X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=src%2Fconfig%2Flocalfile-config.c;h=9c95036521840ab34d58458bc79ace13b6828447;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hp=dd523e87c623bf617877ade48255c8840873f210;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/config/localfile-config.c b/src/config/localfile-config.c index dd523e8..9c95036 100755 --- a/src/config/localfile-config.c +++ b/src/config/localfile-config.c @@ -1,17 +1,18 @@ -/* @(#) $Id: localfile-config.c,v 1.25 2009/11/03 21:07:32 dcid Exp $ */ +/* @(#) $Id: ./src/config/localfile-config.c, 2012/03/28 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ - -#include "shared.h" + +#include "shared.h" #include "localfile-config.h" @@ -19,9 +20,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { int pl = 0; int i = 0; - - int glob_set = 0; - + + int glob_set = 0; + #ifndef WIN32 int glob_offset = 0; #endif @@ -31,7 +32,10 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) char *xml_localfile_location = "location"; char *xml_localfile_command = "command"; char *xml_localfile_logformat = "log_format"; - + char *xml_localfile_frequency = "frequency"; + char *xml_localfile_alias = "alias"; + char *xml_localfile_future = "only-future-events"; + char *xml_localfile_query = "query"; logreader *logf; logreader_config *log_config; @@ -39,17 +43,23 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) log_config = (logreader_config *)d1; - /* If config is not set, we need to create it */ + /* If config is not set, we need to create it */ if(!log_config->config) { os_calloc(2, sizeof(logreader), log_config->config); logf = log_config->config; logf[0].file = NULL; logf[0].command = NULL; + logf[0].alias = NULL; logf[0].logformat = NULL; + logf[0].future = 0; + logf[0].query = NULL; logf[1].file = NULL; logf[1].command = NULL; + logf[1].alias = NULL; logf[1].logformat = NULL; + logf[1].future = 0; + logf[1].query = NULL; } else { @@ -58,23 +68,30 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { pl++; } - + /* Allocating more memory */ os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; logf[pl +1].file = NULL; logf[pl +1].command = NULL; + logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; + logf[pl +1].future = 0; + logf[pl +1].query = NULL; } - + logf[pl].file = NULL; logf[pl].command = NULL; + logf[pl].alias = NULL; logf[pl].logformat = NULL; + logf[pl].future = 0; + logf[pl].query = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; logf[pl].djb_program_name = NULL; - - + logf[pl].ign = 360; + + /* Searching for entries related to files */ i = 0; while(node[i]) @@ -89,22 +106,56 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(XML_VALUENULL, ARGV0, node[i]->element); return(OS_INVALID); } + else if(strcmp(node[i]->element,xml_localfile_future) == 0) + { + if (strcmp(node[i]->content, "yes") == 0) + logf[pl].future = 1; + } + else if(strcmp(node[i]->element,xml_localfile_query) == 0) + { + os_strdup(node[i]->content, logf[pl].query); + } else if(strcmp(node[i]->element,xml_localfile_command) == 0) { + /* We don't accept remote commands from the manager - just in case. */ + if(log_config->agent_cfg == 1 && log_config->accept_remote == 0) + { + merror("%s: Remote commands are not accepted from the manager. " + "Ignoring it on the agent.conf", ARGV0); + + logf[pl].file = NULL; + logf[pl].ffile = NULL; + logf[pl].command = NULL; + logf[pl].alias = NULL; + logf[pl].logformat = NULL; + logf[pl].fp = NULL; + return(OS_INVALID); + } + os_strdup(node[i]->content, logf[pl].file); logf[pl].command = logf[pl].file; } + else if(strcmp(node[i]->element,xml_localfile_frequency) == 0) + { + if(!OS_StrIsNum(node[i]->content)) + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + + logf[pl].ign = atoi(node[i]->content); + } else if(strcmp(node[i]->element,xml_localfile_location) == 0) { #ifdef WIN32 /* Expand variables on Windows. */ if(strchr(node[i]->content, '%')) { - int expandreturn = 0; + int expandreturn = 0; char newfile[OS_MAXSTR +1]; newfile[OS_MAXSTR] = '\0'; - expandreturn = ExpandEnvironmentStrings(node[i]->content, + expandreturn = ExpandEnvironmentStrings(node[i]->content, newfile, OS_MAXSTR); if((expandreturn > 0) && (expandreturn < OS_MAXSTR)) @@ -113,7 +164,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(newfile, node[i]->content); } - } + } #endif @@ -121,17 +172,17 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) * We will call this file multiple times until * there is no one else available. */ - #ifndef WIN32 /* No windows support for glob */ + #ifndef WIN32 /* No windows support for glob */ if(strchr(node[i]->content, '*') || strchr(node[i]->content, '?') || strchr(node[i]->content, '[')) { glob_t g; - + /* Setting ot the first entry of the glob */ if(glob_set == 0) glob_set = pl +1; - + if(glob(node[i]->content, 0, NULL, &g) != 0) { merror(GLOB_ERROR, ARGV0, node[i]->content); @@ -139,7 +190,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) i++; continue; } - + /* Checking for the last entry */ if((g.gl_pathv[glob_offset]) == NULL) { @@ -180,7 +231,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(g.gl_pathv[glob_offset], logf[pl].file); } - + glob_offset++; globfree(&g); @@ -188,13 +239,15 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) pl++; os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; - + logf[pl].file = NULL; + logf[pl].alias = NULL; logf[pl].logformat = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; - + logf[pl +1].file = NULL; + logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; /* We can not increment the file count in here */ @@ -202,7 +255,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } else if(strchr(node[i]->content, '%')) #else - if(strchr(node[i]->content, '%')) + if(strchr(node[i]->content, '%')) #endif /* WIN32 */ /* We need the format file (based on date) */ @@ -216,17 +269,15 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) lfile[OS_FLSIZE] = '\0'; ret = strftime(lfile, OS_FLSIZE, node[i]->content, p); - if(ret == 0) + if(ret != 0) { - merror(PARSE_ERROR, ARGV0, node[i]->content); - return(OS_INVALID); + os_strdup(node[i]->content, logf[pl].ffile); } - os_strdup(node[i]->content, logf[pl].ffile); os_strdup(node[i]->content, logf[pl].file); } - - + + /* Normal file */ else { @@ -242,6 +293,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) if(strcmp(logf[pl].logformat, "syslog") == 0) { } + else if(strcmp(logf[pl].logformat, "generic") == 0) + { + } else if(strcmp(logf[pl].logformat, "snort-full") == 0) { } @@ -263,6 +317,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, "mysql_log") == 0) { } + else if(strcmp(logf[pl].logformat, "ossecalert") == 0) + { + } else if(strcmp(logf[pl].logformat, "mssql_log") == 0) { } @@ -278,15 +335,55 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, "command") == 0) { } + else if(strcmp(logf[pl].logformat, "full_command") == 0) + { + } + else if(strncmp(logf[pl].logformat, "multi-line", 10) == 0) + { + int x = 0; + logf[pl].logformat+=10; + + while(logf[pl].logformat[0] == ' ') + logf[pl].logformat++; + + if(logf[pl].logformat[0] != ':') + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + logf[pl].logformat++; + + while(*logf[pl].logformat == ' ') + logf[pl].logformat++; + + while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9') + x++; + + while(logf[pl].logformat[x] == ' ') + x++; + + if(logf[pl].logformat[x] != '\0') + { + merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); + return(OS_INVALID); + } + } else if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { } + else if(strcmp(logf[pl].logformat, EVENTCHANNEL) == 0) + { + } else { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); return(OS_INVALID); } } + else if(strcasecmp(node[i]->element,xml_localfile_alias) == 0) + { + os_strdup(node[i]->content, logf[pl].alias); + } else { merror(XML_INVELEM, ARGV0, node[i]->element); @@ -301,7 +398,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) if(glob_set) { char *format; - + /* Getting log format */ if(logf[pl].logformat) { @@ -330,7 +427,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + if(logf[i].logformat == NULL) { logf[i].logformat = format; @@ -352,7 +449,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + /* Verifying a valid event log config */ if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { @@ -366,7 +463,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } } - if(strcmp(logf[pl].logformat, "command") == 0) + if((strcmp(logf[pl].logformat, "command") == 0)|| + (strcmp(logf[pl].logformat, "full_command") == 0)) { if(!logf[pl].command) {