-/* @(#) $Id: rootcheck.h,v 1.34 2009/06/24 18:53:07 dcid Exp $ */
+/* @(#) $Id: ./src/rootcheck/rootcheck.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __ROOTCHECK_H
#define __ROOTCHECK_H
/* rk_types */
#define ALERT_OK 0
-#define ALERT_SYSTEM_ERROR 1
+#define ALERT_SYSTEM_ERR 1
#define ALERT_SYSTEM_CRIT 2
#define ALERT_ROOTKIT_FOUND 3
#define ALERT_POLICY_VIOLATION 4
/* int rk_check_dir(char *dir, char *file, char *pattern) */
int rk_check_dir(char *dir, char *file, char *pattern);
-
+
/* pt_matches: Checks if pattern is present on string */
int pt_matches(char *str, char *pattern);
+/* pt_check_negate: checks if the patterns is made up
+ * completely of negate matches */
+int pt_check_negate(char *pattern);
/* common is_file: Check if a file exist (using stat, fopen and opendir) */
int is_file(char *file_name);
/* int rkcl_get_entry: Reads cl configuration file. */
int rkcl_get_entry(FILE *fp, char *msg, void *p_list);
-
+
/** char *normalize_string
* Normalizes a string, removing white spaces and tabs
* from the begining and the end of it.
*/
char *normalize_string(char *str);
-
+
/* Check if regex is present on the file.
* Similar to `strings file | grep -r regex`
- */
+ */
int os_string(char *file, char *regex);
/* check for NTFS ADS (Windows only)
*/
int os_check_ads(char *full_path);
-/* os_get_process_list: Get list of processes
+/* os_get_process_list: Get list of processes
*/
void *os_get_process_list();
/* is_process: Check is a process is running.
*/
int is_process(char *value, void *p_list);
-
+
/* del_plist:. Deletes the process list
*/
int del_plist(void *p_list);
-
+
/* Used to report messages */
int notify_rk(int rk_type, char *msg);
void check_rc_pids();
/* Verifies if "pid" is in the proc directory */
-int check_rc_readproc(int pid);
+int check_rc_readproc(int pid);
void check_rc_ports();