[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: file-queue.c (HEAD) read-alert.c (HEAD) [dcid]
- To: ossec-cvs@xxxxxxxxx
- Subject: [ossec-cvs] ossec-hids: file-queue.c (HEAD) read-alert.c (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Mon, 13 Aug 2007 21:29:37 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 07/08/13 21:29:35
Modified files:
file-queue.c read-alert.c
Log message:
Description: Working alpha of the database support. the basic stuff should be working now, but we still need to improve the tables and a few other things.
Reviewed by: dcid
Example config:
<database_output>
<hostname>1.2.3.4</hostname>
<username>user</username>
<password>mypass</password>
<database>test1</database>
</database_output>
Bug:
Index: file-queue.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/shared/file-queue.c,v
diff -u -r1.5 -r1.6
--- file-queue.c 19 Dec 2006 19:10:56 -0000 1.5
+++ file-queue.c 14 Aug 2007 00:29:35 -0000 1.6
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 3) as published by the FSF - Free Software
* Foundation
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
@@ -15,9 +18,10 @@
#include "shared.h"
#include "file-queue.h"
+
/* To translante between month (int) to month (char) */
char *(s_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
- "Sep","Oct","Nov","Dec"};
+ "Sep","Oct","Nov","Dec"};
/** void file_sleep();
@@ -73,6 +77,7 @@
fileq->fp = NULL;
}
+
/* We must be able to open the file, fseek and get the
* time of change from it.
*/
@@ -83,6 +88,7 @@
return(0);
}
+
/* Seeking the end of file */
if(seek_end)
{
@@ -94,6 +100,7 @@
return(-1);
}
}
+
/* File change time */
if(fstat(fileno(fileq->fp), &fileq->f_status) < 0)
@@ -113,21 +120,33 @@
/** int Init_FileQueue(file_queue *fileq)
* Initiates the file monitoring.
*/
-int Init_FileQueue(file_queue *fileq, struct tm *p)
+int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
{
+ /* Initializing file_queue fields. */
fileq->fp = NULL;
fileq->last_change = 0;
- memset(fileq->file_name, '\0',MAX_FQUEUE + 1);
+ fileq->flags = 0;
+
fileq->day = p->tm_mday;
fileq->year = p->tm_year+1900;
+
strncpy(fileq->mon, s_month[p->tm_mon], 4);
+ memset(fileq->file_name, '\0',MAX_FQUEUE + 1);
+
+
+ /* Setting the supplied flags */
+ fileq->flags = flags;
+
/* Getting latest file */
GetFile_Queue(fileq);
+
/* Always seek end when starting the queue */
if(Handle_Queue(fileq, 1) < 0)
+ {
return(-1);
+ }
return(0);
}
@@ -141,6 +160,7 @@
int i = 0;
alert_data *al_data;
+
/* Getting currently file */
if(p->tm_mday != fileq->day)
{
@@ -168,13 +188,16 @@
return(NULL);
}
}
+
/* Try up to timeout times to get an event */
while(i < timeout)
{
- al_data = GetAlertData(CRALERT_MAIL_SET, fileq->fp);
+ al_data = GetAlertData(fileq->flags, fileq->fp);
if(al_data)
+ {
return(al_data);
+ }
i++;
file_sleep();
Index: read-alert.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/shared/read-alert.c,v
diff -u -r1.7 -r1.8
--- read-alert.c 11 Apr 2007 23:56:01 -0000 1.7
+++ read-alert.c 14 Aug 2007 00:29:35 -0000 1.8
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 3) as published by the FSF - Free Software
* Foundation
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
@@ -15,6 +18,7 @@
#include "shared.h"
#include "read-alert.h"
+
/* ** Alert xyz: email active-response ** */
#define ALERT_BEGIN "** Alert"
@@ -119,37 +123,40 @@
_r = 0;
}
+
/* Checking for the header */
if(strncmp(ALERT_BEGIN, str, ALERT_BEGIN_SZ) == 0)
{
p = str + ALERT_BEGIN_SZ + 1;
/* Searching for email flag */
- if(flag == CRALERT_MAIL_SET)
+ p = strchr(p, ' ');
+ if(!p)
{
- p = strchr(p, ' ');
- if(!p)
- {
- continue;
- }
+ continue;
+ }
+ p++;
+
+
+ /* Checking for the flags */
+ if((flag & CRALERT_MAIL_SET) &&
+ (strncmp(ALERT_MAIL, p, ALERT_MAIL_SZ) != 0))
+ {
+ continue;
+ }
+
+ p = strchr(p, '-');
+ if(p)
+ {
p++;
- if(strncmp(ALERT_MAIL, p, ALERT_MAIL_SZ) != 0)
- {
- continue;
- }
-
- p = strchr(p, '-');
- if(p)
- {
- p++;
- os_strdup(p, group);
-
- /* Cleaning new line from group */
- os_clearnl(group, p);
- }
+ os_strdup(p, group);
+
+ /* Cleaning new line from group */
+ os_clearnl(group, p);
}
+
/* Searching for active-response flag */
_r = 1;
continue;
@@ -157,6 +164,7 @@
if(_r < 1)
continue;
+
/*** Extract information from the event ***/
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.