X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=src%2Fconfig%2Flocalfile-config.c;h=9c95036521840ab34d58458bc79ace13b6828447;hb=927951d1c1ad45ba9e7325f07d996154a91c911b;hp=6f53bffaa0c779347772b1f2f0f9b36b1886d8ba;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/src/config/localfile-config.c b/src/config/localfile-config.c index 6f53bff..9c95036 100755 --- a/src/config/localfile-config.c +++ b/src/config/localfile-config.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/config/localfile-config.c, 2012/03/28 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. @@ -9,9 +10,9 @@ * Foundation */ - -#include "shared.h" + +#include "shared.h" #include "localfile-config.h" @@ -19,9 +20,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { int pl = 0; int i = 0; - - int glob_set = 0; - + + int glob_set = 0; + #ifndef WIN32 int glob_offset = 0; #endif @@ -33,6 +34,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) char *xml_localfile_logformat = "log_format"; char *xml_localfile_frequency = "frequency"; char *xml_localfile_alias = "alias"; + char *xml_localfile_future = "only-future-events"; + char *xml_localfile_query = "query"; logreader *logf; logreader_config *log_config; @@ -40,7 +43,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) log_config = (logreader_config *)d1; - /* If config is not set, we need to create it */ + /* If config is not set, we need to create it */ if(!log_config->config) { os_calloc(2, sizeof(logreader), log_config->config); @@ -49,10 +52,14 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) logf[0].command = NULL; logf[0].alias = NULL; logf[0].logformat = NULL; + logf[0].future = 0; + logf[0].query = NULL; logf[1].file = NULL; logf[1].command = NULL; logf[1].alias = NULL; logf[1].logformat = NULL; + logf[1].future = 0; + logf[1].query = NULL; } else { @@ -61,7 +68,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) { pl++; } - + /* Allocating more memory */ os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; @@ -69,18 +76,22 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) logf[pl +1].command = NULL; logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; + logf[pl +1].future = 0; + logf[pl +1].query = NULL; } - + logf[pl].file = NULL; logf[pl].command = NULL; logf[pl].alias = NULL; logf[pl].logformat = NULL; + logf[pl].future = 0; + logf[pl].query = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; logf[pl].djb_program_name = NULL; logf[pl].ign = 360; - + /* Searching for entries related to files */ i = 0; while(node[i]) @@ -95,8 +106,32 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(XML_VALUENULL, ARGV0, node[i]->element); return(OS_INVALID); } + else if(strcmp(node[i]->element,xml_localfile_future) == 0) + { + if (strcmp(node[i]->content, "yes") == 0) + logf[pl].future = 1; + } + else if(strcmp(node[i]->element,xml_localfile_query) == 0) + { + os_strdup(node[i]->content, logf[pl].query); + } else if(strcmp(node[i]->element,xml_localfile_command) == 0) { + /* We don't accept remote commands from the manager - just in case. */ + if(log_config->agent_cfg == 1 && log_config->accept_remote == 0) + { + merror("%s: Remote commands are not accepted from the manager. " + "Ignoring it on the agent.conf", ARGV0); + + logf[pl].file = NULL; + logf[pl].ffile = NULL; + logf[pl].command = NULL; + logf[pl].alias = NULL; + logf[pl].logformat = NULL; + logf[pl].fp = NULL; + return(OS_INVALID); + } + os_strdup(node[i]->content, logf[pl].file); logf[pl].command = logf[pl].file; } @@ -116,11 +151,11 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) /* Expand variables on Windows. */ if(strchr(node[i]->content, '%')) { - int expandreturn = 0; + int expandreturn = 0; char newfile[OS_MAXSTR +1]; newfile[OS_MAXSTR] = '\0'; - expandreturn = ExpandEnvironmentStrings(node[i]->content, + expandreturn = ExpandEnvironmentStrings(node[i]->content, newfile, OS_MAXSTR); if((expandreturn > 0) && (expandreturn < OS_MAXSTR)) @@ -129,7 +164,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(newfile, node[i]->content); } - } + } #endif @@ -137,17 +172,17 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) * We will call this file multiple times until * there is no one else available. */ - #ifndef WIN32 /* No windows support for glob */ + #ifndef WIN32 /* No windows support for glob */ if(strchr(node[i]->content, '*') || strchr(node[i]->content, '?') || strchr(node[i]->content, '[')) { glob_t g; - + /* Setting ot the first entry of the glob */ if(glob_set == 0) glob_set = pl +1; - + if(glob(node[i]->content, 0, NULL, &g) != 0) { merror(GLOB_ERROR, ARGV0, node[i]->content); @@ -155,7 +190,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) i++; continue; } - + /* Checking for the last entry */ if((g.gl_pathv[glob_offset]) == NULL) { @@ -196,7 +231,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) os_strdup(g.gl_pathv[glob_offset], logf[pl].file); } - + glob_offset++; globfree(&g); @@ -204,13 +239,13 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) pl++; os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config); logf = log_config->config; - + logf[pl].file = NULL; logf[pl].alias = NULL; logf[pl].logformat = NULL; logf[pl].fp = NULL; logf[pl].ffile = NULL; - + logf[pl +1].file = NULL; logf[pl +1].alias = NULL; logf[pl +1].logformat = NULL; @@ -220,7 +255,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } else if(strchr(node[i]->content, '%')) #else - if(strchr(node[i]->content, '%')) + if(strchr(node[i]->content, '%')) #endif /* WIN32 */ /* We need the format file (based on date) */ @@ -234,17 +269,15 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) lfile[OS_FLSIZE] = '\0'; ret = strftime(lfile, OS_FLSIZE, node[i]->content, p); - if(ret == 0) + if(ret != 0) { - merror(PARSE_ERROR, ARGV0, node[i]->content); - return(OS_INVALID); + os_strdup(node[i]->content, logf[pl].ffile); } - os_strdup(node[i]->content, logf[pl].ffile); os_strdup(node[i]->content, logf[pl].file); } - - + + /* Normal file */ else { @@ -284,6 +317,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, "mysql_log") == 0) { } + else if(strcmp(logf[pl].logformat, "ossecalert") == 0) + { + } else if(strcmp(logf[pl].logformat, "mssql_log") == 0) { } @@ -309,7 +345,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) while(logf[pl].logformat[0] == ' ') logf[pl].logformat++; - + if(logf[pl].logformat[0] != ':') { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); @@ -319,8 +355,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) while(*logf[pl].logformat == ' ') logf[pl].logformat++; - - while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9') + + while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9') x++; while(logf[pl].logformat[x] == ' ') @@ -335,6 +371,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) else if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { } + else if(strcmp(logf[pl].logformat, EVENTCHANNEL) == 0) + { + } else { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); @@ -359,7 +398,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) if(glob_set) { char *format; - + /* Getting log format */ if(logf[pl].logformat) { @@ -388,7 +427,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + if(logf[i].logformat == NULL) { logf[i].logformat = format; @@ -410,7 +449,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) merror(MISS_FILE, ARGV0); return(OS_INVALID); } - + /* Verifying a valid event log config */ if(strcmp(logf[pl].logformat, EVENTLOG) == 0) { @@ -425,7 +464,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2) } if((strcmp(logf[pl].logformat, "command") == 0)|| - (strcmp(logf[pl].logformat, "full_command") == 0)) + (strcmp(logf[pl].logformat, "full_command") == 0)) { if(!logf[pl].command) {