[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: ar-forward.c (HEAD) config.c (HEAD) main.c (HEAD) manager.c (HEAD) remoted.c (HEAD) remoted.h (HEAD) secure.c (HEAD) syslog.c (HEAD) syslogtcp.c (HEAD) [dcid]
- To: dancid@xxxxxxxxxxxxxxx
- Subject: [ossec-dev] ossec-hids: ar-forward.c (HEAD) config.c (HEAD) main.c (HEAD) manager.c (HEAD) remoted.c (HEAD) remoted.h (HEAD) secure.c (HEAD) syslog.c (HEAD) syslogtcp.c (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Mon, 28 Aug 2006 15:45:30 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 06/08/28 15:45:27
Modified files:
ar-forward.c config.c main.c manager.c remoted.c remoted.h secure.c
syslog.c syslogtcp.c
Log message:
Description: Long commit.
-Increased size requirement for agent names.
-Added monitor daemon.
-Re organized client/server comminication.
-Removed false positives from rootkits.
Reviewed by: dcid (more tests needed)
Bug:
Index: ar-forward.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/ar-forward.c,v
diff -u -r1.16 -r1.17
--- ar-forward.c 23 Jun 2006 18:00:46 -0000 1.16
+++ ar-forward.c 28 Aug 2006 18:45:27 -0000 1.17
@@ -1,6 +1,6 @@
-/* $OSSEC, ar-forward.c, v0.1, 2005/11/05, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2005,2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -10,27 +10,16 @@
*/
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <time.h>
-#include <signal.h>
+#include "shared.h"
+#include <pthread.h>
#include "remoted.h"
#include "os_net/os_net.h"
-/*** Prototypes ***/
-int send_msg(int agentid, char *msg);
+/* pthread send_msg mutex */
+pthread_mutex_t sendmsg_mutex;
+
/** void *AR_Forward(void *arg) v0.1
@@ -188,6 +177,12 @@
}
+void send_msg_init()
+{
+ /* Initializing mutex */
+ pthread_mutex_init(&sendmsg_mutex, NULL);
+}
+
/* send_msg:
* Send message to an agent.
@@ -198,8 +193,9 @@
int msg_size;
char crypt_msg[OS_MAXSTR +1];
+
/* If we don't have the agent id, ignore it */
- if(!keys.rcvd[agentid])
+ if(keys.rcvd[agentid] < (time(0) - (2*NOTIFY_TIME)))
{
return(-1);
}
@@ -212,15 +208,31 @@
return(-1);
}
+
+ /* Locking before using */
+ if(pthread_mutex_lock(&sendmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ return(-1);
+ }
+
+
/* Sending initial message */
if(sendto(logr.sock, crypt_msg, msg_size, 0,
(struct sockaddr *)&keys.peer_info[agentid],
logr.peer_size) < 0)
{
merror(SEND_ERROR,ARGV0, keys.ids[agentid]);
- return(-1);
}
+
+ /* Unlocking mutex */
+ if(pthread_mutex_unlock(&sendmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ return(-1);
+ }
+
return(0);
}
Index: config.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/config.c,v
diff -u -r1.8 -r1.9
--- config.c 13 Apr 2006 02:50:16 -0000 1.8
+++ config.c 28 Aug 2006 18:45:27 -0000 1.9
@@ -1,4 +1,4 @@
-/* $OSSEC, config.c, v0.3, 2005/11/09, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All rights reserved.
Index: main.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/main.c,v
diff -u -r1.10 -r1.11
--- main.c 31 May 2006 19:02:32 -0000 1.10
+++ main.c 28 Aug 2006 18:45:27 -0000 1.11
@@ -74,7 +74,7 @@
exit(0);
- /* Check if the user/group given are valid */
+ /* Check if the user and group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
Index: manager.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/manager.c,v
diff -u -r1.27 -r1.28
--- manager.c 23 Jun 2006 18:00:46 -0000 1.27
+++ manager.c 28 Aug 2006 18:45:27 -0000 1.28
@@ -1,4 +1,4 @@
-/* $OSSEC, manager.c, v0.1, 2005/09/23, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -9,33 +9,13 @@
* Foundation
*/
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/types.h>
-#include <sys/socket.h>
+#include "shared.h"
#include <pthread.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <time.h>
-#include <signal.h>
-
#include "remoted.h"
-
#include "os_net/os_net.h"
-
-#include "shared.h"
-
#include "os_crypto/md5/md5_op.h"
-#define AGENTINFO_DIR "/queue/agent-info"
-
-
/* Internal structures */
typedef struct _file_sum
@@ -73,90 +53,41 @@
-/* clear_last_msg: Clear all cached messages
+/* save_controlmsg: Save a control message received
+ * from an agent. read_contromsg (other thread) is going
+ * to deal with it (only if message changed).
