[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: analysisd.c (HEAD) cleanevent.c (HEAD) config.c (HEAD) eventinfo.c (HEAD) eventinfo_list.c (HEAD) fts.c (HEAD) rules.c (HEAD) [dcid]
- To: ossec-cvs@xxxxxxxxx
- Subject: [ossec-cvs] ossec-hids: analysisd.c (HEAD) cleanevent.c (HEAD) config.c (HEAD) eventinfo.c (HEAD) eventinfo_list.c (HEAD) fts.c (HEAD) rules.c (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Thu, 19 Jul 2007 21:19:58 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 07/07/19 21:19:25
Modified files:
analysisd.c cleanevent.c config.c eventinfo.c eventinfo_list.c fts.c
rules.c
Log message:
Description: Adding better error messages, symantec ws rule, fixing a issue on the e-mail subjects (when do_not_group option is used) and changing parts of the code to gplv3 (more comming).
Reviewed by: dcid
Bug:
Index: analysisd.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/analysisd.c,v
diff -u -r1.118 -r1.119
--- analysisd.c 28 Apr 2007 00:36:20 -0000 1.118
+++ analysisd.c 20 Jul 2007 00:19:24 -0000 1.119
@@ -1,13 +1,17 @@
/* @(#) $Id$ */
/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
+
/* Part of the OSSEC
* Available at http://www.ossec.net
Index: cleanevent.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/cleanevent.c,v
diff -u -r1.27 -r1.28
--- cleanevent.c 20 Apr 2007 00:43:50 -0000 1.27
+++ cleanevent.c 20 Jul 2007 00:19:24 -0000 1.28
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2005-2006 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
Index: config.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/config.c,v
diff -u -r1.26 -r1.27
--- config.c 8 Jan 2007 21:15:10 -0000 1.26
+++ config.c 20 Jul 2007 00:19:24 -0000 1.27
@@ -1,22 +1,21 @@
/* @(#) $Id$ */
-/* Copyright (C) 2004-2006 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
+
/* Functions to handle the configuration files
*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
#include "shared.h"
Index: eventinfo.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/eventinfo.c,v
diff -u -r1.37 -r1.38
--- eventinfo.c 22 Apr 2007 23:05:31 -0000 1.37
+++ eventinfo.c 20 Jul 2007 00:19:24 -0000 1.38
@@ -1,13 +1,17 @@
/* @(#) $Id$ */
-/* Copyright (C) 2004-2006 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
+
/* Part of the OSSEC.
* Available at http://www.ossec.net
Index: eventinfo_list.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/eventinfo_list.c,v
diff -u -r1.4 -r1.5
--- eventinfo_list.c 22 Apr 2007 23:05:31 -0000 1.4
+++ eventinfo_list.c 20 Jul 2007 00:19:24 -0000 1.5
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
Index: fts.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/fts.c,v
diff -u -r1.29 -r1.30
--- fts.c 22 Apr 2007 23:05:31 -0000 1.29
+++ fts.c 20 Jul 2007 00:19:24 -0000 1.30
@@ -1,13 +1,17 @@
/* @(#) $Id$ */
-/* Copyright (C) 2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
+
/* First time seen functions
*/
Index: rules.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/rules.c,v
diff -u -r1.65 -r1.66
--- rules.c 20 Jun 2007 22:06:08 -0000 1.65
+++ rules.c 20 Jul 2007 00:19:24 -0000 1.66
@@ -1,12 +1,15 @@
/* @(#) $Id$ */
-/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
- * All right reserved.
+/* Copyright (C) 2003-2007 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
- * Foundation
+ * License (version 3) as published by the FSF - Free Software
+ * Foundation.
