1 /* @(#) $Id: rules.c,v 1.9 2009/06/24 17:06:30 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "config/config.h"
22 /** int __Groups_SelectGroup(char *group, DBConfig *db_config)
23 * Select group (categories) from to the db.
24 * Returns 0 if not found.
26 int __Groups_SelectGroup(char *group, DBConfig *db_config)
29 char sql_query[OS_SIZE_1024];
31 memset(sql_query, '\0', OS_SIZE_1024);
35 snprintf(sql_query, OS_SIZE_1024 -1,
37 "category WHERE cat_name = '%s'",
41 /* Checking return code. */
42 result = osdb_query_select(db_config->conn, sql_query);
48 /** int __Groups_InsertGroup(char *group, DBConfig *db_config)
49 * Insert group (categories) in to the db.
51 int __Groups_InsertGroup(char *group, DBConfig *db_config)
53 char sql_query[OS_SIZE_1024];
55 memset(sql_query, '\0', OS_SIZE_1024);
58 snprintf(sql_query, OS_SIZE_1024 -1,
65 /* Checking return code. */
66 if(!osdb_query_insert(db_config->conn, sql_query))
68 merror(DB_GENERROR, ARGV0);
75 /** int __Groups_SelectGroupMapping()
76 * Select group (categories) from to the db.
77 * Returns 0 if not found.
79 int __Groups_SelectGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
82 char sql_query[OS_SIZE_1024];
84 memset(sql_query, '\0', OS_SIZE_1024);
88 snprintf(sql_query, OS_SIZE_1024 -1,
89 "SELECT id FROM signature_category_mapping "
90 "WHERE cat_id = '%u' AND rule_id = '%u'",
94 /* Checking return code. */
95 result = osdb_query_select(db_config->conn, sql_query);
101 /** int __Groups_InsertGroup(int cat_id, int rule_id, DBConfig *db_config)
102 * Insert group (categories) in to the db.
104 int __Groups_InsertGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
106 char sql_query[OS_SIZE_1024];
108 memset(sql_query, '\0', OS_SIZE_1024);
111 snprintf(sql_query, OS_SIZE_1024 -1,
113 "signature_category_mapping(cat_id, rule_id) "
114 "VALUES ('%u', '%u')",
118 /* Checking return code. */
119 if(!osdb_query_insert(db_config->conn, sql_query))
121 merror(DB_GENERROR, ARGV0);
129 /** void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
130 * Insert groups (categories) in to the db.
132 void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
134 /* We must insert each group separately. */
140 debug1("%s: DEBUG: entering _Groups_ReadInsertDB", ARGV0);
143 /* If group is null, just return */
144 if(rule->group == NULL)
149 tmp_str = strchr(rule->group, ',');
150 tmp_group = rule->group;
153 /* Groups are separated by comma */
162 /* Removing white spaces */
163 while(*tmp_group == ' ')
167 /* Checking for empty group */
168 if(*tmp_group == '\0')
173 tmp_str = strchr(tmp_group, ',');
178 cat_id = __Groups_SelectGroup(tmp_group, db_config);
181 /* We firt check if we have this group in the db already.
186 __Groups_InsertGroup(tmp_group, db_config);
187 cat_id = __Groups_SelectGroup(tmp_group, db_config);
191 /* If our cat_id is valid (not zero), we need to insert
192 * the mapping between the category and the rule. */
195 /* But, we first check if the mapping is already not there. */
196 if(!__Groups_SelectGroupMapping(cat_id, rule->sigid, db_config))
198 /* If not, we add it */
199 __Groups_InsertGroupMapping(cat_id, rule->sigid, db_config);
204 /* Getting next category */
208 tmp_str = strchr(tmp_group, ',');
217 /** void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
218 * Insert rules in to the db.
220 void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
222 DBConfig *dbc = (DBConfig *)db_config;
223 char sql_query[OS_SIZE_1024];
224 memset(sql_query, '\0', OS_SIZE_1024);
227 /* Escaping strings */
228 osdb_escapestr(rule->group);
229 osdb_escapestr(rule->comment);
232 /* Checking level limit */
239 debug1("%s: DEBUG: entering _Rules_ReadInsertDB()", ARGV0);
242 /* Checking rule limit */
243 if(rule->sigid < 0 || rule->sigid > 9999999)
245 merror("%s: Invalid rule id: %u", ARGV0, rule->sigid);
250 /* Inserting group into the signature mapping */
251 _Groups_ReadInsertDB(rule, db_config);
255 debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid);
259 snprintf(sql_query, OS_SIZE_1024 -1,
260 "SELECT id FROM signature "
261 "where rule_id = %u",
264 if(osdb_query_select(dbc->conn, sql_query) == 0)
266 snprintf(sql_query, OS_SIZE_1024 -1,
268 "signature(rule_id, level, description) "
269 "VALUES ('%u','%u','%s')",
270 rule->sigid, rule->level, rule->comment);
274 snprintf(sql_query, OS_SIZE_1024 -1,
275 "UPDATE signature SET level='%u',description='%s' "
276 "WHERE rule_id='%u'",
277 rule->level, rule->comment,rule->sigid);
281 /* Checking return code. */
282 if(!osdb_query_insert(dbc->conn, sql_query))
284 merror(DB_GENERROR, ARGV0);
291 int OS_InsertRulesDB(DBConfig *db_config)
295 rulesfiles = db_config->includes;
296 while(rulesfiles && *rulesfiles)
298 debug1("%s: Reading rules file: '%s'", ARGV0, *rulesfiles);
300 if(OS_ReadXMLRules(*rulesfiles, _Rules_ReadInsertDB, db_config) < 0)
302 merror(RULES_ERROR, ARGV0, *rulesfiles);
310 free(db_config->includes);
311 db_config->includes = NULL;