[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: server.c (NEW) Makefile (HEAD) db_op.c (HEAD) db_op.h (HEAD) dbd.c (HEAD) dbd.h (HEAD) main.c (HEAD) mysql.schema (HEAD) rules.c (HEAD) [dcid]
Module name: ossec-hids
Changes by: dcid 07/08/17 22:07:50
Modified files:
Makefile db_op.c db_op.h dbd.c dbd.h main.c mysql.schema rules.c
Added files:
server.c
Log message:
Description: Improving the db schema, adding servers information ,etc. Still not ready to be used yet. Some fixes to the windows application list by mdmonk.
Reviewed by: dcid
Bug:
--- NEW FILE: server.c ---
/* @(#) $Id: server.c,v 1.1 2007/08/18 01:07:49 dcid Exp $ */
/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
* License (version 3) as published by the FSF - Free Software
* Foundation
*
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
#include "dbd.h"
#include "config/config.h"
#include "rules_op.h"
/** int __DBSelectServer(char *server, DBConfig *db_config)
* Selects the server ID from the db.
* Returns 0 if not found.
*/
int __DBSelectServer(char *server, DBConfig *db_config)
{
int result = 0;
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"SELECT id FROM "
"server WHERE hostname = '%s'",
server);
/* Checking return code. */
result = osdb_query_select(db_config->conn, sql_query);
return(result);
}
/** int __DBInsertServer(char *server, char *info, DBConfig *db_config)
* Inserts server in to the db.
*/
int __DBInsertServer(char *server, char *info, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
"server(id, last_contact, version, hostname, information) "
"VALUES (NULL, '%u', '%s', '%s', '%s') ON DUPLICATE KEY UPDATE "
"last_contact='%u',version='%s',information='%s'",
time(0), __version, server, info, time(0), __version, info);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_MAINERROR, ARGV0);
}
return(0);
}
/** int OS_Server_ReadInsertDB(void *db_config)
* Insert server info to the db.
* Returns server ID or 0 on error.
*/
int OS_Server_ReadInsertDB(void *db_config)
{
int server_id = 0;
char *info;
/* Getting servers hostname */
memset(__shost, '\0', 512);
memset(info, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
merror("%s: Error: gethostname() failed", ARGV0);
return(0);
}
/* Getting system uname */
info = getuname();
if(!info)
{
merror(MEM_ERROR, ARGV0);
return(0);
}
/* Escaping strings */
osdb_escapestr(info);
osdb_escapestr(__shost);
/* Inserting server */
__DBInsertServer(__shost, info, (DBConfig *)db_config);
/* Getting server id */
server_id = __DBSelectServer(__shost, (DBConfig *)db_config);
return(server_id);
}
/* EOF */
Index: Makefile
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/Makefile,v
diff -u -r1.1 -r1.2
--- Makefile 14 Aug 2007 00:29:34 -0000 1.1
+++ Makefile 18 Aug 2007 01:07:49 -0000 1.2
@@ -3,16 +3,33 @@
PT=../
NAME=ossec-dbd
-DBFLAGS=-I/usr/local/include/mysql -L/usr/local/lib/mysql -lmysqlclient
+
+# Uncomment the following if you know what you are doing.
+#DBFLAGS=-I/usr/local/include/mysql -L/usr/local/lib/mysql -lmysqlclient
include ../Config.Make
LOCAL = *.c
+
+# Getting database cflags
+DBCHECK = `./dbmake.sh`
+DBMYSQL = `./dbmake.sh mysql 2> /dev/null`
+DBPOSTGRES = `./dbmake.sh postgres 2> /dev/null`
+
+
OBJS = ${OS_CONFIG} ${OS_SHARED} ${OS_NET} ${OS_REGEX} ${OS_XML}
-dbd:
- ${CC} ${CFLAGS} ${DBFLAGS} -DDBD -DUMYSQL ${LOCAL} ${OBJS} -o ${NAME}
+default:
+ @if [ "X${DBMYSQL}" = "X" -a "X${DBPOSTGRES}" = "X" ]; then ./dbmake.sh mysql; exit 1; fi;
+ @echo "Compiling DB support with: ${DBMYSQL} ${DBPOSTGRES}"
+ ${CC} ${CFLAGS} ${DBFLAGS} ${DBMYSQL} ${DBPOSTGRES} ${LOCAL} ${OBJS} -o ${NAME}
+mysql:
+ @if [ "X${DBMYSQL}" = "X" ]; then ./dbmake.sh mysql; exit 1; fi;
+ @echo "Compiling MySQL DB support with: ${DBVAL}"
+ ${CC} ${CFLAGS} ${DBFLAGS} ${DBVAL} ${LOCAL} ${OBJS} -o ${NAME}
+postgres:
+ ${CC} ${CFLAGS} ${DBFLAGS} -DDBD -DUPOSTGRES ${LOCAL} ${OBJS} -o ${NAME}
clean:
${CLEAN}
build:
Index: db_op.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/db_op.c,v
diff -u -r1.2 -r1.3
--- db_op.c 14 Aug 2007 00:29:34 -0000 1.2
+++ db_op.c 18 Aug 2007 01:07:49 -0000 1.3
@@ -45,6 +45,12 @@
}
str++;
}
+
+ /* It can not end with \\ */
+ if(*(str -1) == '\\')
+ {
+ *(str-1) = '\0';
+ }
}
@@ -77,10 +83,10 @@
}
-/** int osdb_query(void *db_conn, char *query)
- * Sends query to database.
+/** int osdb_query_insert(void *db_conn, char *query)
+ * Sends insert query to database.
*/
-int osdb_query(void *db_conn, char *query)
+int osdb_query_insert(void *db_conn, char *query)
{
if(mysql_query(db_conn, query) != 0)
{
@@ -93,6 +99,52 @@
}
+
+/** int osdb_query_select(void *db_conn, char *query)
+ * Sends a select query to database. Returns the value of it.
+ * Returns 0 on error (not found).
+ */
+int osdb_query_select(void *db_conn, char *query)
+{
+ int result_int = 0;
+ MYSQL_RES *result_data;
+ MYSQL_ROW result_row;
+
+ /* Sending the query. It can not fail. */
+ if(mysql_query(db_conn, query) != 0)
+ {
+ /* failure; report error */
+ merror(DBQUERY_ERROR, ARGV0, query, mysql_error(db_conn));
+ return(0);
+ }
+
+
+ /* Getting result */
+ result_data = mysql_use_result(db_conn);
+ if(result_data == NULL)
+ {
+ /* failure; report error */
+ merror(DBQUERY_ERROR, ARGV0, query, mysql_error(db_conn));
+ return(0);
+ }
+
+
+ /* Getting row. We only care about the first result. */
+ result_row = mysql_fetch_row(result_data);
+ if(result_row[0] != NULL)
+ {
+ result_int = atoi(result_row[0]);
+ }
+
+ mysql_free_result(result_data);
+
+
+ return(result_int);
+}
+
+
#endif /* DBD */
+
+
/* EOF */
Index: db_op.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/db_op.h,v
diff -u -r1.2 -r1.3
--- db_op.h 14 Aug 2007 00:29:34 -0000 1.2
+++ db_op.h 18 Aug 2007 01:07:49 -0000 1.3
@@ -22,8 +22,11 @@
/* Connects to the database */
void *osdb_connect(char *host, char *user, char *pass, char *db);
-/* Queries the database */
-int osdb_query(void *db_conn, char *query);
+/* Sends insert query to the database */
+int osdb_query_insert(void *db_conn, char *query);
+
+/* Sends select query to the database */
+int osdb_query_select(void *db_conn, char *query);
/* escape strings before inserting. */
void osdb_escapestr(char *str);
Index: dbd.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/dbd.c,v
diff -u -r1.1 -r1.2
--- dbd.c 14 Aug 2007 00:29:34 -0000 1.1
+++ dbd.c 18 Aug 2007 01:07:49 -0000 1.2
@@ -100,6 +100,9 @@
osdb_escapestr(al_data->log[0]);
+ /* We first need to insert the location */
+
+
/* Generating SQL */
snprintf(sql_query, OS_SIZE_2048,
"INSERT INTO "
@@ -111,7 +114,7 @@
/* Inserting into the db */
- if(!osdb_query(db_config->conn, sql_query))
+ if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_MAINERROR, ARGV0);
}
Index: dbd.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/dbd.h,v
diff -u -r1.1 -r1.2
--- dbd.h 13 Aug 2007 02:14:16 -0000 1.1
+++ dbd.h 18 Aug 2007 01:07:49 -0000 1.2
@@ -28,11 +28,23 @@
int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config);
+/* Inserts server info to the db. */
+int OS_Server_ReadInsertDB(void *db_config);
+
+
/* Insert rules in to the database */
int OS_InsertRulesDB(DBConfig *db_config);
/* Database inserting main function */
void OS_DBD(DBConfig *db_config);
+
+
+
+/** Global vars **/
+
+/* System hostname */
+char __shost[512];
+
#endif
Index: main.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/main.c,v
diff -u -r1.1 -r1.2
--- main.c 14 Aug 2007 00:29:34 -0000 1.1
+++ main.c 18 Aug 2007 01:07:49 -0000 1.2
@@ -145,6 +145,14 @@
nowChroot();
+ /* Inserting server info into the db */
+ db_config.server_id = OS_Server_ReadInsertDB(&db_config);
+ if(db_config.server_id <= 0)
+ {
+ ErrorExit(CONFIG_ERROR, ARGV0, cfg);
+ }
+
+
/* Read rules and insert into the db */
if(OS_InsertRulesDB(&db_config) < 0)
