-/* @(#) $Id: rootcheck.c,v 1.33 2009/07/23 19:31:35 dcid Exp $ */
+/* @(#) $Id: ./src/rootcheck/rootcheck.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
/*
* Rootcheck v 0.3
* Copyright (C) 2003 Daniel B. Cid <daniel@underlinux.com.br>
int rootcheck_init(int test_config)
{
int c;
-
-#endif
-
- #ifdef OSSECHIDS
+
+#endif
+
+ #ifdef OSSECHIDS
char *cfg = DEFAULTCPATH;
#else
char *cfg = "./rootcheck.conf";
#endif
-
- /* Zeroing the structure */
+
+ /* Zeroing the structure, initializing default values */
rootcheck.workdir = NULL;
rootcheck.basedir = NULL;
rootcheck.unixaudit = NULL;
rootcheck.time = ROOTCHECK_WAIT;
+ rootcheck.checks.rc_dev = 1;
+ rootcheck.checks.rc_files = 1;
+ rootcheck.checks.rc_if = 1;
+ rootcheck.checks.rc_pids = 1;
+ rootcheck.checks.rc_ports = 1;
+ rootcheck.checks.rc_sys = 1;
+ rootcheck.checks.rc_trojans = 1;
+
+ #ifdef WIN32
+
+ rootcheck.checks.rc_winaudit = 1;
+ rootcheck.checks.rc_winmalware = 1;
+ rootcheck.checks.rc_winapps = 1;
+
+ #else
+
+ rootcheck.checks.rc_unixaudit = 1;
+
+ #endif
+
/* We store up to 255 alerts in there. */
os_calloc(256, sizeof(char *), rootcheck.alert_msg);
c = 0;
rootcheck.alert_msg[c] = NULL;
c++;
}
-
+
#ifndef OSSECHIDS
rootcheck.notify = SYSLOG;
break;
case 't':
test_config = 1;
- break;
+ break;
case 'r':
rootcheck.readall = 1;
- break;
+ break;
default:
rootcheck_help();
- break;
+ break;
}
}
-
+
#ifdef WIN32
/* Starting Winsock */
{
}
}
#endif
-
-
+
+
#endif /* OSSECHIDS */
-
+
/* Staring message */
debug1(STARTED_MSG,ARGV0);
verbose("%s: Rootcheck disabled. Exiting.", ARGV0);
return(1);
}
-
-
+
+
/* Checking if Unix audit file is configured. */
if(!rootcheck.unixaudit)
{
log2file("%s: System audit file not configured.", ARGV0);
#endif
}
-
-
+
+
/* Setting default values */
if(rootcheck.workdir == NULL)
rootcheck.workdir = DEFAULTDIR;
#ifdef OSSECHIDS
-
+
/* Start up message */
#ifdef WIN32
verbose(STARTUP_MSG, "ossec-rootcheck", getpid());
#else
-
+
/* Connect to the queue if configured to do so */
if(rootcheck.notify == QUEUE)
{
debug1("%s: Starting queue ...",ARGV0);
-
+
/* Starting the queue. */
if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ {
merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH, strerror(errno));
-
+
/* 5 seconds to see if the agent starts */
sleep(5);
if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
}
#endif /* Not win32 */
-
+
#endif /* ossec hids */
#ifndef OSSECHIDS
-
+
#ifndef WIN32
/* Start the signal handling */
StartSIG(ARGV0);
#else
return(0);
-
+
#endif
-
+
debug1("%s: DEBUG: Running run_rk_check",ARGV0);
- run_rk_check();
+ run_rk_check();
-
- debug1("%s: DEBUG: Leaving...",ARGV0);
- return(0);
+ debug1("%s: DEBUG: Leaving...",ARGV0);
+
+ return(0);
}
/* EOF */