[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: check_open_ports.c (HEAD) check_rc_dev.c (HEAD) check_rc_files.c (HEAD) check_rc_if.c (HEAD) check_rc_pids.c (HEAD) check_rc_ports.c (HEAD) check_rc_sys.c (HEAD) check_rc_trojans.c (HEAD) config.c (HEAD) os_string.c (HEAD) rootcheck.c (HEAD) run_rk_check.c (HEAD) [dcid]
- To: dancid@xxxxxxxxxxxxxxx
- Subject: [ossec-dev] ossec-hids: check_open_ports.c (HEAD) check_rc_dev.c (HEAD) check_rc_files.c (HEAD) check_rc_if.c (HEAD) check_rc_pids.c (HEAD) check_rc_ports.c (HEAD) check_rc_sys.c (HEAD) check_rc_trojans.c (HEAD) config.c (HEAD) os_string.c (HEAD) rootcheck.c (HEAD) run_rk_check.c (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Mon, 11 Sep 2006 21:23:06 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 06/09/11 21:23:03
Modified files:
check_open_ports.c check_rc_dev.c check_rc_files.c check_rc_if.c
check_rc_pids.c check_rc_ports.c check_rc_sys.c check_rc_trojans.c
config.c os_string.c rootcheck.c run_rk_check.c
Log message:
Description: Rootcheck changes..
Reviewed by: dcid
Bug:
Index: check_open_ports.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_open_ports.c,v
diff -u -r1.3 -r1.4
--- check_open_ports.c 14 Jan 2006 18:29:43 -0000 1.3
+++ check_open_ports.c 12 Sep 2006 00:23:02 -0000 1.4
@@ -1,4 +1,4 @@
-/* $OSSEC, check_open_ports.c, v0.1, 2006/01/11, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -30,7 +30,7 @@
int _ports_open;
int open_ports_size;
-char open_ports_str[OS_MAXSTR + 1];
+char open_ports_str[OS_SIZE_1024 + 1];
/* connect_to_port */
int connect_to_port(int proto, int port)
@@ -123,12 +123,12 @@
*/
void check_open_ports()
{
- memset(open_ports_str, '\0', OS_MAXSTR +1);
- open_ports_size = OS_MAXSTR - 1;
+ memset(open_ports_str, '\0', OS_SIZE_1024 +1);
+ open_ports_size = OS_SIZE_1024 - 1;
_ports_open = 0;
#ifndef OSSECHIDS
- snprintf(open_ports_str, OS_MAXSTR, "The following ports are open:");
+ snprintf(open_ports_str, OS_SIZE_1024, "The following ports are open:");
open_ports_size-=strlen(open_ports_str) +1;
/* Testing All ports */
Index: check_rc_dev.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_dev.c,v
diff -u -r1.12 -r1.13
--- check_rc_dev.c 9 Aug 2006 00:42:43 -0000 1.12
+++ check_rc_dev.c 12 Sep 2006 00:23:02 -0000 1.13
@@ -1,4 +1,4 @@
-/* $OSSEC, check_rc_dev.c, v0.1, 2005/10/03, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -39,9 +39,9 @@
else if(S_ISREG(statbuf.st_mode))
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
- snprintf(op_msg, OS_MAXSTR, "File '%s' present on /dev."
+ snprintf(op_msg, OS_SIZE_1024, "File '%s' present on /dev."
