[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: README (HEAD) alert.c (HEAD) config.c (HEAD) db_op.c (HEAD) dbd.h (HEAD) dbmake.sh (HEAD) main.c (HEAD) rules.c (HEAD) server.c (HEAD) [dcid]
Module name: ossec-hids
Changes by: dcid 07/08/28 00:08:15
Modified files:
README alert.c config.c db_op.c dbd.h dbmake.sh main.c rules.c
server.c
Log message:
Description: Making sure it works with PostgreSQL and adding more error handling (reconnects, etc). Additional ossec rules to alert on file rotation and when a log file has the file reduced.
Reviewed by: dcid
Bug:
Index: README
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/README,v
diff -u -r1.2 -r1.3
--- README 18 Aug 2007 03:43:35 -0000 1.2
+++ README 28 Aug 2007 03:08:15 -0000 1.3
@@ -1,4 +1,5 @@
# Simple readme with some query examples.
+# Examples for MySQL and PostgreSQL
1- View all rules:
@@ -28,7 +29,11 @@
6- View all alerts, including locations (IP as string and time as string):
+MySQL:
>SELECT FROM_UNIXTIME(timestamp) time, rule_id,location.name location, INET_NTOA(src_ip) srcip, full_log FROM alert,location, data WHERE location.id = alert.location_id AND data.id = alert.id AND data.server_id = alert.server_id;
+
+PostgreSQL:
+>SELECT to_timestamp(timestamp), rule_id, location.name, full_log FROM alert,location, data WHERE location.id = alert.location_id AND data.id = alert.id AND data.server_id = alert.server_id;
Output:
Index: alert.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/alert.c,v
diff -u -r1.2 -r1.3
--- alert.c 25 Aug 2007 13:24:04 -0000 1.2
+++ alert.c 28 Aug 2007 03:08:15 -0000 1.3
@@ -83,15 +83,15 @@
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
- "location(id, server_id, name) "
- "VALUES (NULL, '%u', '%s')",
+ "location(server_id, name) "
+ "VALUES ('%u', '%s')",
db_config->server_id, location);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
return(0);
@@ -165,7 +165,7 @@
/* Inserting data */
snprintf(sql_query, OS_SIZE_2048,
"INSERT INTO "
- "data(id, server_id, user,full_log) "
+ "data(id, server_id, \"user\",full_log) "
"VALUES ('%u', '%u', '%s', '%s') ",
db_config->alert_id, db_config->server_id,
al_data->user, al_data->log[0]);
@@ -173,7 +173,7 @@
/* Inserting into the db */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
@@ -190,7 +190,7 @@
/* Inserting into the db */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
Index: config.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/config.c,v
diff -u -r1.4 -r1.5
--- config.c 25 Aug 2007 13:24:04 -0000 1.4
+++ config.c 28 Aug 2007 03:08:15 -0000 1.5
@@ -44,6 +44,7 @@
db_config->pass = NULL;
db_config->db = NULL;
db_config->db_type = 0;
+ db_config->maxreconnect = 0;
/* Reading configuration */
Index: db_op.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/db_op.c,v
diff -u -r1.7 -r1.8
--- db_op.c 27 Aug 2007 01:49:32 -0000 1.7
+++ db_op.c 28 Aug 2007 03:08:15 -0000 1.8
@@ -16,8 +16,7 @@
/* Common lib for dealing with databases */
-#include "shared.h"
-#include "db_op.h"
+#include "dbd.h"
/* Using Mysql */
#ifdef UMYSQL
@@ -31,8 +30,8 @@
-/* Error count */
-int _db_err = 0;
+/* Config pointer */
+DBConfig *db_config_pt = NULL;
@@ -65,19 +64,81 @@
-/** void osdb_checkerror(void *db_conn)
+/** void osdb_checkerror()
* Checks for errors and handle it appropriately.
