1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "os_net/os_net.h"
12 #include "global-config.h"
13 #include "mail-config.h"
17 int Read_GlobalSK(XML_NODE node, void *configp, __attribute__((unused)) void *mailp)
20 unsigned int ign_size = 1;
21 const char *xml_ignore = "ignore";
22 const char *xml_auto_ignore = "auto_ignore";
23 const char *xml_alert_new_files = "alert_new_files";
26 Config = (_Config *)configp;
32 /* Get right allow_size */
33 if (Config && Config->syscheck_ignore) {
35 ww = Config->syscheck_ignore;
44 if (!node[i]->element) {
45 merror(XML_ELEMNULL, __local_name);
47 } else if (!node[i]->content) {
48 merror(XML_VALUENULL, __local_name, node[i]->element);
50 } else if (strcmp(node[i]->element, xml_auto_ignore) == 0) {
51 if (strcmp(node[i]->content, "yes") == 0) {
52 Config->syscheck_auto_ignore = 1;
53 } else if (strcmp(node[i]->content, "no") == 0) {
54 Config->syscheck_auto_ignore = 0;
56 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
59 } else if (strcmp(node[i]->element, xml_alert_new_files) == 0) {
60 if (strcmp(node[i]->content, "yes") == 0) {
61 Config->syscheck_alert_new = 1;
62 } else if (strcmp(node[i]->content, "no") == 0) {
63 Config->syscheck_alert_new = 0;
65 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
68 } else if (strcmp(node[i]->element, xml_ignore) == 0) {
70 Config->syscheck_ignore = (char **)
71 realloc(Config->syscheck_ignore, sizeof(char *)*ign_size);
72 if (!Config->syscheck_ignore) {
73 merror(MEM_ERROR, __local_name, errno, strerror(errno));
77 os_strdup(node[i]->content, Config->syscheck_ignore[ign_size - 2]);
78 Config->syscheck_ignore[ign_size - 1] = NULL;
86 int Read_Global(XML_NODE node, void *configp, void *mailp)
91 unsigned int allow_size = 1;
92 unsigned int hostname_allow_size = 1;
93 unsigned int mailto_size = 1;
96 const char *xml_mailnotify = "email_notification";
97 const char *xml_logall = "logall";
98 const char *xml_logall_json = "logall_json";
99 const char *xml_integrity = "integrity_checking";
100 const char *xml_rootcheckd = "rootkit_detection";
101 const char *xml_hostinfo = "host_information";
102 const char *xml_prelude = "prelude_output";
103 const char *xml_prelude_profile = "prelude_profile";
104 const char *xml_prelude_log_level = "prelude_log_level";
105 const char *xml_geoipdb_file = "geoipdb";
106 const char *xml_zeromq_output = "zeromq_output";
107 const char *xml_zeromq_output_uri = "zeromq_uri";
108 const char *xml_zeromq_output_server_cert = "zeromq_server_cert";
109 const char *xml_zeromq_output_client_cert = "zeromq_client_cert";
110 const char *xml_jsonout_output = "jsonout_output";
111 const char *xml_stats = "stats";
112 const char *xml_memorysize = "memory_size";
113 const char *xml_white_list = "white_list";
114 const char *xml_allow_list = "allow_list";
115 const char *xml_compress_alerts = "compress_alerts";
116 const char *xml_custom_alert_output = "custom_alert_output";
118 const char *xml_emailto = "email_to";
119 const char *xml_emailfrom = "email_from";
120 const char *xml_emailreplyto = "email_reply_to";
121 const char *xml_emailidsname = "email_idsname";
122 const char *xml_smtpserver = "smtp_server";
123 const char *xml_heloserver = "helo_server";
124 const char *xml_mailmaxperhour = "email_maxperhour";
126 #ifdef LIBGEOIP_ENABLED
127 const char *xml_geoip_db_path = "geoip_db_path";
128 const char *xml_geoip6_db_path = "geoip6_db_path";
131 #ifdef SQLITE_ENABLED
133 char *xml_md5_whitelist = "md5_whitelist";
134 char *xml_md5_allowlist = "md5_allowlist";
140 Config = (_Config *)configp;
141 Mail = (MailConfig *)mailp;
143 /* Get right allow_size */
144 if (Config && Config->allow_list) {
146 ww = Config->allow_list;
148 while (*ww != NULL) {
154 /* Get right allow_size */
155 if (Config && Config->hostname_allow_list) {
157 ww = Config->hostname_allow_list;
159 while (*ww != NULL) {
160 hostname_allow_size++;
165 /* Get mail_to size */
166 if (Mail && Mail->to) {
169 while (*ww != NULL) {
176 if (!node[i]->element) {
177 merror(XML_ELEMNULL, __local_name);
179 } else if (!node[i]->content) {
180 merror(XML_VALUENULL, __local_name, node[i]->element);
