[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-cvs] ossec-hids: check_rc_dev.c (HEAD) check_rc_sys.c (HEAD) [dcid]

To: ossec-cvs@xxxxxxxxx
Subject: [ossec-cvs] ossec-hids: check_rc_dev.c (HEAD) check_rc_sys.c (HEAD) [dcid]
From: OSSEC CVS <cvs-commit@xxxxxxxxx>
Date: Tue, 23 Oct 2007 00:06:27 -0300 (ADT)
Authentication-results: mx.google.com; spf=pass (google.com: domain of dcid+caf_=ossec-cvs=googlegroups.com@xxxxxxxxx designates 64.233.182.188 as permitted sender) smtp.mail=dcid+caf_=ossec-cvs=googlegroups.com@xxxxxxxxx
Authentication-results: mx.google.com; spf=neutral (google.com: 206.47.199.140 is neither permitted nor denied by best guess record for domain of dcid@xxxxxxxxxxxxxxxx) smtp.mail=dcid@xxxxxxxxxxxxxxxx
Content-transfer-encoding: 8bit

Module name:	ossec-hids
Changes by:	dcid	07/10/23 00:06:25

Modified files:
	check_rc_dev.c check_rc_sys.c

Log message:
Description: Small fixes from beta2(ignoring false positives on rootcheck).
Reviewed by: dcid
Bug:

Index: check_rc_dev.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_dev.c,v
diff -u -r1.16 -r1.17
--- check_rc_dev.c	4 Oct 2007 01:41:43 -0000	1.16
+++ check_rc_dev.c	23 Oct 2007 03:06:25 -0000	1.17
@@ -133,6 +133,14 @@
             if(strcmp(ignore_dev_full_path[i], f_name) == 0)
                 break;
         }
+
+        
+        /* Checking against the full path. */
+        if(ignore_dev_full_path[i] != NULL)
+        {
+            continue;
+        }
+
         
         read_dev_file(f_name);
 

Index: check_rc_sys.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_sys.c,v
diff -u -r1.32 -r1.33
--- check_rc_sys.c	4 Oct 2007 01:41:43 -0000	1.32
+++ check_rc_sys.c	23 Oct 2007 03:06:25 -0000	1.33
@@ -88,7 +88,12 @@
             }
             close(fd);
 
-            if(total != statbuf.st_size)
+            if(strcmp(file_name, "/dev/bus/usb/.usbfs/devices") == 0)
+            {
+                /* Ignore .usbfs/devices. */
+            }
+
+            else if(total != statbuf.st_size)
             {
                 struct stat statbuf2;
 
@@ -294,7 +299,7 @@
         }
 
         /* Ignoring /proc */
-        if(strcmp(f_name, "/proc") == 0)
+        if((strcmp(f_name, "/proc") == 0) || (strcmp(f_name, "/sys") == 0))
             continue;
 
         read_sys_file(f_name, do_read);

Prev by Date: [ossec-cvs] ossec-hids: search.php (HEAD) [brownoxford]
Next by Date: [ossec-cvs] ossec-hids: ossec-installer.nsi (HEAD) [dcid]
Previous by thread: [ossec-cvs] ossec-hids: LICENSE (HEAD) [brownoxford]
Next by thread: [ossec-cvs] ossec-hids: ossec_formats.php (HEAD) ossec_categories.php (HEAD) [brownoxford]
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.