1 /* $OSSEC, rootcheck-config.c, v0.1, 2005/09/30, Daniel B. Cid$ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
14 #include "rootcheck-config.h"
17 short eval_bool(char *str)
21 else if (strcmp(str, "yes") == 0)
23 else if (strcmp(str, "no") == 0)
29 /* Read_Rootcheck: Reads the rootcheck config
31 int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
38 char *xml_rootkit_files = "rootkit_files";
39 char *xml_rootkit_trojans = "rootkit_trojans";
40 char *xml_winaudit = "windows_audit";
41 char *xml_unixaudit = "system_audit";
42 char *xml_winapps = "windows_apps";
43 char *xml_winmalware = "windows_malware";
44 char *xml_scanall = "scanall";
45 char *xml_readall = "readall";
46 char *xml_time = "frequency";
47 char *xml_disabled = "disabled";
48 char *xml_base_dir = "base_directory";
49 char *xml_ignore = "ignore";
51 char *xml_check_dev = "check_dev";
52 char *xml_check_files = "check_files";
53 char *xml_check_if = "check_if";
54 char *xml_check_pids = "check_pids";
55 char *xml_check_ports = "check_ports";
56 char *xml_check_sys = "check_sys";
57 char *xml_check_trojans = "check_trojans";
58 char *xml_check_unixaudit = "check_unixaudit";
59 char *xml_check_winapps = "check_winapps";
60 char *xml_check_winaudit = "check_winaudit";
61 char *xml_check_winmalware = "check_winmalware";
63 rootcheck = (rkconfig *)configp;
69 merror(XML_ELEMNULL, ARGV0);
72 else if(!node[i]->content)
74 merror(XML_VALUENULL, ARGV0, node[i]->element);
78 /* Getting frequency */
79 else if(strcmp(node[i]->element,xml_time) == 0)
81 if(!OS_StrIsNum(node[i]->content))
83 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
87 rootcheck->time = atoi(node[i]->content);
89 /* getting scan all */
90 else if(strcmp(node[i]->element,xml_scanall) == 0)
92 rootcheck->scanall = eval_bool(node[i]->content);
93 if (rootcheck->scanall == OS_INVALID)
95 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
99 else if(strcmp(node[i]->element, xml_disabled) == 0)
101 rootcheck->disabled = eval_bool(node[i]->content);
102 if (rootcheck->disabled == OS_INVALID)
104 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
108 else if(strcmp(node[i]->element,xml_readall) == 0)
110 rootcheck->readall = eval_bool(node[i]->content);
111 if (rootcheck->readall == OS_INVALID)
113 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
117 else if(strcmp(node[i]->element,xml_rootkit_files) == 0)
119 os_strdup(node[i]->content, rootcheck->rootkit_files);
121 else if(strcmp(node[i]->element,xml_rootkit_trojans) == 0)
123 os_strdup(node[i]->content, rootcheck->rootkit_trojans);
125 else if(strcmp(node[i]->element, xml_winaudit) == 0)
127 os_strdup(node[i]->content, rootcheck->winaudit);
129 else if(strcmp(node[i]->element, xml_unixaudit) == 0)
132 while(rootcheck->unixaudit && rootcheck->unixaudit[j])
135 os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2),
136 rootcheck->unixaudit);
137 rootcheck->unixaudit[j] = NULL;
138 rootcheck->unixaudit[j + 1] = NULL;
140 os_strdup(node[i]->content, rootcheck->unixaudit[j]);
142 else if(strcmp(node[i]->element, xml_ignore) == 0)
145 while(rootcheck->ignore && rootcheck->ignore[j])
148 os_realloc(rootcheck->ignore, sizeof(char *)*(j+2),
150 rootcheck->ignore[j] = NULL;
151 rootcheck->ignore[j + 1] = NULL;
153 os_strdup(node[i]->content, rootcheck->ignore[j]);
155 else if(strcmp(node[i]->element, xml_winmalware) == 0)
157 os_strdup(node[i]->content, rootcheck->winmalware);
159 else if(strcmp(node[i]->element, xml_winapps) == 0)
161 os_strdup(node[i]->content, rootcheck->winapps);
163 else if(strcmp(node[i]->element, xml_base_dir) == 0)
165 os_strdup(node[i]->content, rootcheck->basedir);
167 else if (strcmp(node[i]->element, xml_check_dev) == 0)
169 rootcheck->checks.rc_dev = eval_bool(node[i]->content);
170 if (rootcheck->checks.rc_dev == OS_INVALID)
172 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
176 else if (strcmp(node[i]->element, xml_check_files) == 0)
178 rootcheck->checks.rc_files = eval_bool(node[i]->content);
179 if (rootcheck->checks.rc_files == OS_INVALID)
181 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
185 else if (strcmp(node[i]->element, xml_check_if) == 0)
187 rootcheck->checks.rc_if = eval_bool(node[i]->content);
188 if (rootcheck->checks.rc_if == OS_INVALID)
190 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
194 else if (strcmp(node[i]->element, xml_check_pids) == 0)
196 rootcheck->checks.rc_pids = eval_bool(node[i]->content);
197 if (rootcheck->checks.rc_pids == OS_INVALID)
199 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
203 else if (strcmp(node[i]->element, xml_check_ports) == 0)
205 rootcheck->checks.rc_ports = eval_bool(node[i]->content);
206 if (rootcheck->checks.rc_ports == OS_INVALID)
208 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
212 else if (strcmp(node[i]->element, xml_check_sys) == 0)
214 rootcheck->checks.rc_sys = eval_bool(node[i]->content);
215 if (rootcheck->checks.rc_sys == OS_INVALID)
217 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
221 else if (strcmp(node[i]->element, xml_check_trojans) == 0)
223 rootcheck->checks.rc_trojans = eval_bool(node[i]->content);
224 if (rootcheck->checks.rc_trojans == OS_INVALID)
226 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
230 else if (strcmp(node[i]->element, xml_check_unixaudit) == 0)
233 rootcheck->checks.rc_unixaudit = eval_bool(node[i]->content);
234 if (rootcheck->checks.rc_unixaudit == OS_INVALID)
236 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
241 else if (strcmp(node[i]->element, xml_check_winapps) == 0)
244 rootcheck->checks.rc_winapps = eval_bool(node[i]->content);
245 if (rootcheck->checks.rc_winapps == OS_INVALID)
247 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
252 else if (strcmp(node[i]->element, xml_check_winaudit) == 0)
255 rootcheck->checks.rc_winaudit = eval_bool(node[i]->content);
256 if (rootcheck->checks.rc_winaudit == OS_INVALID)
258 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
263 else if (strcmp(node[i]->element, xml_check_winmalware) == 0)
266 rootcheck->checks.rc_winmalware = eval_bool(node[i]->content);
267 if (rootcheck->checks.rc_winmalware == OS_INVALID)
269 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
276 merror(XML_INVELEM, ARGV0, node[i]->element);