182 } else if (strcmp(node[i]->element, xml_custom_alert_output) == 0) {
184 Config->custom_alert_output = 1;
185 os_strdup(node[i]->content, Config->custom_alert_output_format);
188 /* Mail notification */
189 else if (strcmp(node[i]->element, xml_mailnotify) == 0) {
190 if (strcmp(node[i]->content, "yes") == 0) {
192 Config->mailnotify = 1;
197 } else if (strcmp(node[i]->content, "no") == 0) {
199 Config->mailnotify = 0;
205 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
209 /* Prelude support */
210 else if (strcmp(node[i]->element, xml_prelude) == 0) {
211 if (strcmp(node[i]->content, "yes") == 0) {
215 } else if (strcmp(node[i]->content, "no") == 0) {
220 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
224 } else if(strcmp(node[i]->element, xml_geoipdb_file) == 0) {
227 Config->geoipdb_file = strdup(node[i]->content);
229 } else if (strcmp(node[i]->element, xml_prelude_profile) == 0) {
231 Config->prelude_profile = strdup(node[i]->content);
233 } else if (strcmp(node[i]->element, xml_prelude_log_level) == 0) {
234 if (!OS_StrIsNum(node[i]->content)) {
235 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
240 Config->prelude_log_level = (u_int8_t) atoi(node[i]->content);
244 else if (strcmp(node[i]->element, xml_zeromq_output) == 0) {
245 if (strcmp(node[i]->content, "yes") == 0) {
247 Config->zeromq_output = 1;
249 } else if (strcmp(node[i]->content, "no") == 0) {
251 Config->zeromq_output = 0;
254 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
257 } else if (strcmp(node[i]->element, xml_zeromq_output_uri) == 0) {
259 Config->zeromq_output_uri = strdup(node[i]->content);
261 } else if (strcmp(node[i]->element, xml_zeromq_output_server_cert) == 0) {
263 Config->zeromq_output_server_cert = strdup(node[i]->content);
265 } else if (strcmp(node[i]->element, xml_zeromq_output_client_cert) == 0) {
267 Config->zeromq_output_client_cert = strdup(node[i]->content);
271 else if (strcmp(node[i]->element, xml_jsonout_output) == 0) {
272 if (strcmp(node[i]->content, "yes") == 0) {
274 Config->jsonout_output = 1;
276 } else if (strcmp(node[i]->content, "no") == 0) {
278 Config->jsonout_output = 0;
281 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
286 else if (strcmp(node[i]->element, xml_logall) == 0) {
287 if (strcmp(node[i]->content, "yes") == 0) {
291 } else if (strcmp(node[i]->content, "no") == 0) {
296 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
301 else if (strcmp(node[i]->element, xml_logall_json) == 0) {
302 if (strcmp(node[i]->content, "yes") == 0) {
304 Config->logall_json = 1;
306 } else if (strcmp(node[i]->content, "no") == 0) {
308 Config->logall_json = 0;
311 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
315 /* Compress alerts */
316 else if (strcmp(node[i]->element, xml_compress_alerts) == 0) {
317 /* removed from here -- compatibility issues only */
320 else if (strcmp(node[i]->element, xml_integrity) == 0) {
321 if (!OS_StrIsNum(node[i]->content)) {
322 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
326 Config->integrity = (u_int8_t) atoi(node[i]->content);
330 else if (strcmp(node[i]->element, xml_rootcheckd) == 0) {
331 if (!OS_StrIsNum(node[i]->content)) {
332 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
336 Config->rootcheck = (u_int8_t) atoi(node[i]->content);
340 else if (strcmp(node[i]->element, xml_hostinfo) == 0) {
341 if (!OS_StrIsNum(node[i]->content)) {
342 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
346 Config->hostinfo = (u_int8_t) atoi(node[i]->content);
350 else if (strcmp(node[i]->element, xml_stats) == 0) {
351 if (!OS_StrIsNum(node[i]->content)) {
352 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
356 Config->stats = (u_int8_t) atoi(node[i]->content);
358 } else if (strcmp(node[i]->element, xml_memorysize) == 0) {
359 if (!OS_StrIsNum(node[i]->content)) {
360 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
364 Config->memorysize = atoi(node[i]->content);
368 else if ((strcmp(node[i]->element, xml_white_list) == 0) || (strcmp(node[i]->element, xml_allow_list) == 0)) {
369 /* Windows do not need it */
372 const char *ip_address_regex =
373 "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/?"