*/
-void clear_last_msg()
+void save_controlmsg(int agentid, char *r_msg)
{
- int i;
-
- /* Free msg if it is set */
+ /* Locking before using */
if(pthread_mutex_lock(&lastmsg_mutex) != 0)
{
merror(MUTEX_ERROR, ARGV0);
return;
}
- /* Clearing all last messages */
- for(i = 0;i<MAX_AGENTS; i++)
- {
- if(_msg[i])
- {
- free(_msg[i]);
- _msg[i] = NULL;
- }
- _changed[i] = 0;
- }
-
- /* Unlocking mutex */
- if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- return;
- }
-
- return;
-}
-
-
-
-/* equal_last_msg: Check if the message received
- * is the same of the one received before.
- * If yes, return (1)
- */
-int equal_last_msg(int agentid, char *r_msg)
-{
+
if(_msg[agentid])
{
- /* Return 1 if we had this message already */
- if(strcmp(_msg[agentid], r_msg) == 0)
- return(1);
-
- /* Free msg if it is set */
- if(pthread_mutex_lock(&lastmsg_mutex) != 0)
+ /* Check if message changed */
+ if(strcmp(_msg[agentid], r_msg) != 0)
{
- merror(MUTEX_ERROR, ARGV0);
- return(1);
- }
-
- free(_msg[agentid]);
- _msg[agentid] = NULL;
-
- /* Unlocking mutex */
- if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- return(1);
+ free(_msg[agentid]);
+ os_strdup(r_msg, _msg[agentid]);
}
}
-
- /* Locking before using */
- if(pthread_mutex_lock(&lastmsg_mutex) != 0)
+ /* If message does not exist, create it */
+ else
{
- merror(MUTEX_ERROR, ARGV0);
- return(1);
+ os_strdup(r_msg, _msg[agentid]);
}
/* Assign new values */
_changed[agentid] = 1;
- _msg[agentid] = strdup(r_msg);
- if(!_msg[agentid])
- {
- merror(MEM_ERROR, ARGV0);
- }
modified_agentid = agentid;
-
-
+
+
/* Signal that new data is available */
pthread_cond_signal(&awake_mutex);
@@ -165,11 +96,11 @@
if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
{
merror(MUTEX_ERROR, ARGV0);
- return(1);
+ return;
}
- return(0);
+ return;
}
@@ -213,6 +144,8 @@
int f_size = 0;
+ f_sum = NULL;
+
/* Opening the directory given */
dp = opendir(SHAREDCFG_DIR);
if(!dp)
@@ -224,7 +157,6 @@
return;
}
- f_sum = NULL;
/* Reading directory */
while((entry = readdir(dp)) != NULL)
@@ -250,14 +182,12 @@
if(!f_sum)
{
ErrorExit(MEM_ERROR,ARGV0);
- return;
}
f_sum[f_size] = calloc(1, sizeof(file_sum));
if(!f_sum[f_size])
{
ErrorExit(MEM_ERROR,ARGV0);
- return;
}
@@ -266,7 +196,6 @@
if(!f_sum[f_size]->name)
{
ErrorExit(MEM_ERROR,ARGV0);
- return;
}
f_sum[f_size]->mark = 0;
@@ -298,7 +227,7 @@
/* If rcvd is not set, do not send (agent didn't connect to me yet */
- if(!keys.rcvd[agentid])
+ if(keys.rcvd[agentid] < (time(0) - (2*NOTIFY_TIME)))
{
return(-1);
}
@@ -315,7 +244,8 @@
/* Sending the file name first */
- snprintf(buf, OS_MAXSTR, "#!-up file %s %s\n", sum, name);
+ snprintf(buf, OS_MAXSTR, "%s%s%s %s\n",
+ CONTROL_HEADER, FILE_UPDATE_HEADER, sum, name);
msg_size = CreateSecMSG(&keys, buf, crypt_msg, agentid);
if(msg_size == 0)
@@ -371,7 +301,7 @@
sleep(1);
/* Sending the message to close the file */
- snprintf(buf, OS_MAXSTR, "#!-close file ");
+ snprintf(buf, OS_MAXSTR, "%s%s", CONTROL_HEADER, FILE_CLOSE_HEADER);
msg_size = CreateSecMSG(&keys, buf, crypt_msg, agentid);
if(msg_size == 0)
@@ -398,102 +328,6 @@
-/** void *wait_for_msgs(void *none) v0.1
- * Wait for new messages to read
- */
-void *wait_for_msgs(void *none)
-{
- int id, i;
- char msg[OS_MAXSTR +2];
-
-
- /* Initializing the memory */
- memset(msg, '\0', OS_MAXSTR +2);
-
-
- /* should never leave this loop */
- while(1)
- {
-
- /* Every 60 minutes, re read the files.
