-/* @(#) $Id$ */
+/* @(#) $Id: ./src/config/active-response.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
* Foundation
*/
-
+#ifndef WIN32
+#include <sys/types.h>
+#include <grp.h>
+#endif
#include "shared.h"
#include "os_xml/os_xml.h"
#include "os_regex/os_regex.h"
int i = 0;
int r_ar = 0;
int l_ar = 0;
+ int rpt = 0;
/* Xml options */
char *xml_ar_level = "level";
char *xml_ar_timeout = "timeout";
char *xml_ar_disabled = "disabled";
+ char *xml_ar_repeated = "repeated_offenders";
char *tmp_location;
merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH);
return(-1);
}
- chmod(DEFAULTARPATH, 0444);
+
+#ifndef WIN32
+ struct group *os_group;
+ if((os_group = getgrnam(USER)) == NULL)
+ {
+ merror("Could not get ossec gid.");
+ fclose(fp);
+ return(-1);
+ }
+
+ if((chown(DEFAULTARPATH, -1, os_group->gr_gid)) == -1)
+ {
+ merror("Could not change the group to ossec: %d", errno);
+ fclose(fp);
+ return(-1);
+ }
+#endif
+
+ if((chmod(DEFAULTARPATH, 0440)) == -1)
+ {
+ merror("Could not chmod to 0440: %d", errno);
+ fclose(fp);
+ return(-1);
+ }
/* Allocating for the active-response */
if(!tmp_ar)
{
merror(MEM_ERROR, ARGV0);
+ fclose(fp);
return(-1);
}
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
{
merror(XML_ELEMNULL, ARGV0);
- return(OS_INVALID);
+ goto error_invalid;
}
else if(!node[i]->content)
{
merror(XML_VALUENULL, ARGV0, node[i]->element);
- return(OS_INVALID);
+ goto error_invalid;
}
/* Command */
- if(strcmp(node[i]->element, xml_ar_command) == 0)
+ if(strcmp(node[i]->element, xml_ar_command) == 0)
{
tmp_ar->command = strdup(node[i]->content);
}
/* Target */
- else if(strcmp(node[i]->element, xml_ar_location) == 0)
+ else if(strcmp(node[i]->element, xml_ar_location) == 0)
{
tmp_location = strdup(node[i]->content);
}
if(!OS_StrIsNum(node[i]->content))
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
- return(OS_INVALID);
+ goto error_invalid;
}
-
+
tmp_ar->level = atoi(node[i]->content);
/* Making sure the level is valid */
if((tmp_ar->level < 0) || (tmp_ar->level > 20))
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
- return(OS_INVALID);
+ goto error_invalid;
}
}
else if(strcmp(node[i]->element, xml_ar_timeout) == 0)
else
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
- return(OS_INVALID);
+ goto error_invalid;
}
}
+ else if(strcmp(node[i]->element, xml_ar_repeated) == 0)
+ {
+ /* Nothing - we deal with it on execd. */
+ rpt = 1;
+ }
else
{
merror(XML_INVELEM, ARGV0, node[i]->element);
- return(OS_INVALID);
+ goto error_invalid;
}
i++;
- }
+ }
/* Checking if ar is disabled */
if(ar_flag == -1)
{
fclose(fp);
+ free(tmp_ar);
return(0);
}
/* Command and location must be there */
if(!tmp_ar->command || !tmp_location)
{
+ if(rpt == 1)
+ {
+ fclose(fp);
+ free(tmp_ar);
+ return(0);
+ }
merror(AR_MISS, ARGV0);
+ fclose(fp);
+ free(tmp_ar);
return(-1);
}
if(!tmp_ar->agent_id)
{
merror(AR_DEF_AGENT, ARGV0);
+ fclose(fp);
+ free(tmp_ar);
+ free(tmp_location);
return(-1);
}
}
/* If we didn't set any value for the location */
- if(tmp_ar->location == 0)
+ if(tmp_ar->location == 0)
{
merror(AR_INV_LOC, ARGV0, tmp_location);
+ fclose(fp);
+ free(tmp_ar);
+ free(tmp_location);
return(-1);
}
- /* cleaning tmp_location */
+ /* cleaning tmp_location */
free(tmp_location);
tmp_location = NULL;
if(tmp_ar->ar_cmd == NULL)
{
merror(AR_INV_CMD, ARGV0, tmp_ar->command);
+ fclose(fp);
+ free(tmp_ar);
return(-1);
}
}
if(tmp_ar->timeout && !tmp_ar->ar_cmd->timeout_allowed)
{
merror(AR_NO_TIMEOUT, ARGV0, tmp_ar->ar_cmd->name);
+ fclose(fp);
+ free(tmp_ar);
return(-1);
}
if(!OSList_AddData(d2, (void *)tmp_ar))
{
merror(LIST_ADD_ERROR, ARGV0);
+ fclose(fp);
+ free(tmp_ar);
return(-1);
}
{
ErrorExit(MEM_ERROR, ARGV0);
}
- snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
+ snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
tmp_ar->ar_cmd->name,
- tmp_ar->timeout);
+ tmp_ar->timeout);
/* Adding to shared file */
- fprintf(fp, "%s - %s - %d\n",
+ fprintf(fp, "%s - %s - %d\n",
tmp_ar->name,
tmp_ar->ar_cmd->executable,
tmp_ar->timeout);
{
ar_flag|= LOCAL_AR;
}
-
+
/* Closing shared file for active response */
fclose(fp);
/* Done over here */
return(0);
+
+ /* in case of an error clean up first*/
+ error_invalid:
+ fclose(fp);
+ free(tmp_ar);
+ return(OS_INVALID);
}
tmp_command->timeout_allowed = 0;
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
{
merror(XML_ELEMNULL, ARGV0);
+ free(tmp_command);
return(OS_INVALID);
}
else if(!node[i]->content)
{
merror(XML_VALUENULL, ARGV0, node[i]->element);
+ free(tmp_command);
return(OS_INVALID);
}
- if(strcmp(node[i]->element, command_name) == 0)
+ if(strcmp(node[i]->element, command_name) == 0)
{
tmp_command->name = strdup(node[i]->content);
}
- else if(strcmp(node[i]->element, command_expect) == 0)
+ else if(strcmp(node[i]->element, command_expect) == 0)
{
tmp_str = strdup(node[i]->content);
}
else
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ free(tmp_command);
return(OS_INVALID);
}
}
else
{
merror(XML_INVELEM, ARGV0, node[i]->element);
+ free(tmp_command);
return(OS_INVALID);
}
i++;
if(!tmp_command->name || !tmp_str || !tmp_command->executable)
{
merror(AR_CMD_MISS, ARGV0);
+ free(tmp_command);
return(-1);
}
/* Getting the expect */
- if(OS_Regex("user", tmp_str))
- tmp_command->expect |= USERNAME;
- if(OS_Regex("srcip", tmp_str))
- tmp_command->expect |= SRCIP;
+ if(strlen(tmp_str) >= 4)
+ {
+ if(OS_Regex("user", tmp_str))
+ tmp_command->expect |= USERNAME;
+ if(OS_Regex("srcip", tmp_str))
+ tmp_command->expect |= SRCIP;
+ if(OS_Regex("filename", tmp_str))
+ tmp_command->expect |= FILENAME;
+ }
free(tmp_str);
tmp_str = NULL;
if(!OSList_AddData(d1, (void *)tmp_command))
{
merror(LIST_ADD_ERROR, ARGV0);
+ free(tmp_command);
return(-1);
}
-
/* Done over here */
return(0);
}