374 "([0-9]{0,2}|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$";
376 if (Config && OS_PRegex(node[i]->content, ip_address_regex)) {
378 Config->allow_list = (os_ip **)
379 realloc(Config->allow_list, sizeof(os_ip *)*allow_size);
380 if (!Config->allow_list) {
381 merror(MEM_ERROR, __local_name, errno, strerror(errno));
385 os_calloc(1, sizeof(os_ip), Config->allow_list[allow_size - 2]);
386 Config->allow_list[allow_size - 1] = NULL;
388 if (!OS_IsValidIP(node[i]->content,
389 Config->allow_list[allow_size - 2])) {
390 merror(INVALID_IP, __local_name,
397 hostname_allow_size++;
398 Config->hostname_allow_list = (char **)
399 realloc(Config->hostname_allow_list,
400 sizeof(char *)*hostname_allow_size);
402 if (!Config->hostname_allow_list) {
403 merror(MEM_ERROR, __local_name, errno, strerror(errno));
406 os_strdup(node[i]->content, Config->hostname_allow_list[hostname_allow_size - 2]);
407 Config->hostname_allow_list[hostname_allow_size - 1] = NULL;
414 * email_to, email_from, email_replyto, idsname, smtp_Server and maxperhour.
415 * We will use a separate structure for that.
417 else if (strcmp(node[i]->element, xml_emailto) == 0) {
419 if (!OS_PRegex(node[i]->content, "[a-zA-Z0-9\\._-]+@[a-zA-Z0-9\\._-]")) {
420 merror("%s: ERROR: Invalid Email address: %s.", __local_name, node[i]->content);
426 Mail->to = (char **) realloc(Mail->to, sizeof(char *)*mailto_size);
428 merror(MEM_ERROR, __local_name, errno, strerror(errno));
432 os_strdup(node[i]->content, Mail->to[mailto_size - 2]);
433 Mail->to[mailto_size - 1] = NULL;
435 } else if (strcmp(node[i]->element, xml_emailfrom) == 0) {
440 os_strdup(node[i]->content, Mail->from);
442 } else if (strcmp(node[i]->element, xml_emailreplyto) == 0) {
444 if (Mail->reply_to) {
445 free(Mail->reply_to);
447 os_strdup(node[i]->content, Mail->reply_to);
449 } else if (strcmp(node[i]->element, xml_emailidsname) == 0) {
454 os_strdup(node[i]->content, Mail->idsname);
456 } else if (strcmp(node[i]->element, xml_smtpserver) == 0) {
458 if (Mail && (Mail->mn)) {
459 if (node[i]->content[0] == '/') {
460 os_strdup(node[i]->content, Mail->smtpserver);
462 Mail->smtpserver = OS_GetHost(node[i]->content, 5);
463 if (!Mail->smtpserver) {
464 merror(INVALID_SMTP, __local_name, node[i]->content);
468 free(Mail->smtpserver);
469 os_strdup(node[i]->content, Mail->smtpserver);
472 } else if (strcmp(node[i]->element, xml_heloserver) == 0) {
473 if (Mail && (Mail->mn)) {
474 os_strdup(node[i]->content, Mail->heloserver);
476 } else if (strcmp(node[i]->element, xml_mailmaxperhour) == 0) {
478 if (!OS_StrIsNum(node[i]->content)) {
479 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
482 Mail->maxperhour = atoi(node[i]->content);
484 if ((Mail->maxperhour <= 0) || (Mail->maxperhour > 9999)) {
485 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
490 #ifdef LIBGEOIP_ENABLED
491 /* GeoIP v4 DB location */
492 else if (strcmp(node[i]->element, xml_geoip_db_path) == 0) {
494 os_strdup(node[i]->content, Config->geoip_db_path);
497 /* GeoIP v6 DB location */
498 else if (strcmp(node[i]->element, xml_geoip6_db_path) == 0) {
500 os_strdup(node[i]->content, Config->geoip6_db_path);
505 #ifdef SQLITE_ENABLED
507 else if((strcmp(node[i]->element, xml_md5_allowlist) == 0) || (strcmp(node[i]->element, xml_md5_whitelist) == 0)) {
509 os_strdup(node[i]->content, Config->md5_allowlist);
515 merror(XML_INVELEM, __local_name, node[i]->element);