- * If something change, notify all agents
- */
- _ctime = time(0);
- if((_ctime - _stime) > (NOTIFY_TIME*6))
- {
- f_files();
- c_files();
-
- _stime = _ctime;
- clear_last_msg();
- }
-
- /* locking mutex */
- if(pthread_mutex_lock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- return(NULL);
- }
-
- /* If no agent is available, wait for signal */
- if(modified_agentid == -1)
- {
- pthread_cond_wait(&awake_mutex, &lastmsg_mutex);
- }
-
- /* Unlocking mutex */
- if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- return(NULL);
- }
-
-
-
- /* Checking if any other agent is ready */
- for(i = 0;i<MAX_AGENTS; i++)
- {
- id = 0;
-
- /* locking mutex */
- if(pthread_mutex_lock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- break;
- }
-
- if((_changed[i] == 1)&&(_msg[i]))
- {
-
- /* Copying the message to be analyzed */
- strncpy(msg, _msg[i], OS_MAXSTR);
- _changed[i] = 0;
-
- if(modified_agentid >= i)
- modified_agentid = -1;
-
- id = 1;
- }
-
- /* Unlocking mutex */
- if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
- {
- merror(MUTEX_ERROR, ARGV0);
- break;
- }
-
- if(id)
- {
- read_controlmsg(i, msg);
- }
- }
- }
-
- return(NULL);
-}
-
-
-
/** void read_contromsg(int agentid, char *msg) v0.2.
* Reads the available control message from
* the agent.
@@ -508,8 +342,19 @@
FILE *fp;
+ /* Startup message -- communicate back to the agent */
+ if(strcmp(msg, HC_STARTUP) == 0)
+ {
+ char msg_ack[OS_FLSIZE +1];
+ msg_ack[OS_FLSIZE] = '\0';
+ snprintf(msg_ack, OS_FLSIZE, "%s%s", CONTROL_HEADER, HC_STARTUP_ACK);
+ send_msg(agentid, msg_ack);
+
+ return;
+ }
+
+
/* Get uname */
-
uname = msg;
msg = strchr(msg,'\n');
if(!msg)
@@ -522,9 +367,11 @@
*msg = '\0';
msg++;
+
/* Writting to the agent file */
- snprintf(agent_file, OS_MAXSTR, "%s/%s",
+ snprintf(agent_file, OS_MAXSTR, "%s/%s-%s",
AGENTINFO_DIR,
+ keys.name[agentid],
keys.ips[agentid]);
fp = fopen(agent_file, "w");
@@ -599,7 +446,7 @@
break;
if((f_sum[i]->mark == 1) ||
- (f_sum[i]->mark == 0))
+ (f_sum[i]->mark == 0))
{
if(send_file_toagent(agentid,f_sum[i]->name,f_sum[i]->sum) < 0)
@@ -619,16 +466,97 @@
-/* save_controlmsg: Save a control message received
- * from an agent. read_contromsg (other thread) is going
- * to deal with it.
+/** void *wait_for_msgs(void *none) v0.1
+ * Wait for new messages to read.
+ * The messages are going to be sent from save_controlmsg.
*/
-void save_controlmsg(int agentid, char *msg)
+void *wait_for_msgs(void *none)
{
- /* Notify other thread that something changed */
- equal_last_msg(agentid, msg);
+ int id, i;
+ char msg[OS_MAXSTR +2];
- return;
+
+ /* Initializing the memory */
+ memset(msg, '\0', OS_MAXSTR +2);
+
+
+ /* should never leave this loop */
+ while(1)
+ {
+ /* Every 60 minutes, re read the files.