*/
-void osdb_checkerror(void *db_conn)
+void osdb_checkerror()
{
+ int sleep_time = 3;
+ if(!db_config_pt)
+ {
+ ErrorExit(DB_MAINERROR, ARGV0);
+ }
+
+
/* If error count is too large, we try to reconnect. */
- if(_db_err > 10)
+ if(db_config_pt->error_count > 5)
{
- osdb_close(db_conn);
+ int i = 0;
+ if(db_config_pt->conn)
+ {
+ osdb_close(db_config_pt->conn);
+ db_config_pt->conn = NULL;
+ }
+
+ while(i <= db_config_pt->maxreconnect)
+ {
+ merror(DB_ATTEMPT, ARGV0);
+ db_config_pt->conn = osdb_connect(db_config_pt->host,
+ db_config_pt->user,
+ db_config_pt->pass,
+ db_config_pt->db);
+
+ /* If we were able to reconnect, keep going. */
+ if(db_config_pt->conn)
+ {
+ break;
+ }
+ sleep(sleep_time);
+ sleep_time *= 3;
+ i++;
+ }
+
+
+ /* If we weren't able to connect, exit */
+ if(!db_config_pt->conn)
+ {
+ ErrorExit(DB_MAINERROR, ARGV0);
+ }
+
+
+ db_config_pt->error_count = 0;
+ verbose("%s: Connected to database '%s' at '%s'.",
+ ARGV0, db_config_pt->db, db_config_pt->host);
+
}
}
+/** void osdb_seterror()
+ * Sets the error counter.
+ */
+void osdb_seterror()
+{
+ db_config_pt->error_count++;
+ osdb_checkerror();
+}
+
+
+/** void osdb_setconfig(DBConfig *db_config)
+ * Creates an internal pointer to the db configuration.
+ */
+void osdb_setconfig(DBConfig *db_config)
+{
+ db_config_pt = db_config;
+}
+
+
/** MySQL calls **/
#ifdef UMYSQL
@@ -111,6 +172,7 @@
*/
void *mysql_osdb_close(void *db_conn)
{
+ merror(DB_CLOSING, ARGV0);
mysql_close(db_conn);
return(NULL);
}
@@ -126,6 +188,7 @@
{
/* failure; report error */
merror(DBQUERY_ERROR, ARGV0, query, mysql_error(db_conn));
+ osdb_seterror();
return(0);
}
@@ -150,6 +213,7 @@
{
/* failure; report error */
merror(DBQUERY_ERROR, ARGV0, query, mysql_error(db_conn));
+ osdb_seterror();
return(0);
}
@@ -160,6 +224,7 @@
{
/* failure; report error */
merror(DBQUERY_ERROR, ARGV0, query, mysql_error(db_conn));
+ osdb_seterror();
return(0);
}
@@ -214,6 +279,7 @@
*/
void *postgresql_osdb_close(void *db_conn)
{
+ merror(DB_CLOSING, ARGV0);
PQfinish(db_conn);
return(NULL);
}
@@ -229,10 +295,19 @@
result = PQexec(db_conn,query);
+ if(!result)
+ {
+ merror(DBQUERY_ERROR, ARGV0, query, PQerrorMessage(db_conn));
+ osdb_seterror();
+ return(0);
+ }
+
+
if(PQresultStatus(result) != PGRES_COMMAND_OK)
{
merror(DBQUERY_ERROR, ARGV0, query, PQerrorMessage(db_conn));
PQclear(result);
+ osdb_seterror();
return(0);
}
@@ -253,6 +328,13 @@
PGresult *result;
result = PQexec(db_conn,query);
+ if(!result)
+ {
+ merror(DBQUERY_ERROR, ARGV0, query, PQerrorMessage(db_conn));
+ osdb_seterror();
+ return(0);
+ }
+
if((PQresultStatus(result) == PGRES_TUPLES_OK))
{
if(PQntuples(result) == 1)
@@ -260,15 +342,15 @@
result_int = atoi(PQgetvalue(result,0,0));
}
}
-
-
- /* Report error */
- if(result_int == 0)
+ else
{
merror(DBQUERY_ERROR, ARGV0, query, PQerrorMessage(db_conn));
+ osdb_seterror();
+ return(0);
}
-
+
+ /* Clear result */
PQclear(result);
Index: dbd.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/dbd.h,v
diff -u -r1.3 -r1.4
--- dbd.h 18 Aug 2007 03:38:34 -0000 1.3
+++ dbd.h 28 Aug 2007 03:08:15 -0000 1.4
@@ -48,6 +48,10 @@
void OS_DBD(DBConfig *db_config);
+/* Setting config pointer for osbd_op */
+void osdb_setconfig(DBConfig *db_config);
+
+
/** Global vars **/
Index: dbmake.sh
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/dbmake.sh,v
diff -u -r1.1 -r1.2
--- dbmake.sh 25 Aug 2007 13:24:04 -0000 1.1
+++ dbmake.sh 28 Aug 2007 03:08:15 -0000 1.2
@@ -51,7 +51,8 @@
do
ls $j > /dev/null 2>&1
if [ $? = 0 ]; then
- PL="$j -lpq";
+ PG_MAIN=`dirname $j`;
+ PL="-L$j -L${PG_MAIN} -lpq";
break
fi
done
@@ -89,7 +90,7 @@