" Possible hidden file.", file_name);
notify_rk(ALERT_SYSTEM_CRIT, op_msg);
@@ -117,6 +117,7 @@
if(ignore_dev[i] != NULL)
continue;
+ f_name[PATH_MAX +1] = '\0';
snprintf(f_name, PATH_MAX +1, "%s/%s",dir_name, entry->d_name);
read_dev_file(f_name);
@@ -134,20 +135,20 @@
*/
void check_rc_dev(char *basedir)
{
- char file_path[OS_MAXSTR +1];
+ char file_path[OS_SIZE_1024 +1];
_dev_total = 0, _dev_errors = 0;
debug1("%s: DEBUG: Starting on check_rc_dev", ARGV0);
- snprintf(file_path, OS_MAXSTR, "%s/dev", basedir);
+ snprintf(file_path, OS_SIZE_1024, "%s/dev", basedir);
read_dev_dir(file_path);
if(_dev_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No problem detected on the /dev "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "No problem detected on the /dev "
"directory. Analyzed %d files",
_dev_total);
notify_rk(ALERT_OK, op_msg);
Index: check_rc_files.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_files.c,v
diff -u -r1.8 -r1.9
--- check_rc_files.c 9 Aug 2006 00:42:43 -0000 1.8
+++ check_rc_files.c 12 Sep 2006 00:23:02 -0000 1.9
@@ -21,8 +21,8 @@
*/
void check_rc_files(char *basedir, FILE *fp)
{
- char buf[OS_MAXSTR +1];
- char file_path[OS_MAXSTR +1];
+ char buf[OS_SIZE_1024 +1];
+ char file_path[OS_SIZE_1024 +1];
char *file;
char *name;
@@ -34,7 +34,7 @@
debug1("%s: DEBUG: Starting on check_rc_files", ARGV0);
- while(fgets(buf, OS_MAXSTR, fp) != NULL)
+ while(fgets(buf, OS_SIZE_1024, fp) != NULL)
{
char *nbuf;
@@ -188,15 +188,15 @@
continue;
}
- snprintf(file_path, OS_MAXSTR, "%s/%s",basedir, file);
+ snprintf(file_path, OS_SIZE_1024, "%s/%s",basedir, file);
/* Checking if file exists */
if(is_file(file_path))
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
_errors = 1;
- snprintf(op_msg, OS_MAXSTR, "Rootkit '%s' detected "
+ snprintf(op_msg, OS_SIZE_1024, "Rootkit '%s' detected "
"by the presence of file '%s'.",name, file_path);
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
@@ -208,8 +208,8 @@
if(_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No presence of public rootkits detected."
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg,OS_SIZE_1024,"No presence of public rootkits detected."
" Analyzed %d files.", _total);
notify_rk(ALERT_OK, op_msg);
}
Index: check_rc_if.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_if.c,v
diff -u -r1.5 -r1.6
--- check_rc_if.c 16 Mar 2006 14:54:07 -0000 1.5
+++ check_rc_if.c 12 Sep 2006 00:23:02 -0000 1.6
@@ -1,4 +1,4 @@
-/* $OSSEC, check_rc_if.c, v0.1, 2005/10/07, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -41,9 +41,9 @@
*/
int run_ifconfig(char *ifconfig)
{
- char nt[OS_MAXSTR +1];
+ char nt[OS_SIZE_1024 +1];
- snprintf(nt, OS_MAXSTR, IFCONFIG, ifconfig);
+ snprintf(nt, OS_SIZE_1024, IFCONFIG, ifconfig);
if(system(nt) == 0)
return(1);
@@ -103,16 +103,16 @@
if ((_ifr.ifr_flags & IFF_PROMISC) )
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
if(run_ifconfig(_ifr.ifr_name))
{
- snprintf(op_msg, OS_MAXSTR, "Interface '%s' in promiscuous"
+ snprintf(op_msg, OS_SIZE_1024,"Interface '%s' in promiscuous"
" mode.", _ifr.ifr_name);
notify_rk(ALERT_SYSTEM_CRIT, op_msg);
}
else
{
- snprintf(op_msg, OS_MAXSTR, "Interface '%s' in promiscuous"
+ snprintf(op_msg, OS_SIZE_1024,"Interface '%s' in promiscuous"
" mode, but ifconfig is not showing it"
"(probably trojaned).", _ifr.ifr_name);
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
@@ -124,8 +124,8 @@
if(_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No problem detected on ifconfig/ifs."
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "No problem detected on ifconfig/ifs."