{
Index: mysql.schema
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/mysql.schema,v
diff -u -r1.1 -r1.2
--- mysql.schema 14 Aug 2007 00:29:34 -0000 1.1
+++ mysql.schema 18 Aug 2007 01:07:49 -0000 1.2
@@ -1,7 +1,7 @@
CREATE TABLE category
(
cat_id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
- cat_name VARCHAR(32) NOT NULL UNIQUE,
+ cat_name VARCHAR(32) NOT NULL UNIQUE,
PRIMARY KEY (cat_id),
INDEX (cat_name)
);
@@ -11,25 +11,71 @@
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
rule_id MEDIUMINT UNSIGNED NOT NULL UNIQUE,
level TINYINT UNSIGNED,
- category VARCHAR(64) NOT NULL,
description VARCHAR(255) NOT NULL,
PRIMARY KEY (id),
INDEX (level),
INDEX (rule_id)
);
+CREATE TABLE signature_category_mapping
+ (
+ id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
+ rule_id MEDIUMINT UNSIGNED NOT NULL,
+ cat_id SMALLINT UNSIGNED NOT NULL,
+ PRIMARY KEY (id, rule_id, cat_id)
+ );
+
+CREATE TABLE server
+ (
+ id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
+ last_contact INT UNSIGNED NOT NULL,
+ version VARCHAR(32) NOT NULL,
+ hostname VARCHAR(64) NOT NULL UNIQUE,
+ information VARCHAR(128) NOT NULL,
+ PRIMARY KEY (id)
+ );
+
+CREATE TABLE agent
+ (
+ id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
+ server_id SMALLINT UNSIGNED NOT NULL,
+ last_contact INT UNSIGNED NOT NULL,
+ ip_address INT UNSIGNED NOT NULL,
+ version VARCHAR(32) NOT NULL,
+ name VARCHAR(64) NOT NULL,
+ information VARCHAR(128) NOT NULL,
+ PRIMARY KEY (id, server_id)
+ );
+
+CREATE TABLE location
+ (
+ id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
+ server_id SMALLINT UNSIGNED NOT NULL,
+ name VARCHAR(128) NOT NULL,
+ PRIMARY KEY (id, server_id)
+ );
+
+CREATE TABLE data
+ (
+ id INT UNSIGNED NOT NULL AUTO_INCREMENT,
+ user TEXT NOT NULL,
+ full_log TEXT NOT NULL
+ PRIMARY KEY (id)
+ );
+
CREATE TABLE alert
(
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
- signature_id SMALLINT UNSIGNED NOT NULL,
+ server_id SMALLINT UNSIGNED NOT NULL,
+ rule_id SMALLINT UNSIGNED NOT NULL,
timestamp INT UNSIGNED NOT NULL,
+ location_id SMALLINT UNSIGNED NOT NULL,
src_ip INT UNSIGNED,
dst_ip INT UNSIGNED,
src_port SMALLINT UNSIGNED,
dst_port SMALLINT UNSIGNED,
- user VARCHAR(32),
- full_log VARCHAR(255),
- PRIMARY KEY (id,signature_id),
+ PRIMARY KEY (id,rule_id),
INDEX time (timestamp),
INDEX (src_ip)
);
+
Index: rules.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/rules.c,v
diff -u -r1.2 -r1.3
--- rules.c 14 Aug 2007 00:29:34 -0000 1.2
+++ rules.c 18 Aug 2007 01:07:49 -0000 1.3
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
* License (version 3) as published by the FSF - Free Software
* Foundation
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
@@ -15,6 +18,195 @@
#include "rules_op.h"
+
+/** int __Groups_SelectGroup(char *group, DBConfig *db_config)
+ * Select group (categories) from to the db.
+ * Returns 0 if not found.
+ */
+int __Groups_SelectGroup(char *group, DBConfig *db_config)
+{
+ int result = 0;
+ char sql_query[OS_SIZE_1024];
+
+ memset(sql_query, '\0', OS_SIZE_1024);
+
+
+ /* Generating SQL */
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "SELECT cat_id FROM "
+ "category WHERE cat_name = '%s'",
+ group);
+
+
+ /* Checking return code. */
+ result = osdb_query_select(db_config->conn, sql_query);
+
+ return(result);
+}
+
+
+/** int __Groups_InsertGroup(char *group, DBConfig *db_config)
+ * Insert group (categories) in to the db.
