projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
dodan override za lintian
[ossec-hids.git]
/
src
/
headers
/
rules_op.h
diff --git
a/src/headers/rules_op.h
b/src/headers/rules_op.h
index
dd03e63
..
07d6515
100755
(executable)
--- a/
src/headers/rules_op.h
+++ b/
src/headers/rules_op.h
@@
-1,4
+1,5
@@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/headers/rules_op.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
@@
-11,9
+12,9
@@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_RULESOP_H
#define _OS_RULESOP_H
#ifndef _OS_RULESOP_H
#define _OS_RULESOP_H
@@
-55,7
+56,7
@@
#define FIREWALL 3 /* Firewall events */
#define WEBLOG 7 /* Apache logs */
#define SQUID 8 /* Squid logs */
#define FIREWALL 3 /* Firewall events */
#define WEBLOG 7 /* Apache logs */
#define SQUID 8 /* Squid logs */
-#define WINDOWS 9 /* Windows logs */
+#define DECODER_WINDOWS 9 /* Windows logs */
#define HOST_INFO 10 /* Host information logs (from nmap or similar) */
#define OSSEC_RL 11 /* Ossec rules */
#define HOST_INFO 10 /* Host information logs (from nmap or similar) */
#define OSSEC_RL 11 /* Ossec rules */
@@
-93,7
+94,7
@@
typedef struct _RuleInfo
int __frequency;
char **last_events;
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
/* Not an option in the rule */
u_int16_t alert_opts;
@@
-103,7
+104,7
@@
typedef struct _RuleInfo
/* category */
u_int8_t category;
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
/* Decoded as */
u_int16_t decoded_as;
@@
-125,7
+126,7
@@
typedef struct _RuleInfo
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
char *group;
OSMatch *match;
@@
-147,11
+148,11
@@
typedef struct _RuleInfo
OSMatch *program_name;
OSMatch *extra_data;
char *action;
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
char *comment; /* description in the xml */
char *info;
char *cve;
-
+
char *if_sid;
char *if_level;
char *if_group;
char *if_sid;
char *if_level;
char *if_group;
@@
-159,14
+160,14
@@
typedef struct _RuleInfo
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void **ar;
}RuleInfo;
/** Prototypes **/
void **ar;
}RuleInfo;
/** Prototypes **/
-int OS_ReadXMLRules(char *rulefile,
+int OS_ReadXMLRules(char *rulefile,
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data);
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data);