+ * If something change, notify all agents
+ */
+ _ctime = time(0);
+ if((_ctime - _stime) > (NOTIFY_TIME*6))
+ {
+ f_files();
+ c_files();
+
+ _stime = _ctime;
+ }
+
+
+ /* locking mutex */
+ if(pthread_mutex_lock(&lastmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ return(NULL);
+ }
+
+ /* If no agent changed, wait for signal */
+ if(modified_agentid == -1)
+ {
+ pthread_cond_wait(&awake_mutex, &lastmsg_mutex);
+ }
+
+
+ /* Unlocking mutex */
+ if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ return(NULL);
+ }
+
+
+ /* Checking if any agent is ready */
+ for(i = 0;i<keys.keysize; i++)
+ {
+ id = 0;
+
+ /* locking mutex */
+ if(pthread_mutex_lock(&lastmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ break;
+ }
+
+ if((_changed[i] == 1)&&(_msg[i]))
+ {
+ /* Copying the message to be analyzed */
+ strncpy(msg, _msg[i], OS_MAXSTR);
+ _changed[i] = 0;
+
+ if(modified_agentid >= i)
+ modified_agentid = -1;
+
+ id = 1;
+ }
+
+ /* Unlocking mutex */
+ if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
+ {
+ merror(MUTEX_ERROR, ARGV0);
+ break;
+ }
+
+ if(id)
+ {
+ read_controlmsg(i, msg);
+ }
+ }
+ }
+
+ return(NULL);
}
Index: remoted.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/remoted.c,v
diff -u -r1.26 -r1.27
--- remoted.c 9 Aug 2006 00:42:42 -0000 1.26
+++ remoted.c 28 Aug 2006 18:45:27 -0000 1.27
@@ -1,4 +1,4 @@
-/* $OSSEC, remoted.c, v0.4, 2006/01/26, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003,2004,2005,2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
Index: remoted.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/remoted.h,v
diff -u -r1.12 -r1.13
--- remoted.h 1 Jun 2006 23:01:43 -0000 1.12
+++ remoted.h 28 Aug 2006 18:45:27 -0000 1.13
@@ -1,4 +1,4 @@
-/* $OSSEC, remoted.h, v0.3, 2005/02/09, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -51,6 +51,11 @@
/* Save control messages */
void save_controlmsg(int agentid, char *msg);
+/* Send message to agent */
+int send_msg(int agentid, char *msg);
+
+/* Initializing send_msg */
+void send_msg_init();
/*** Global variables ***/
Index: secure.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/secure.c,v
diff -u -r1.14 -r1.15
--- secure.c 17 Aug 2006 00:41:21 -0000 1.14
+++ secure.c 28 Aug 2006 18:45:27 -0000 1.15
@@ -1,6 +1,6 @@
-/* $OSSEC, secure.c, v0.3, 2005/02/09, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -37,6 +37,8 @@
struct sockaddr_in peer_info;
socklen_t peer_size;
+ /* Send msg init */
+ void send_msg_init();
/* Initializing manager */
@@ -129,7 +131,7 @@
{
/* We need to save the peerinfo if it is a control msg */
memcpy(&keys.peer_info[agentid], &peer_info, peer_size);
- keys.rcvd[agentid] = 1;
+ keys.rcvd[agentid] = time(0);
save_controlmsg(agentid, tmp_msg);
Index: syslog.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/syslog.c,v
diff -u -r1.8 -r1.9
--- syslog.c 1 Jun 2006 23:01:43 -0000 1.8
+++ syslog.c 28 Aug 2006 18:45:27 -0000 1.9
@@ -1,4 +1,4 @@
-/* $OSSEC, syslog.c, v0.4, 2005/11/10, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
Index: syslogtcp.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/remoted/syslogtcp.c,v
diff -u -r1.1 -r1.2
--- syslogtcp.c 1 Jun 2006 23:01:43 -0000 1.1
+++ syslogtcp.c 28 Aug 2006 18:45:27 -0000 1.2
@@ -1,4 +1,4 @@
-/* $OSSEC, syslogtcp.c, v0.3, 2005/11/10, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003-2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.