projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
izmjene za lintian
[ossec-hids.git]
/
src
/
syscheckd
/
run_realtime.c
diff --git
a/src/syscheckd/run_realtime.c
b/src/syscheckd/run_realtime.c
index
19f7c7b
..
20d8fb2
100755
(executable)
--- a/
src/syscheckd/run_realtime.c
+++ b/
src/syscheckd/run_realtime.c
@@
-1,4
+1,5
@@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/syscheckd/run_realtime.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
@@
-73,9
+74,12
@@
int realtime_checksumfile(char *file_name)
if(strcmp(c_sum, buf+6) != 0)
{
if(strcmp(c_sum, buf+6) != 0)
{
- char *fullalert = NULL;
char alert_msg[OS_MAXSTR +1];
alert_msg[OS_MAXSTR] = '\0';
char alert_msg[OS_MAXSTR +1];
alert_msg[OS_MAXSTR] = '\0';
+ #ifdef WIN32
+ snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
+ #else
+ char *fullalert = NULL;
if(buf[5] == 's' || buf[5] == 'n')
{
fullalert = seechanges_addfile(file_name);
if(buf[5] == 's' || buf[5] == 'n')
{
fullalert = seechanges_addfile(file_name);
@@
-94,6
+98,7
@@
int realtime_checksumfile(char *file_name)
{
snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
}
{
snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
}
+ #endif
send_syscheck_msg(alert_msg);
return(1);
send_syscheck_msg(alert_msg);
return(1);
@@
-113,7
+118,7
@@
int realtime_checksumfile(char *file_name)
#include <sys/inotify.h>
#include <sys/inotify.h>
-#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_TO|IN_DELETE|IN_MOVED_FROM
+#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF
#define REALTIME_EVENT_SIZE (sizeof (struct inotify_event))
#define REALTIME_EVENT_BUFFER (2048 * (REALTIME_EVENT_SIZE + 16))
#define REALTIME_EVENT_SIZE (sizeof (struct inotify_event))
#define REALTIME_EVENT_BUFFER (2048 * (REALTIME_EVENT_SIZE + 16))
@@
-139,7
+144,7
@@
int realtime_start()
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
- #endif
+ #endif
return(1);
}
return(1);
}
@@
-166,10
+171,10
@@
int realtime_adddir(char *dir)
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
- REALTIME_MONITOR_FLAGS);
+ REALTIME_MONITOR_FLAGS);
if(wd < 0)
{
if(wd < 0)
{
- merror("%s: ERROR: Unable to add directory to real time "
+ merror("%s: ERROR: Unable to add directory to real time "
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
@@
-211,13
+216,13
@@
int realtime_process()
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
- if (len < 0)
+ if (len < 0)
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
- }
+ }
else if (len > 0)
{
else if (len > 0)
{
- while (i < len)
+ while (i < len)
{
event = (struct inotify_event *) &buf[i];
{
event = (struct inotify_event *) &buf[i];
@@
-231,7
+236,7
@@
int realtime_process()
snprintf(wdchar, 32, "%d", event->wd);
snprintf(wdchar, 32, "%d", event->wd);
- snprintf(final_name, MAX_LINE, "%s/%s",
+ snprintf(final_name, MAX_LINE, "%s/%s",
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
@@
-280,7
+285,7
@@
void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
if(dwerror != ERROR_SUCCESS)
{
if(dwerror != ERROR_SUCCESS)
{
- merror("%s: ERROR: real time call back called, but error is set.",
+ merror("%s: ERROR: real time call back called, but error is set.",
ARGV0);
return;
}
ARGV0);
return;
}
@@
-292,12
+297,12
@@
void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
- merror("%s: ERROR: real time call back called, but hash is empty.",
+ merror("%s: ERROR: real time call back called, but hash is empty.",
ARGV0);
return;
}
ARGV0);
return;
}
-
+
do
{
do
{
@@
-369,11
+374,11
@@
int realtime_win32read(win32rtfim *rtlocald)
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
- &rtlocald->overlap,
+ &rtlocald->overlap,
RTCallBack);
if(rc == 0)
{
RTCallBack);
if(rc == 0)
{
- merror("%s: ERROR: Unable to set directory for monitoring: %s",
+ merror("%s: ERROR: Unable to set directory for monitoring: %s",
ARGV0, rtlocald->dir);
sleep(2);
}
ARGV0, rtlocald->dir);
sleep(2);
}
@@
-403,7
+408,7
@@
int realtime_adddir(char *dir)
os_calloc(1, sizeof(win32rtfim), rtlocald);
os_calloc(1, sizeof(win32rtfim), rtlocald);
-
+
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
@@
-414,8
+419,8
@@
int realtime_adddir(char *dir)
NULL);
NULL);
- if(rtlocald->h == INVALID_HANDLE_VALUE ||
- rtlocald->h == NULL)
+ if(rtlocald->h == INVALID_HANDLE_VALUE ||
+ rtlocald->h == NULL)
{
free(rtlocald);
rtlocald = NULL;
{
free(rtlocald);
rtlocald = NULL;
@@
-435,7
+440,7
@@
int realtime_adddir(char *dir)
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
- merror("%s: ERROR: Entry already in the real time hash: %s",
+ merror("%s: ERROR: Entry already in the real time hash: %s",
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);