" Analyzed %d interfaces.", _total);
notify_rk(ALERT_OK, op_msg);
}
Index: check_rc_pids.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_pids.c,v
diff -u -r1.22 -r1.23
--- check_rc_pids.c 12 Aug 2006 18:47:00 -0000 1.22
+++ check_rc_pids.c 12 Sep 2006 00:23:02 -0000 1.23
@@ -21,12 +21,12 @@
*/
int proc_read(int pid)
{
- char dir[OS_MAXSTR +1];
+ char dir[OS_SIZE_1024 +1];
if(noproc)
return(0);
- snprintf(dir, OS_MAXSTR, "%d",pid);
+ snprintf(dir, OS_SIZE_1024, "%d", pid);
if(isfile_ondir(dir, "/proc"))
{
return(1);
@@ -41,13 +41,13 @@
int proc_chdir(int pid)
{
int ret = 0;
- char curr_dir[OS_MAXSTR + 1];
- char dir[OS_MAXSTR + 1];
+ char curr_dir[OS_SIZE_1024 + 1];
+ char dir[OS_SIZE_1024 + 1];
if(noproc)
return(0);
- if(!getcwd(curr_dir, OS_MAXSTR))
+ if(!getcwd(curr_dir, OS_SIZE_1024))
{
return(0);
}
@@ -55,7 +55,7 @@
if(chdir("/proc") == -1)
return(0);
- snprintf(dir, OS_MAXSTR, "/proc/%d", pid);
+ snprintf(dir, OS_SIZE_1024, "/proc/%d", pid);
if(chdir(dir) == 0)
{
ret = 1;
@@ -73,12 +73,12 @@
*/
int proc_stat(int pid)
{
- char proc_dir[OS_MAXSTR + 1];
+ char proc_dir[OS_SIZE_1024 + 1];
if(noproc)
return(0);
- snprintf(proc_dir, OS_MAXSTR, "%s/%d", "/proc", pid);
+ snprintf(proc_dir, OS_SIZE_1024, "%s/%d", "/proc", pid);
if(is_file(proc_dir))
{
@@ -108,7 +108,7 @@
pid_t i = 1;
pid_t my_pid;
- char command[OS_MAXSTR +1];
+ char command[OS_SIZE_1024 +1];
my_pid = getpid();
@@ -176,8 +176,8 @@
/* Checking the number of errors */
if((*_errors) > 15)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Excessive number of hidden processes"
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg,OS_SIZE_1024,"Excessive number of hidden processes"
". It maybe a false-positive or "
"something really bad is going on.");
notify_rk(ALERT_SYSTEM_CRIT, op_msg);
@@ -188,7 +188,7 @@
/* checking if process appears on ps */
if(*ps)
{
- snprintf(command, OS_MAXSTR, "%s -p %d > /dev/null 2>&1",
+ snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
ps,
(int)i);
@@ -256,9 +256,9 @@
*/
if(!((_kill0 == 1)&&(_gsid0 == 0)&&(_gpid0 == 0)&&(_gsid1 == 0)))
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
- snprintf(op_msg, OS_MAXSTR, "Process '%d' hidden from "
+ snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"kill (%d) or getsid (%d). Possible kernel-level"
" rootkit.", (int)i, _kill0, _gsid0);
@@ -273,8 +273,8 @@
/* See defunct process comment above. */
if(!((_kill1 == 1)&&(_gsid1 == 0)&&(_gpid0 == 0)&&(_gsid1 == 0)))
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Process '%d' hidden from "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"kill (%d), getsid (%d) or getpgid. Possible "
"kernel-level rootkit.", (int)i, _kill1, _gsid1);
@@ -289,8 +289,8 @@
/* checking if the pid is a thread (not showing on proc */
if(!noproc && !check_rc_readproc((int)i))
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Process '%d' hidden from "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"/proc. Possible kernel level rootkit.", (int)i);
