X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=src%2Frootcheck%2Frootcheck.c;h=c4a17d8532a007274bbf0dbcea4900fdcafedcd0;hb=HEAD;hp=00831b6c4783835ae3ca4b17bed4485e0522b024;hpb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;p=ossec-hids.git diff --git a/src/rootcheck/rootcheck.c b/src/rootcheck/rootcheck.c old mode 100755 new mode 100644 index 00831b6..c4a17d8 --- a/src/rootcheck/rootcheck.c +++ b/src/rootcheck/rootcheck.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/rootcheck/rootcheck.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -11,71 +8,63 @@ */ /* - * Rootcheck v 0.3 + * Rootcheck * Copyright (C) 2003 Daniel B. Cid * http://www.ossec.net/rootcheck/ - * */ -/* Included from the Rootcheck project */ - - #include "headers/shared.h" - #include "rootcheck.h" +rkconfig rootcheck; +char **rk_sys_file; +char **rk_sys_name; +int rk_sys_count; +char total_ports_udp[65535 + 1]; +char total_ports_tcp[65535 + 1]; + #ifndef ARGV0 #define ARGV0 "rootcheck" #endif - - -/** Prototypes **/ -/* Read the new XML config */ -int Read_Rootcheck_Config(char * cfgfile, rkconfig *cfg); - - #ifndef OSSECHIDS -void rootcheck_help() + +/* Print help statement */ +void help_rootcheck() { - printf("\n"); - printf("Rootcheck v0.8 (Mar/12/2008):\n"); - printf("http://www.ossec.net/rootcheck/\n"); - printf("Available options:\n"); - printf("\t\t-h\t This Help message\n"); - printf("\t\t-c Configuration file\n"); - printf("\t\t-d\t Enable debug\n"); - printf("\t\t-D Set the working directory\n"); - printf("\t\t-s\t Scans the whole system\n"); - printf("\t\t-r\t Read all the files for kernel-based detection\n"); - printf("\n"); - exit(0); + print_header(); + print_out(" %s: -[Vhdtsr] [-c config] [-D dir]", ARGV0); + print_out(" -V Version and license message"); + print_out(" -h Print this help message"); + print_out(" -d Execute in debug mode. This parameter"); + print_out(" can be specified multiple times"); + print_out(" to increase the debug level."); + print_out(" -t Test configuration"); + print_out(" -s Scan the whole system"); + print_out(" -r Read all the files for kernel-based detection"); + print_out(" -c Configuration file to use"); + print_out(" -D Directory to chroot into (default: %s)", DEFAULTDIR); + print_out(" "); + exit(1); } -/* main v0.1 - * - */ int main(int argc, char **argv) { - int c; int test_config = 0; + const char *cfg = "./rootcheck.conf"; #else int rootcheck_init(int test_config) { - int c; + const char *cfg = DEFAULTCPATH; -#endif +#endif /* OSSECHIDS */ - #ifdef OSSECHIDS - char *cfg = DEFAULTCPATH; - #else - char *cfg = "./rootcheck.conf"; - #endif + int c; - /* Zeroing the structure, initializing default values */ + /* Zero the structure, initialize default values */ rootcheck.workdir = NULL; rootcheck.basedir = NULL; rootcheck.unixaudit = NULL; @@ -90,10 +79,10 @@ int rootcheck_init(int test_config) rootcheck.scanall = 0; rootcheck.readall = 0; rootcheck.disabled = 0; + rootcheck.skip_nfs = 0; rootcheck.alert_msg = NULL; rootcheck.time = ROOTCHECK_WAIT; - rootcheck.checks.rc_dev = 1; rootcheck.checks.rc_files = 1; rootcheck.checks.rc_if = 1; @@ -102,52 +91,50 @@ int rootcheck_init(int test_config) rootcheck.checks.rc_sys = 1; rootcheck.checks.rc_trojans = 1; - #ifdef WIN32 +#ifdef OSSECHIDS + rootcheck.tsleep = (unsigned int) getDefine_Int("rootcheck", "sleep", 0, 64); +#endif +#ifdef WIN32 rootcheck.checks.rc_winaudit = 1; rootcheck.checks.rc_winmalware = 1; rootcheck.checks.rc_winapps = 1; - - #else - +#else rootcheck.checks.rc_unixaudit = 1; +#endif - #endif - - /* We store up to 255 alerts in there. */ + /* We store up to 255 alerts in there */ os_calloc(256, sizeof(char *), rootcheck.alert_msg); c = 0; - while(c <= 255) - { + while (c <= 255) { rootcheck.alert_msg[c] = NULL; c++; } - - #ifndef OSSECHIDS +#ifndef OSSECHIDS rootcheck.notify = SYSLOG; rootcheck.daemon = 0; - while((c = getopt(argc, argv, "VstrdhD:c:")) != -1) - { - switch(c) - { + while ((c = getopt(argc, argv, "VstrdhD:c:")) != -1) { + switch (c) { case 'V': print_version(); break; case 'h': - rootcheck_help(); + help_rootcheck(); break; case 'd': nowDebug(); break; case 'D': - if(!optarg) - ErrorExit("%s: -D needs an argument",ARGV0); + if (!optarg) { + ErrorExit("%s: -D needs an argument", ARGV0); + } rootcheck.workdir = optarg; break; case 'c': - if(!optarg) - ErrorExit("%s: -c needs an argument",ARGV0); + if (!optarg) { + ErrorExit("%s: -c needs an argument", ARGV0); + } cfg = optarg; break; case 's': @@ -160,142 +147,109 @@ int rootcheck_init(int test_config) rootcheck.readall = 1; break; default: - rootcheck_help(); + help_rootcheck(); break; } - } - - - #ifdef WIN32 - /* Starting Winsock */ +#ifdef WIN32 + /* Start Winsock */ { WSADATA wsaData; - if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) - { + if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) { ErrorExit("%s: WSAStartup() failed", ARGV0); } } - #endif - +#endif /* WIN32 */ - #endif /* OSSECHIDS */ - - - /* Staring message */ - debug1(STARTED_MSG,ARGV0); +#endif /* OSSECHIDS */ + /* Start up message */ + debug1(STARTED_MSG, ARGV0); - /* Checking if the configuration is present */ - if(File_DateofChange(cfg) < 0) - { - merror("%s: Configuration file '%s' not found",ARGV0,cfg); - return(-1); + /* Check if the configuration is present */ + if (File_DateofChange(cfg) < 0) { + merror("%s: Configuration file '%s' not found", ARGV0, cfg); + return (-1); } - - /* Reading configuration --function specified twice (check makefile) */ - if(Read_Rootcheck_Config(cfg, &rootcheck) < 0) - { + /* Read configuration --function specified twice (check makefile) */ + if (Read_Rootcheck_Config(cfg) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } - /* If testing config, exit here */ - if(test_config) - return(0); - + if (test_config) { + return (0); + } /* Return 1 disables rootcheck */ - if(rootcheck.disabled == 1) - { + if (rootcheck.disabled == 1) { verbose("%s: Rootcheck disabled. Exiting.", ARGV0); - return(1); + return (1); } - - /* Checking if Unix audit file is configured. */ - if(!rootcheck.unixaudit) - { - #ifndef WIN32 + /* Check if Unix audit file is configured */ + if (!rootcheck.unixaudit) { +#ifndef WIN32 log2file("%s: System audit file not configured.", ARGV0); - #endif +#endif } - - /* Setting default values */ - if(rootcheck.workdir == NULL) + /* Set default values */ + if (rootcheck.workdir == NULL) { rootcheck.workdir = DEFAULTDIR; + } - - #ifdef OSSECHIDS - - +#ifdef OSSECHIDS /* Start up message */ - #ifdef WIN32 +#ifdef WIN32 verbose(STARTUP_MSG, "ossec-rootcheck", getpid()); - #else - +#else /* Connect to the queue if configured to do so */ - if(rootcheck.notify == QUEUE) - { - debug1("%s: Starting queue ...",ARGV0); + if (rootcheck.notify == QUEUE) { + debug1("%s: Starting queue ...", ARGV0); - /* Starting the queue. */ - if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { - merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH, strerror(errno)); + /* Start the queue */ + if ((rootcheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { + merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno)); /* 5 seconds to see if the agent starts */ sleep(5); - if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { - /* more 10 seconds wait.. */ - merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH, strerror(errno)); + if ((rootcheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { + /* Wait 10 more seconds */ + merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno)); sleep(10); - if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH); + if ((rootcheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { + ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); + } } } } - #endif /* Not win32 */ +#endif /* WIN32 */ - #endif /* ossec hids */ +#endif /* OSSECHIDS */ - - /* Initializing rk list */ - rk_sys_name = calloc(MAX_RK_SYS +2, sizeof(char *)); - rk_sys_file = calloc(MAX_RK_SYS +2, sizeof(char *)); - if(!rk_sys_name || !rk_sys_file) - { - ErrorExit(MEM_ERROR, ARGV0); + /* Initialize rk list */ + rk_sys_name = (char **) calloc(MAX_RK_SYS + 2, sizeof(char *)); + rk_sys_file = (char **) calloc(MAX_RK_SYS + 2, sizeof(char *)); + if (!rk_sys_name || !rk_sys_file) { + ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno)); } rk_sys_name[0] = NULL; rk_sys_file[0] = NULL; - - #ifndef OSSECHIDS - - #ifndef WIN32 - /* Start the signal handling */ +#ifndef OSSECHIDS +#ifndef WIN32 + /* Start signal handling */ StartSIG(ARGV0); - #endif - - #else - return(0); - - #endif - - - debug1("%s: DEBUG: Running run_rk_check",ARGV0); +#endif + debug1("%s: DEBUG: Running run_rk_check", ARGV0); run_rk_check(); - - debug1("%s: DEBUG: Leaving...",ARGV0); - - return(0); + debug1("%s: DEBUG: Leaving...", ARGV0); +#endif /* OSSECHIDS */ + return (0); } -/* EOF */