if [ "X$PI" = "X" -o "X$PL" = "X" ]; then
POSTGRES_FINAL=""
else
- POSTGRES_FINAL="-I$PI -L$PL -DDBD -DUPOSTGRES"
+ POSTGRES_FINAL="-I$PI $PL -DDBD -DUPOSTGRES"
fi
Index: main.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/main.c,v
diff -u -r1.6 -r1.7
--- main.c 27 Aug 2007 01:49:32 -0000 1.6
+++ main.c 28 Aug 2007 03:08:15 -0000 1.7
@@ -159,11 +159,35 @@
debug1("%s: DEBUG: Connecting to '%s', using '%s', '%s', '%s'.",
ARGV0, db_config.host, db_config.user,
db_config.pass, db_config.db);
+
+
+ /* Setting config pointer */
+ osdb_setconfig(&db_config);
+
+
+ /* Getting maximum reconned attempts */
+ db_config.maxreconnect = getDefine_Int("dbd",
+ "reconnect_attempts", 1, 9999);
/* Connecting to the database */
- db_config.conn = osdb_connect(db_config.host, db_config.user,
- db_config.pass, db_config.db);
+ c = 0;
+ while(c <= db_config.maxreconnect)
+ {
+ db_config.conn = osdb_connect(db_config.host, db_config.user,
+ db_config.pass, db_config.db);
+
+ /* If we are able to reconnect, keep going */
+ if(db_config.conn)
+ {
+ break;
+ }
+
+ sleep(c + 2);
+ }
+
+
+ /* If after the maxreconnect attempts, it still didn't work, exit here. */
if(!db_config.conn)
{
merror(DB_CONFIGERR, ARGV0);
Index: rules.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/rules.c,v
diff -u -r1.4 -r1.5
--- rules.c 18 Aug 2007 03:38:34 -0000 1.4
+++ rules.c 28 Aug 2007 03:08:15 -0000 1.5
@@ -57,15 +57,15 @@
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
- "category(cat_id, cat_name) "
- "VALUES (NULL, '%s')",
+ "category(cat_name) "
+ "VALUES ('%s')",
group);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
return(0);
@@ -110,15 +110,15 @@
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
- "signature_category_mapping(id, cat_id, rule_id) "
- "VALUES (NULL, '%u', '%u')",
+ "signature_category_mapping(cat_id, rule_id) "
+ "VALUES ('%u', '%u')",
cat_id, rule_id);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
return(0);
@@ -257,18 +257,31 @@
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
- "INSERT INTO "
- "signature(id, rule_id, level, description) "
- "VALUES (NULL, '%u','%u','%s') "
- "ON DUPLICATE KEY UPDATE level='%u'",
- rule->sigid, rule->level, rule->comment,
- rule->level);
-
+ "SELECT id FROM signature "
+ "where rule_id = %u",
+ rule->sigid);
+
+ if(osdb_query_select(dbc->conn, sql_query) == 0)
+ {
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "INSERT INTO "
+ "signature(rule_id, level, description) "
+ "VALUES ('%u','%u','%s')",
+ rule->sigid, rule->level, rule->comment);
+ }
+ else
+ {
+ snprintf(sql_query, OS_SIZE_1024 -1,
+ "UPDATE signature SET level='%u',description='%s' "
+ "WHERE id='%u'",
+ rule->level, rule->comment,rule->sigid);
+ }
+
/* Checking return code. */
if(!osdb_query_insert(dbc->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
return(NULL);
Index: server.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/os_dbd/server.c,v
diff -u -r1.4 -r1.5
--- server.c 27 Aug 2007 01:49:32 -0000 1.4
+++ server.c 28 Aug 2007 03:08:15 -0000 1.5
@@ -63,14 +63,14 @@
{
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
- "server(id, last_contact, version, hostname, information) "
- "VALUES (NULL, '%u', '%s', '%s', '%s')",
+ "server(last_contact, version, hostname, information) "
+ "VALUES ('%u', '%s', '%s', '%s')",
(unsigned int)time(0), __version, server, info);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
}
@@ -87,7 +87,7 @@
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
- merror(DB_MAINERROR, ARGV0);
+ merror(DB_GENERROR, ARGV0);
}
}
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.