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
(*_errors)++;
@@ -301,8 +301,8 @@
/* checking if the pid is a thread (not showing on ps */
if(!check_rc_readproc((int)i))
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Process '%d' hidden from "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"ps. Possible trojaned version installed.",
(int)i);
@@ -322,17 +322,17 @@
int _total = 0;
int _errors = 0;
- char ps[OS_MAXSTR +1];
+ char ps[OS_SIZE_1024 +1];
pid_t max_pid = MAX_PID;
noproc = 1;
/* Checking where ps is */
- memset(ps, '\0', OS_MAXSTR +1);
- strncpy(ps, "/bin/ps", OS_MAXSTR);
+ memset(ps, '\0', OS_SIZE_1024 +1);
+ strncpy(ps, "/bin/ps", OS_SIZE_1024);
if(!is_file(ps))
{
- strncpy(ps, "/usr/bin/ps", OS_MAXSTR);
+ strncpy(ps, "/usr/bin/ps", OS_SIZE_1024);
if(!is_file(ps))
ps[0] = '\0';
}
@@ -348,8 +348,8 @@
if(_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No hidden process by Kernel-level "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "No hidden process by Kernel-level "
"rootkits.\n %s is not trojaned. "
"Analyzed %d processes.", ps, _total);
notify_rk(ALERT_OK, op_msg);
Index: check_rc_ports.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_ports.c,v
diff -u -r1.13 -r1.14
--- check_rc_ports.c 21 Mar 2006 20:19:01 -0000 1.13
+++ check_rc_ports.c 12 Sep 2006 00:23:02 -0000 1.14
@@ -1,4 +1,4 @@
-/* $OSSEC, check_rc_pids.c, v0.1, 2005/10/05, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -44,12 +44,12 @@
int run_netstat(int proto, int port)
{
- char nt[OS_MAXSTR +1];
+ char nt[OS_SIZE_1024 +1];
if(proto == IPPROTO_TCP)
- snprintf(nt, OS_MAXSTR, NETSTAT, "tcp", port);
+ snprintf(nt, OS_SIZE_1024, NETSTAT, "tcp", port);
else if(proto == IPPROTO_UDP)
- snprintf(nt, OS_MAXSTR, NETSTAT, "udp", port);
+ snprintf(nt, OS_SIZE_1024, NETSTAT, "udp", port);
else
{
merror("%s: Netstat error (wrong protocol)", ARGV0);
@@ -136,11 +136,11 @@
if(!run_netstat(proto, i) && conn_port(proto, i))
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
(*_errors)++;
- snprintf(op_msg, OS_MAXSTR, "Port '%d'(%s) hidden. "
+ snprintf(op_msg, OS_SIZE_1024, "Port '%d'(%s) hidden. "
"Kernel-level rootkit or trojaned "
"version of netstat.", i,
(proto == IPPROTO_UDP)? "udp" : "tcp");
@@ -151,8 +151,8 @@
if((*_errors) > 20)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Excessive number of '%s' ports "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Excessive number of '%s' ports "
"hidden. It maybe a false-positive or "
"something really bad is going on.",
(proto == IPPROTO_UDP)? "udp" : "tcp" );
@@ -189,8 +189,8 @@
if(_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR,"No kernel-level rootkit hiding any port."
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg,OS_SIZE_1024,"No kernel-level rootkit hiding any port."
"\n Netstat is acting correctly."
