1 /* @(#) $Id: ./src/rootcheck/rootcheck-config.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
22 #include "os_xml/os_xml.h"
24 #include "rootcheck.h"
27 /*evaluate boolean with two arguments
28 * str: input string, "yes"|"no"
29 * default_val: 1(yes)|0(no)
31 short eval_bool2(char *str, short default_val)
33 short ret = default_val;
37 else if (strcmp(str, "yes") == 0)
39 else if (strcmp(str, "no") == 0)
47 /* Read_Rootcheck_Config: Reads the rootcheck config
49 int Read_Rootcheck_Config(char * cfgfile)
57 const char *(xml_daemon[])={xml_rootcheck,"daemon", NULL};
58 const char *(xml_notify[])={xml_rootcheck, "notify", NULL};
59 const char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL};
60 const char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL};
61 const char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL};
62 const char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL};
63 const char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL};
64 const char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL};
65 const char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL};
66 const char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL};
67 const char *(xml_scanall[])={xml_rootcheck, "scanall", NULL};
68 const char *(xml_readall[])={xml_rootcheck, "readall", NULL};
69 const char *(xml_time[])={xml_rootcheck, "frequency", NULL};
71 const char *(xml_check_dev[])={xml_rootcheck, "check_dev", NULL};
72 const char *(xml_check_files[])={xml_rootcheck, "check_files", NULL};
73 const char *(xml_check_if[])={xml_rootcheck, "check_if", NULL};
74 const char *(xml_check_pids[])={xml_rootcheck, "check_pids", NULL};
75 const char *(xml_check_ports[])={xml_rootcheck, "check_ports", NULL};
76 const char *(xml_check_sys[])={xml_rootcheck, "check_sys", NULL};
77 const char *(xml_check_trojans[])={xml_rootcheck, "check_trojans", NULL};
81 const char *(xml_check_winapps[])={xml_rootcheck, "check_winapps", NULL};
82 const char *(xml_check_winaudit[])={xml_rootcheck, "check_winaudit", NULL};
83 const char *(xml_check_winmalware[])={xml_rootcheck, "check_winmalware", NULL};
87 const char *(xml_check_unixaudit[])={xml_rootcheck, "check_unixaudit", NULL};
94 if(OS_ReadXML(cfgfile,&xml) < 0)
96 merror("config_op: XML error: %s",xml.err);
100 if(!OS_RootElementExist(&xml,xml_rootcheck))
103 merror("%s: Rootcheck configuration not found. ",ARGV0);
108 /* run as a daemon */
109 rootcheck.daemon = eval_bool2(OS_GetOneContentforElement(&xml,xml_daemon), rootcheck.daemon);
113 str = OS_GetOneContentforElement(&xml,xml_time);
116 if(!OS_StrIsNum(str))
118 merror("Invalid frequency time '%s' for the rootkit "
119 "detection (must be int).", str);
123 rootcheck.time = atoi(str);
132 if(!rootcheck.scanall)
134 rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml,xml_scanall), 0);
139 if(!rootcheck.readall)
141 rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml,xml_readall), 0);
145 /* Notifications type */
146 str = OS_GetOneContentforElement(&xml,xml_notify);
149 if(strcasecmp(str,"queue") == 0)
150 rootcheck.notify = QUEUE;
151 else if(strcasecmp(str,"syslog") == 0)
152 rootcheck.notify = SYSLOG;
155 merror("%s: Invalid notification option. Only "
156 "'syslog' or 'queue' are allowed.",ARGV0);
165 /* Default to SYSLOG */
166 rootcheck.notify = SYSLOG;
169 /* Getting work directory */
170 if(!rootcheck.workdir)
171 rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir);
174 rootcheck.rootkit_files = OS_GetOneContentforElement
175 (&xml,xml_rootkit_files);
176 rootcheck.rootkit_trojans = OS_GetOneContentforElement
177 (&xml,xml_rootkit_trojans);
179 rootcheck.unixaudit = OS_GetContents
180 (&xml,xml_rootkit_unixaudit);
182 rootcheck.winaudit = OS_GetOneContentforElement
183 (&xml,xml_rootkit_winaudit);
185 rootcheck.winapps = OS_GetOneContentforElement
186 (&xml,xml_rootkit_winapps);
188 rootcheck.winmalware = OS_GetOneContentforElement
189 (&xml,xml_rootkit_winmalware);
191 rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir);
193 rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_dev), 1);
194 rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_files), 1);
195 rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_if), 1);
196 rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_pids), 1);
197 rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_ports), 1);
198 rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_sys), 1);
199 rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_trojans), 1);
203 rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winapps), 1);
204 rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winaudit), 1);
205 rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winmalware), 1);
209 rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_unixaudit), 1);
215 debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon);
216 debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify);