
149 /* Getting work directory */
150 if(!rootcheck.workdir)
151 rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir);
154 rootcheck.rootkit_files = OS_GetOneContentforElement
155 (&xml,xml_rootkit_files);
156 rootcheck.rootkit_trojans = OS_GetOneContentforElement
157 (&xml,xml_rootkit_trojans);
159 rootcheck.unixaudit = OS_GetContents
160 (&xml,xml_rootkit_unixaudit);
162 rootcheck.winaudit = OS_GetOneContentforElement
163 (&xml,xml_rootkit_winaudit);
165 rootcheck.winapps = OS_GetOneContentforElement
166 (&xml,xml_rootkit_winapps);
168 rootcheck.winmalware = OS_GetOneContentforElement
169 (&xml,xml_rootkit_winmalware);
171 rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir);
176 debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon);
177 debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify);