[ossec-dev] [Bug 69] New: Wrong algorithm for checking is log file present

[ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx]

http://www.ossec.net/bugs/show_bug.cgi?id=69

           Summary: Wrong algorithm for checking is log file present
           Product: OSSEC
           Version: 1.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: install
        AssignedTo: ossec-dev@xxxxxxxxx
        ReportedBy: php-coder@xxxxxxxxxxxx


In function SetupLogs(), install.sh file:

 235     echo "  <!-- Files to monitor (localfiles) -->" >> $NEWCONFIG
 236     LOG_FILES=`cat ${SYSLOG_TEMPLATE}`
 237     for i in ${LOG_FILES}; do
 238         # If log file present, add it    
 239         ls $i > /dev/null 2>&1
 240         if [ $? = 0 ]; then
 241             echo "    -- $i"
 242             echo "" >> $NEWCONFIG
 243             echo "  <localfile>" >> $NEWCONFIG
 244             echo "    <log_format>syslog</log_format>" >> $NEWCONFIG
 245             echo "    <location>$i</location>" >>$NEWCONFIG
 246             echo "  </localfile>" >> $NEWCONFIG
 247         fi
 248     done

At lines 239-240 performed check which recognize directories, symlinks, etc as
log file. For example, in my system (ALT Linux) /var/log/messages is not file,
but directory:

[c0der@rock ~]$ ls -ld /var/log/messages
lrwxrwxrwx 1 root root 15 Май  1 17:40 /var/log/messages -> syslog/messages

[c0der@rock ~]$ rpm -qf /var/log/messages
syslog-common-1.4.1-alt27

And after this test this directory's name go to result configuration file.

I suggest replace this checks to more strict:

 -ls $i > /dev/null 2>&1
-if [ $? = 0 ]; then
+if [ -f "$i" ]; then

It approve only regular files.


-- 
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.