" Analyzed %d ports.", _total);
notify_rk(ALERT_OK, op_msg);
Index: check_rc_sys.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_sys.c,v
diff -u -r1.26 -r1.27
--- check_rc_sys.c 9 Aug 2006 00:42:43 -0000 1.26
+++ check_rc_sys.c 12 Sep 2006 00:23:02 -0000 1.27
@@ -32,8 +32,8 @@
if(lstat(file_name, &statbuf) < 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Anomaly detected in file '%s'. "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file '%s'. "
"Hidden from stats, but showing up on readdir. "
"Possible kernel level rootkit.",
file_name);
@@ -63,7 +63,7 @@
*/
if(S_ISREG(statbuf.st_mode) && do_read)
{
- char buf[1024];
+ char buf[OS_SIZE_1024];
int fd;
int nr;
unsigned long int total = 0;
@@ -85,8 +85,8 @@
if((lstat(file_name, &statbuf2) == 0) &&
(total != statbuf2.st_size))
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Anomaly detected in file "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Anomaly detected in file "
"'%s'. File size doesn't match what we found. "
"Possible kernel level rootkit.",
file_name);
@@ -117,13 +117,13 @@
if(statbuf.st_uid == 0)
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
#ifdef OSSECHIDS
- snprintf(op_msg, OS_MAXSTR, "File '%s' is owned by root "
+ snprintf(op_msg, OS_SIZE_1024, "File '%s' is owned by root "
"and has written permissions to anyone.",
file_name);
#else
- snprintf(op_msg, OS_MAXSTR, "File '%s' is: \n"
+ snprintf(op_msg, OS_SIZE_1024, "File '%s' is: \n"
" - owned by root,\n"
" - has written permissions to anyone.",
file_name);
@@ -261,10 +261,10 @@
if(strcmp(rk_sys_file[i], entry->d_name) == 0)
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
_sys_errors++;
- snprintf(op_msg, OS_MAXSTR, "Rootkit '%s' detected "
+ snprintf(op_msg, OS_SIZE_1024, "Rootkit '%s' detected "
"by the presence of file '%s/%s'.",
rk_sys_name[i], dir_name, rk_sys_file[i]);
@@ -286,12 +286,12 @@
((did_changed == 0) || ((entry_count + 1) != statbuf.st_nlink)))
{
struct stat statbuf2;
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
if((lstat(dir_name, &statbuf2) == 0) &&
(statbuf2.st_nlink != entry_count))
{
- snprintf(op_msg, OS_MAXSTR, "Files hidden inside directory "
+ snprintf(op_msg, OS_SIZE_1024, "Files hidden inside directory "
"'%s'. Link count does not match number of files "
"(%d,%d).",
dir_name, entry_count, (int)statbuf.st_nlink);
@@ -328,7 +328,7 @@
*/
void check_rc_sys(char *basedir)
{
- char file_path[OS_MAXSTR +1];
+ char file_path[OS_SIZE_1024 +1];
debug1("%s: DEBUG: Starting on check_rc_sys", ARGV0);
@@ -336,7 +336,7 @@
_sys_total = 0;
did = 0; /* device id */
- snprintf(file_path, OS_MAXSTR, "%s", basedir);
+ snprintf(file_path, OS_SIZE_1024, "%s", basedir);
/* Opening output files */
if(rootcheck.notify != QUEUE)
@@ -373,7 +373,7 @@
{
if(dirs_to_scan[_i] == NULL)
break;
- snprintf(file_path, OS_MAXSTR, "%s%s",
+ snprintf(file_path, OS_SIZE_1024, "%s%s",
basedir,
dirs_to_scan[_i]);
read_sys_dir(file_path, rootcheck.readall);
@@ -382,16 +382,16 @@
if(_sys_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No problem found on the system."
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "No problem found on the system."
" Analyzed %d files.", _sys_total);
notify_rk(ALERT_OK, op_msg);
}
else if(_wx && _ww && _suid)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "Check the following files for more "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg, OS_SIZE_1024, "Check the following files for more "
"information:\n%s%s%s",
(ftell(_wx) == 0)?"":
" rootcheck-rw-rw-rw-.txt (list of world writable files)\n",
Index: check_rc_trojans.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/check_rc_trojans.c,v
