-/* @(#) $Id$ */
+/* @(#) $Id: ./src/syscheckd/run_realtime.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
if(strcmp(c_sum, buf+6) != 0)
{
- char *fullalert = NULL;
char alert_msg[OS_MAXSTR +1];
alert_msg[OS_MAXSTR] = '\0';
+ #ifdef WIN32
+ snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
+ #else
+ char *fullalert = NULL;
if(buf[5] == 's' || buf[5] == 'n')
{
fullalert = seechanges_addfile(file_name);
{
snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
}
+ #endif
send_syscheck_msg(alert_msg);
return(1);
#include <sys/inotify.h>
-#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_TO|IN_DELETE|IN_MOVED_FROM
+#define REALTIME_MONITOR_FLAGS IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF
#define REALTIME_EVENT_SIZE (sizeof (struct inotify_event))
#define REALTIME_EVENT_BUFFER (2048 * (REALTIME_EVENT_SIZE + 16))
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
- #endif
+ #endif
return(1);
}
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
- REALTIME_MONITOR_FLAGS);
+ REALTIME_MONITOR_FLAGS);
if(wd < 0)
{
- merror("%s: ERROR: Unable to add directory to real time "
+ merror("%s: ERROR: Unable to add directory to real time "
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
- if (len < 0)
+ if (len < 0)
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
- }
+ }
else if (len > 0)
{
- while (i < len)
+ while (i < len)
{
event = (struct inotify_event *) &buf[i];
snprintf(wdchar, 32, "%d", event->wd);
- snprintf(final_name, MAX_LINE, "%s/%s",
+ snprintf(final_name, MAX_LINE, "%s/%s",
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
if(dwerror != ERROR_SUCCESS)
{
- merror("%s: ERROR: real time call back called, but error is set.",
+ merror("%s: ERROR: real time call back called, but error is set.",
ARGV0);
return;
}
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
- merror("%s: ERROR: real time call back called, but hash is empty.",
+ merror("%s: ERROR: real time call back called, but hash is empty.",
ARGV0);
return;
}
-
+
do
{
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
- &rtlocald->overlap,
+ &rtlocald->overlap,
RTCallBack);
if(rc == 0)
{
- merror("%s: ERROR: Unable to set directory for monitoring: %s",
+ merror("%s: ERROR: Unable to set directory for monitoring: %s",
ARGV0, rtlocald->dir);
sleep(2);
}
os_calloc(1, sizeof(win32rtfim), rtlocald);
-
+
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
NULL);
- if(rtlocald->h == INVALID_HANDLE_VALUE ||
- rtlocald->h == NULL)
+ if(rtlocald->h == INVALID_HANDLE_VALUE ||
+ rtlocald->h == NULL)
{
free(rtlocald);
rtlocald = NULL;
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
- merror("%s: ERROR: Entry already in the real time hash: %s",
+ merror("%s: ERROR: Entry already in the real time hash: %s",
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);
projects / ossec-hids.git / blobdiff