[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: common.c (HEAD) common_rcl.c (HEAD) [dcid]
Module name: ossec-hids
Changes by: dcid 07/08/21 21:39:34
Modified files:
common.c common_rcl.c
Log message:
Description: Fixing netscreen decoder, the database daemon and adding a few more entries to the policy checks/ rootkit list...
Reviewed by: dcid
Bug:
Index: common.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/common.c,v
diff -u -r1.16 -r1.17
--- common.c 26 Jul 2007 01:32:03 -0000 1.16
+++ common.c 22 Aug 2007 00:39:33 -0000 1.17
@@ -5,7 +5,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 3) as published by the FSF - Free Software
* Foundation
*/
@@ -18,63 +18,88 @@
*/
int rk_check_file(char *file, char *pattern)
{
+ char *split_file;
+ char *tmp_str;
+
FILE *fp;
char buf[OS_SIZE_2048 +1];
+
/* If string we null, we don't match */
if(file == NULL)
{
return(0);
}
- /* If we don't have a pattern, just check if the file/dir is there */
- if(pattern == NULL)
- {
- if(is_file(file))
- {
- return(1);
- }
- return(0);
- }
-
-
- fp = fopen(file, "r");
- if(!fp)
+ /* Checking if the file is divided */
+ split_file = file;
+ tmp_str = strchr(file, ',');
+ if(tmp_str)
{
- return(0);
+ *tmp_str = '\0';
}
- buf[OS_SIZE_2048] = '\0';
- while(fgets(buf, OS_SIZE_2048, fp) != NULL)
+
+ /* Getting each file */
+ while(split_file)
{
- char *nbuf;
- /* Removing end of line */
- nbuf = strchr(buf, '\n');
- if(nbuf)
+ /* If we don't have a pattern, just check if the file/dir is there */
+ if(pattern == NULL)
{
- *nbuf = '\0';
+ if(is_file(split_file))
+ {
+ return(1);
+ }
+
+ continue;
}
- #ifdef WIN32
- /* Removing end of line */
- nbuf = strchr(buf, '\r');
- if(nbuf)
+
+ /* Checking for a content in the file */
+ fp = fopen(file, "r");
+ if(!fp)
{
- *nbuf = '\0';
+ continue;
}
- #endif
- /* Matched */
- if(pt_matches(buf, pattern))
+ buf[OS_SIZE_2048] = '\0';
+ while(fgets(buf, OS_SIZE_2048, fp) != NULL)
{
- fclose(fp);
- return(1);
+ char *nbuf;
+
+ /* Removing end of line */
+ nbuf = strchr(buf, '\n');
+ if(nbuf)
+ {
+ *nbuf = '\0';
+ }
+
+
+ #ifdef WIN32
+ /* Removing end of line */
+ nbuf = strchr(buf, '\r');
+ if(nbuf)
+ {
+ *nbuf = '\0';
+ }
+ #endif
+
+
+ /* Matched */
+ if(pt_matches(buf, pattern))
+ {
+ fclose(fp);
+ return(1);
+ }
}
+
+ fclose(fp);
+ continue;
}
- fclose(fp);
+
return(0);
}
Index: common_rcl.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/common_rcl.c,v
diff -u -r1.8 -r1.9
--- common_rcl.c 26 Jul 2007 01:32:03 -0000 1.8
+++ common_rcl.c 22 Aug 2007 00:39:33 -0000 1.9
@@ -24,6 +24,7 @@
#define RKCL_COND_INV -1
+
/** char *_rkcl_getrootdir()
*/
char *_rkcl_getrootdir(char *root_dir, int dir_size)
@@ -119,6 +120,37 @@
+/** int _rkcl_get_vars(vars, nbuf)
+ */
+int _rkcl_get_vars(OSStore *vars, char *nbuf)
+{
+ char *tmp;
+
+ /* If not a variable, return 0 */
+ if(*nbuf != '$')
+ {
+ return(0);
+ }
+
+ tmp = strchr(nbuf, '=');
+ if(tmp)
+ {
+ *tmp = '\0';
+ tmp++;
+ }
+ else
+ {
+ return(0);
+ }
+
+
+ /* Adding entry to the storage */
+ OSStore_Create(vars, nbuf, tmp);
+ return(1);
+}
+
+
+
/** int _rkcl_get_name
*/
char *_rkcl_get_name(char *buf, char *ref, int *condition)
@@ -293,6 +325,7 @@
char *name = NULL;
char *tmp_str;
+ OSStore *vars;
OSList *p_list = (OSList *)p_list_p;
memset(buf, '\0', sizeof(buf));
@@ -302,12 +335,17 @@
root_dir_len = sizeof(root_dir) -1;
+
/* Getting Windows rootdir */
_rkcl_getrootdir(root_dir, root_dir_len);
if(root_dir[0] == '\0')
{
merror(INVALID_ROOTDIR, ARGV0);
}
+
+
+ /* Getting variables */
+ vars = OSStore_Create();
do
@@ -323,6 +361,14 @@
return(0);
}
+
+ /* Getting any variable */
+ if(_rkcl_get_vars(vars, nbuf))
+ {
+ continue;
+ }
+
+
/* Veryfying that the name is valid */
name = _rkcl_get_name(nbuf, ref, &condition);
@@ -385,8 +431,11 @@
if(type == RKCL_TYPE_FILE)
{
char *pattern = NULL;
+ char *f_value = NULL;
+
pattern = _rkcl_get_pattern(value);
+
#ifdef WIN32
final_file[0] = '\0';
@@ -395,25 +444,44 @@
if(value[0] == '\\')
{
snprintf(final_file, 2047, "%s%s", root_dir, value);
+ f_value = final_file;
+ }
+ else if(value[0] == '$')
+ {
+ f_value = OSStore_Get(vars, value);
}
else
{
ExpandEnvironmentStrings(value, final_file, 2047);
+ f_value = final_file;
+ }
+ if(!f_value)
+ {
+ merror("%s: ERROR: Invalid variable for XXXX ", ARGV0);
}
debug2("%s: DEBUG: Checking file: '%s'.", ARGV0, final_file);
- if(rk_check_file(final_file, pattern))
+ if(rk_check_file(f_value, pattern))
{
debug2("%s: DEBUG: found file.", ARGV0);
found = 1;
}
- value = final_file;
+ value = f_value;
#else
+ if(value[0] == '$')
+ {
+ f_value = OSStore_Get(vars, value);
+ }
+ else
+ {
+ f_value = value;
+ }
+
debug2("%s: DEBUG: Checking file: '%s'.", ARGV0, value);
- if(rk_check_file(value, pattern))
+ if(rk_check_file(f_value, pattern))
{
found = 1;
}
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.