+ */
+int __Groups_InsertGroup(char *group, DBConfig *db_config)
+{
+ char sql_query[OS_SIZE_1024];
+
+ memset(sql_query, '\0', OS_SIZE_1024);
+
+ /* Generating SQL */
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "INSERT INTO "
+ "category(cat_id, cat_name) "
+ "VALUES (NULL, '%s')",
+ group);
+
+
+ /* Checking return code. */
+ if(!osdb_query_insert(db_config->conn, sql_query))
+ {
+ merror(DB_MAINERROR, ARGV0);
+ }
+
+ return(0);
+}
+
+
+/** int __Groups_SelectGroupMapping()
+ * Select group (categories) from to the db.
+ * Returns 0 if not found.
+ */
+int __Groups_SelectGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
+{
+ int result = 0;
+ char sql_query[OS_SIZE_1024];
+
+ memset(sql_query, '\0', OS_SIZE_1024);
+
+
+ /* Generating SQL */
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "SELECT id FROM signature_category_mapping "
+ "WHERE cat_id = '%u' AND rule_id = '%u'",
+ cat_id, rule_id);
+
+
+ /* Checking return code. */
+ result = osdb_query_select(db_config->conn, sql_query);
+
+ return(result);
+}
+
+
+/** int __Groups_InsertGroup(int cat_id, int rule_id, DBConfig *db_config)
+ * Insert group (categories) in to the db.
+ */
+int __Groups_InsertGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
+{
+ char sql_query[OS_SIZE_1024];
+
+ memset(sql_query, '\0', OS_SIZE_1024);
+
+ /* Generating SQL */
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "INSERT INTO "
+ "signature_category_mapping(id, cat_id, rule_id) "
+ "VALUES (NULL, '%u', '%u')",
+ cat_id, rule_id);
+
+
+ /* Checking return code. */
+ if(!osdb_query_insert(db_config->conn, sql_query))
+ {
+ merror(DB_MAINERROR, ARGV0);
+ }
+
+ return(0);
+}
+
+
+
+/** void *_Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
+ * Insert groups (categories) in to the db.
+ */
+void *_Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
+{
+ /* We must insert each group separately. */
+ int cat_id;
+ char *tmp_group;
+ char *tmp_str;
+
+ tmp_str = strchr(rule->group, ',');
+ tmp_group = rule->group;
+
+
+ /* Groups are separated by comma */
+ while(tmp_group)
+ {
+ if(tmp_str)
+ {
+ *tmp_str = '\0';
+ tmp_str++;
+ }
+
+ /* Removing white spaces */
+ while(*tmp_group == ' ')
+ tmp_group++;
+
+
+ /* Checking for empty group */
+ if(*tmp_group == '\0')
+ {
+ tmp_group = tmp_str;
+ if(tmp_group)
+ {
+ tmp_str = strchr(tmp_group, ',');
+ }
+ continue;
+ }
+
+ cat_id = __Groups_SelectGroup(tmp_group, db_config);
+
+
+ /* We firt check if we have this group in the db already.
+ * If not, we add it.
+ */
+ if(cat_id == 0)
+ {
+ __Groups_InsertGroup(tmp_group, db_config);
+ cat_id = __Groups_SelectGroup(tmp_group, db_config);
+ }
+
+
+ /* If our cat_id is valid (not zero), we need to insert
+ * the mapping between the category and the rule. */
+ if(cat_id != 0)
+ {
+ /* But, we first check if the mapping is already not there. */
+ if(!__Groups_SelectGroupMapping(cat_id, rule->sigid, db_config))
+ {
+ /* If not, we add it */
+ __Groups_InsertGroupMapping(cat_id, rule->sigid, db_config);
+ }
+ }
+
+
+ /* Getting next category */
+ tmp_group = tmp_str;
+ if(tmp_group)
+ {
+ tmp_str = strchr(tmp_group, ',');
+ }
+ }
+
+ return(NULL);
+}
+
+
+
+/** void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
+ * Insert rules in to the db.
+ */
void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
{
DBConfig *dbc = (DBConfig *)db_config;
@@ -42,6 +234,11 @@
return(NULL);
}
+
+ /* Inserting group into the signature mapping */
+ _Groups_ReadInsertDB(rule, db_config);
+
+
debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid);
@@ -49,15 +246,15 @@
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
- "signature(id, rule_id, level, category, description) "
- "VALUES (NULL, '%u','%u','%s','%s') "
+ "signature(id, rule_id, level, description) "
+ "VALUES (NULL, '%u','%u','%s') "
"ON DUPLICATE KEY UPDATE level='%u'",
- rule->sigid, rule->level, rule->group, rule->comment,
+ rule->sigid, rule->level, rule->comment,
rule->level);
/* Checking return code. */
- if(!osdb_query(dbc->conn, sql_query))
+ if(!osdb_query_insert(dbc->conn, sql_query))
{
merror(DB_MAINERROR, ARGV0);
}
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.