1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "rootcheck-config.h"
15 static short eval_bool(const char *str)
19 } else if (strcmp(str, "yes") == 0) {
21 } else if (strcmp(str, "no") == 0) {
28 /* Read the rootcheck config */
29 int Read_Rootcheck(XML_NODE node, void *configp, __attribute__((unused)) void *mailp)
35 const char *xml_rootkit_files = "rootkit_files";
36 const char *xml_rootkit_trojans = "rootkit_trojans";
37 const char *xml_winaudit = "windows_audit";
38 const char *xml_unixaudit = "system_audit";
39 const char *xml_winapps = "windows_apps";
40 const char *xml_winmalware = "windows_malware";
41 const char *xml_scanall = "scanall";
42 const char *xml_readall = "readall";
43 const char *xml_time = "frequency";
44 const char *xml_disabled = "disabled";
45 const char *xml_skip_nfs = "skip_nfs";
46 const char *xml_base_dir = "base_directory";
47 const char *xml_ignore = "ignore";
49 const char *xml_check_dev = "check_dev";
50 const char *xml_check_files = "check_files";
51 const char *xml_check_if = "check_if";
52 const char *xml_check_pids = "check_pids";
53 const char *xml_check_ports = "check_ports";
54 const char *xml_check_sys = "check_sys";
55 const char *xml_check_trojans = "check_trojans";
56 const char *xml_check_unixaudit = "check_unixaudit";
57 const char *xml_check_winapps = "check_winapps";
58 const char *xml_check_winaudit = "check_winaudit";
59 const char *xml_check_winmalware = "check_winmalware";
61 rootcheck = (rkconfig *)configp;
64 if (!node[i]->element) {
65 merror(XML_ELEMNULL, __local_name);
67 } else if (!node[i]->content) {
68 merror(XML_VALUENULL, __local_name, node[i]->element);
73 else if (strcmp(node[i]->element, xml_time) == 0) {
74 if (!OS_StrIsNum(node[i]->content)) {
75 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
79 rootcheck->time = atoi(node[i]->content);
82 else if (strcmp(node[i]->element, xml_scanall) == 0) {
83 rootcheck->scanall = eval_bool(node[i]->content);
84 if (rootcheck->scanall == OS_INVALID) {
85 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
88 } else if (strcmp(node[i]->element, xml_disabled) == 0) {
89 rootcheck->disabled = eval_bool(node[i]->content);
90 if (rootcheck->disabled == OS_INVALID) {
91 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
95 else if(strcmp(node[i]->element, xml_skip_nfs) == 0)
97 rootcheck->skip_nfs = eval_bool(node[i]->content);
98 if (rootcheck->skip_nfs == OS_INVALID)
100 merror(XML_VALUEERR,__local_name,node[i]->element,node[i]->content);
104 else if(strcmp(node[i]->element,xml_readall) == 0)
106 rootcheck->readall = eval_bool(node[i]->content);
107 if (rootcheck->readall == OS_INVALID) {
108 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
111 } else if (strcmp(node[i]->element, xml_rootkit_files) == 0) {
112 os_strdup(node[i]->content, rootcheck->rootkit_files);
113 } else if (strcmp(node[i]->element, xml_rootkit_trojans) == 0) {
114 os_strdup(node[i]->content, rootcheck->rootkit_trojans);
115 } else if (strcmp(node[i]->element, xml_winaudit) == 0) {
116 os_strdup(node[i]->content, rootcheck->winaudit);
117 } else if (strcmp(node[i]->element, xml_unixaudit) == 0) {
119 while (rootcheck->unixaudit && rootcheck->unixaudit[j]) {
123 os_realloc(rootcheck->unixaudit, sizeof(char *) * (j + 2),
124 rootcheck->unixaudit);
125 rootcheck->unixaudit[j] = NULL;
126 rootcheck->unixaudit[j + 1] = NULL;
128 os_strdup(node[i]->content, rootcheck->unixaudit[j]);
129 } else if (strcmp(node[i]->element, xml_ignore) == 0) {
131 while (rootcheck->ignore && rootcheck->ignore[j]) {
135 os_realloc(rootcheck->ignore, sizeof(char *) * (j + 2),
137 rootcheck->ignore[j] = NULL;
138 rootcheck->ignore[j + 1] = NULL;
140 os_strdup(node[i]->content, rootcheck->ignore[j]);
141 } else if (strcmp(node[i]->element, xml_winmalware) == 0) {
142 os_strdup(node[i]->content, rootcheck->winmalware);
143 } else if (strcmp(node[i]->element, xml_winapps) == 0) {
144 os_strdup(node[i]->content, rootcheck->winapps);
145 } else if (strcmp(node[i]->element, xml_base_dir) == 0) {
146 os_strdup(node[i]->content, rootcheck->basedir);
147 } else if (strcmp(node[i]->element, xml_check_dev) == 0) {
148 rootcheck->checks.rc_dev = eval_bool(node[i]->content);
149 if (rootcheck->checks.rc_dev == OS_INVALID) {
150 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
153 } else if (strcmp(node[i]->element, xml_check_files) == 0) {
154 rootcheck->checks.rc_files = eval_bool(node[i]->content);
155 if (rootcheck->checks.rc_files == OS_INVALID) {
156 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
159 } else if (strcmp(node[i]->element, xml_check_if) == 0) {
160 rootcheck->checks.rc_if = eval_bool(node[i]->content);
161 if (rootcheck->checks.rc_if == OS_INVALID) {
162 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
165 } else if (strcmp(node[i]->element, xml_check_pids) == 0) {
166 rootcheck->checks.rc_pids = eval_bool(node[i]->content);
167 if (rootcheck->checks.rc_pids == OS_INVALID) {
168 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
171 } else if (strcmp(node[i]->element, xml_check_ports) == 0) {
172 rootcheck->checks.rc_ports = eval_bool(node[i]->content);
173 if (rootcheck->checks.rc_ports == OS_INVALID) {
174 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
177 } else if (strcmp(node[i]->element, xml_check_sys) == 0) {
178 rootcheck->checks.rc_sys = eval_bool(node[i]->content);
179 if (rootcheck->checks.rc_sys == OS_INVALID) {
180 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
183 } else if (strcmp(node[i]->element, xml_check_trojans) == 0) {
184 rootcheck->checks.rc_trojans = eval_bool(node[i]->content);
185 if (rootcheck->checks.rc_trojans == OS_INVALID) {
186 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
189 } else if (strcmp(node[i]->element, xml_check_unixaudit) == 0) {
191 rootcheck->checks.rc_unixaudit = eval_bool(node[i]->content);
192 if (rootcheck->checks.rc_unixaudit == OS_INVALID) {
193 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
197 } else if (strcmp(node[i]->element, xml_check_winapps) == 0) {
199 rootcheck->checks.rc_winapps = eval_bool(node[i]->content);
200 if (rootcheck->checks.rc_winapps == OS_INVALID) {
201 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
205 } else if (strcmp(node[i]->element, xml_check_winaudit) == 0) {
207 rootcheck->checks.rc_winaudit = eval_bool(node[i]->content);
208 if (rootcheck->checks.rc_winaudit == OS_INVALID) {
209 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
213 } else if (strcmp(node[i]->element, xml_check_winmalware) == 0) {
215 rootcheck->checks.rc_winmalware = eval_bool(node[i]->content);
216 if (rootcheck->checks.rc_winmalware == OS_INVALID) {
217 merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content);
222 merror(XML_INVELEM, __local_name, node[i]->element);