diff -u -r1.7 -r1.8
--- check_rc_trojans.c 23 Jun 2006 18:00:46 -0000 1.7
+++ check_rc_trojans.c 12 Sep 2006 00:23:02 -0000 1.8
@@ -1,4 +1,4 @@
-/* $OSSEC, check_rc_trojans.c, v0.1, 2005/10/01, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -34,8 +34,8 @@
void check_rc_trojans(char *basedir, FILE *fp)
{
int i, _errors = 0, _total = 0;
- char buf[OS_MAXSTR +1];
- char file_path[OS_MAXSTR +1];
+ char buf[OS_SIZE_1024 +1];
+ char file_path[OS_SIZE_1024 +1];
char *file;
char *string_to_look;
@@ -46,7 +46,7 @@
debug1("%s: DEBUG: Starting on check_rc_trojans", ARGV0);
- while(fgets(buf, OS_MAXSTR, fp) != NULL)
+ while(fgets(buf, OS_SIZE_1024, fp) != NULL)
{
char *nbuf;
char *message = NULL;
@@ -156,23 +156,23 @@
{
if(*file != '/')
{
- snprintf(file_path, OS_MAXSTR, "%s/%s/%s",basedir,
+ snprintf(file_path, OS_SIZE_1024, "%s/%s/%s",basedir,
all_paths[i],
file);
}
else
{
- strncpy(file_path, file, OS_MAXSTR);
- file_path[OS_MAXSTR -1] = '\0';
+ strncpy(file_path, file, OS_SIZE_1024);
+ file_path[OS_SIZE_1024 -1] = '\0';
i = 4;
}
if(is_file(file_path) && os_string(file_path, string_to_look))
{
- char op_msg[OS_MAXSTR +1];
+ char op_msg[OS_SIZE_1024 +1];
_errors = 1;
- snprintf(op_msg, OS_MAXSTR, "Trojaned version of file "
+ snprintf(op_msg, OS_SIZE_1024, "Trojaned version of file "
"'%s' detected. Signature used: '%s' (%s)",
file_path,
string_to_look,
@@ -189,8 +189,8 @@
if(_errors == 0)
{
- char op_msg[OS_MAXSTR +1];
- snprintf(op_msg, OS_MAXSTR, "No binaries with any trojan detected. "
+ char op_msg[OS_SIZE_1024 +1];
+ snprintf(op_msg,OS_SIZE_1024, "No binaries with any trojan detected. "
"Analyzed %d files", _total);
notify_rk(ALERT_OK, op_msg);
}
Index: config.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/config.c,v
diff -u -r1.11 -r1.12
--- config.c 12 Apr 2006 20:43:01 -0000 1.11
+++ config.c 12 Sep 2006 00:23:02 -0000 1.12
@@ -1,4 +1,4 @@
-/* $OSSEC, config.c, v0.1, 2005/09/30, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
Index: os_string.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/os_string.c,v
diff -u -r1.8 -r1.9
--- os_string.c 23 Mar 2006 14:19:16 -0000 1.8
+++ os_string.c 12 Sep 2006 00:23:02 -0000 1.9
@@ -1,4 +1,4 @@
-/* $OSSEC, os_strings.c, v0.1, 2005/10/02, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Included and modified strings.c from the OpenBSD project.
* Copyright bellow.
@@ -164,7 +164,7 @@
unsigned char *C;
unsigned char *bfr;
- char line[OS_MAXSTR +1];
+ char line[OS_SIZE_1024 +1];
char *buf;
EXEC *head;
@@ -195,7 +195,7 @@
}
/* cleaning the line */
- memset(line, '\0', OS_MAXSTR +1);
+ memset(line, '\0', OS_SIZE_1024 +1);
/* starting .. (from old strings.c) */
oss.foff = 0;
@@ -244,14 +244,14 @@
if (++cnt < STR_MINLEN)
continue;
- strncpy(line, (char *)bfr, STR_MINLEN +1);
+ strncpy(line, (char *)bfr, STR_MINLEN);
buf = line;
buf+=strlen(line);
while ((ch = os_getch(&oss)) != EOF && ISSTR(ch))
{
- if(cnt < OS_MAXSTR)
+ if(cnt < OS_SIZE_1024)
{
*buf = (char)ch;
buf++;
Index: rootcheck.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/rootcheck.c,v
diff -u -r1.14 -r1.15
--- rootcheck.c 4 Sep 2006 20:39:22 -0000 1.14
+++ rootcheck.c 12 Sep 2006 00:23:02 -0000 1.15
@@ -1,4 +1,4 @@
-/* $OSSEC, root.c, v0.1, 2005/09/30, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
Index: run_rk_check.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/run_rk_check.c,v
diff -u -r1.19 -r1.20
--- run_rk_check.c 23 Mar 2006 00:19:14 -0000 1.19
+++ run_rk_check.c 12 Sep 2006 00:23:02 -0000 1.20
@@ -1,4 +1,4 @@
-/* $OSSEC, run_rk_check.c, v0.1, 2005/09/30, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.