-/* @(#) $Id: rules_op.h,v 1.3 2009/06/24 17:06:26 dcid Exp $ */
+/* @(#) $Id: ./src/headers/rules_op.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation.
*
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_RULESOP_H
#define _OS_RULESOP_H
#define DIFFERENT_URL 0x010 /* */
#define SAME_SRCPORT 0x020
#define SAME_DSTPORT 0x040
+#define SAME_DODIFF 0x100
#define NOT_SAME_USER 0xffe /* 0xfff - 0x001 */
#define NOT_SAME_SRCIP 0xffd /* 0xfff - 0x002 */
#define NOT_SAME_ID 0xffb /* 0xfff - 0x004 */
#define DO_FTS 0x001
#define DO_MAILALERT 0x002
#define DO_LOGALERT 0x004
+#define NO_AR 0x008
#define NO_ALERT 0x010
#define DO_OVERWRITE 0x020
#define DO_PACKETINFO 0x040
#define FIREWALL 3 /* Firewall events */
#define WEBLOG 7 /* Apache logs */
#define SQUID 8 /* Squid logs */
-#define WINDOWS 9 /* Windows logs */
+#define DECODER_WINDOWS 9 /* Windows logs */
#define HOST_INFO 10 /* Host information logs (from nmap or similar) */
#define OSSEC_RL 11 /* Ossec rules */
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
-
+
char *if_sid;
char *if_level;
char *if_group;
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void **ar;
}RuleInfo;
/** Prototypes **/
-int OS_ReadXMLRules(char *rulefile,
+int OS_ReadXMLRules(char *rulefile,
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data);