+ *
+ * License details at the LICENSE file included with OSSEC or
+ * online at: http://www.ossec.net/en/licensing.html
*/
@@ -636,21 +639,24 @@
loadmemory(config_ruleinfo->if_group,
rule_opt[k]->content);
}
- else if(strcasecmp(rule_opt[k]->element,xml_if_matched_regex)==0)
+ else if(strcasecmp(rule_opt[k]->element,
+ xml_if_matched_regex) == 0)
{
config_ruleinfo->context = 1;
if_matched_regex=
loadmemory(if_matched_regex,
rule_opt[k]->content);
}
- else if(strcasecmp(rule_opt[k]->element,xml_if_matched_group)==0)
+ else if(strcasecmp(rule_opt[k]->element,
+ xml_if_matched_group) == 0)
{
config_ruleinfo->context = 1;
if_matched_group=
loadmemory(if_matched_group,
rule_opt[k]->content);
}
- else if(strcasecmp(rule_opt[k]->element,xml_if_matched_sid)==0)
+ else if(strcasecmp(rule_opt[k]->element,
+ xml_if_matched_sid) == 0)
{
config_ruleinfo->context = 1;
if(!OS_StrIsNum(rule_opt[k]->content))
@@ -694,14 +700,15 @@
{
config_ruleinfo->context_opts|= SAME_ID;
}
- else if(strcmp(rule_opt[k]->element,xml_different_url)== 0)
+ else if(strcmp(rule_opt[k]->element,
+ xml_different_url) == 0)
{
config_ruleinfo->context_opts|= DIFFERENT_URL;
if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
}
- else if(strcmp(rule_opt[k]->element, xml_notsame_id) == 0)
+ else if(strcmp(rule_opt[k]->element,xml_notsame_id) == 0)
{
config_ruleinfo->context_opts&= NOT_SAME_ID;
}
@@ -738,34 +745,48 @@
else if(strcasecmp(rule_opt[k]->element,
xml_options) == 0)
{
- if(OS_Regex("alert_by_email", rule_opt[k]->content))
+ if(strcmp("alert_by_email",
+ rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_MAILALERT))
{
config_ruleinfo->alert_opts|= DO_MAILALERT;
}
}
- else if(OS_Regex("no_email_alert",rule_opt[k]->content))
+ else if(strcmp("no_email_alert",
+ rule_opt[k]->content) == 0)
{
if(config_ruleinfo->alert_opts & DO_MAILALERT)
{
config_ruleinfo->alert_opts&=0xfff-DO_MAILALERT;
}
}
- if(OS_Regex("log_alert", rule_opt[k]->content))
+ else if(strcmp("log_alert",
+ rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_LOGALERT))
{
config_ruleinfo->alert_opts|= DO_LOGALERT;
}
}
- else if(OS_Regex("no_log", rule_opt[k]->content))
+ else if(strcmp("no_log", rule_opt[k]->content) == 0)
{
if(config_ruleinfo->alert_opts & DO_LOGALERT)
{
config_ruleinfo->alert_opts &=0xfff-DO_LOGALERT;
}
}
+ else
+ {
+ merror(XML_VALUEERR, ARGV0, xml_options,
+ rule_opt[k]->content);
+
+ merror("%s: Invalid option '%s' for "
+ "rule '%d'.",ARGV0, rule_opt[k]->element,
+ config_ruleinfo->sigid);
+ OS_ClearXML(&xml);
+ return(-1);
+ }
}
else if(strcasecmp(rule_opt[k]->element,
xml_ignore) == 0)
@@ -850,13 +871,27 @@
else
{
merror("%s: Invalid option '%s' for "
- "rule '%d'",ARGV0, rule_opt[k]->element,
+ "rule '%d'.",ARGV0, rule_opt[k]->element,
config_ruleinfo->sigid);
OS_ClearXML(&xml);
return(-1);
}
k++;
}
+
+
+ /* Checking for a valid use of frequency */
+ if((config_ruleinfo->context_opts ||
+ config_ruleinfo->frequency) &&
+ !config_ruleinfo->context)
+ {
+ merror("%s: Invalid use of frequency/context options. "
+ "Missing if_matched on rule '%d'."
+ ARGV0, config_ruleinfo->sigid);
+ OS_ClearXML(&xml);
+ return(-1);
+ }
+
/* If if_matched_group we must have a if_sid or if_group */
if(if_matched_group)
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.