+void FileAccess_PreludeLog(idmef_message_t *idmef,
+ int filenum,
+ char *filename,
+ char *md5,
+ char *sha1,
+ char *owner,
+ char *gowner,
+ int perm) {
+
+ int _checksum_counter = 0;
+ char _prelude_section[128];
+ _prelude_section[127] = '\0';
+
+ debug1("%s: DEBUG: filename = %s.", ARGV0, filename);
+ debug1("%s: DEBUG: filenum = %d.", ARGV0, filenum);
+ if (filenum == 0) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).name",filenum);
+ add_idmef_object(idmef, _prelude_section, filename);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).category",filenum);
+ add_idmef_object(idmef, _prelude_section, "original");
+ } else if (filenum == 1) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).name",filenum);
+ add_idmef_object(idmef, _prelude_section, filename);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).category",filenum);
+ add_idmef_object(idmef, _prelude_section, "current");
+ } else {
+ return;
+ }
+
+
+ /* Add the hashs */
+ if (md5) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).checksum(%d).algorithm",filenum, _checksum_counter);
+ add_idmef_object(idmef, _prelude_section, "MD5");
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).checksum(%d).value",filenum, _checksum_counter);
+ add_idmef_object(idmef, _prelude_section, md5);
+ _checksum_counter++;
+ }
+ if (sha1) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).checksum(%d).algorithm",filenum, _checksum_counter);
+ add_idmef_object(idmef, _prelude_section, "SHA1");
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).checksum(%d).value",filenum, _checksum_counter);
+ add_idmef_object(idmef, _prelude_section, sha1);
+ _checksum_counter++;
+ }
+
+ /* add the owner */
+ if (owner) {
+ debug1("%s: DEBUG: owner = %s.", ARGV0, owner);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).user_id.number",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,owner);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).user_id.type",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section, "user-privs");
+ }
+ /*add the group owner */
+ if (gowner) {
+ debug1("%s: DEBUG: gowner = %s.", ARGV0, gowner);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).user_id.number",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,gowner);
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).user_id.type",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section, "group-privs");
+ }
+ /*add the permissions */
+ if (perm) {
+ if (perm & S_IWUSR) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(0)",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,"write");
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(1)",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,"delete");
+ }
+ if (perm & S_IXUSR) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(2)",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,"execute");
+ }
+ if (perm & S_IRUSR ) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(3)",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,"read");
+ }
+ if (perm & S_ISUID) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(4)",filenum,FILE_USER);
+ add_idmef_object(idmef, _prelude_section,"executeAs");
+ }
+
+ if (perm & S_IWGRP) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(0)",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,"write");
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(1)",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,"delete");
+ }
+ if (perm & S_IXGRP) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(2)",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,"execute");
+ }
+ if (perm & S_IRGRP ) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(3)",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,"read");
+ }
+ if (perm & S_ISGID) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(4)",filenum,FILE_GROUP);
+ add_idmef_object(idmef, _prelude_section,"executeAs");
+ }
+ if (perm & S_IWOTH) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(0)",filenum,FILE_OTHER);
+ add_idmef_object(idmef, _prelude_section,"write");
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(1)",filenum,FILE_OTHER);
+ add_idmef_object(idmef, _prelude_section,"delete");
+ }
+ if (perm & S_IXOTH) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(2)",filenum,FILE_OTHER);
+ add_idmef_object(idmef, _prelude_section,"execute");
+ }
+ if (perm & S_IROTH ) {
+ snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).permission(3)",filenum,FILE_OTHER);
+ add_idmef_object(idmef, _prelude_section,"read");
+ }
+ }
+ return;
+}