Beispiel #1
0
/* Check if IP_address is present in the "list_of_ips".
 * Returns 1 on success or 0 on failure
 * The list MUST be NULL terminated
 */
int OS_IPFoundList(const char *ip_address, os_ip **list_of_ips)
{
    int _true = 1;
    os_ip temp_ip;

    memset(&temp_ip, 0, sizeof(struct _os_ip));

    /* Extract IP address */
    if (OS_IsValidIP(ip_address, &temp_ip) == 0) {
        return (!_true);
    }

    while (*list_of_ips) {
        os_ip *l_ip = *list_of_ips;

        if (l_ip->ip[0] == '!') {
            _true = 0;
        }

        /* Checking if ip is in thatip & netmask */
        if (sacmp((struct sockaddr *) &temp_ip.ss, 
                  (struct sockaddr *) &l_ip->ss,
                  l_ip->prefixlength)) {
            return (_true);
        }
        list_of_ips++;
    }

    return (!_true);
}
Beispiel #2
0
/* Check if IP_address is present at that_IP
 * Returns 1 on success or 0 on failure
 */
int OS_IPFound(const char *ip_address, const os_ip *that_ip)
{
    int _true = 1;
    os_ip temp_ip;

    memset(&temp_ip, 0, sizeof(struct _os_ip));

    /* Extract IP address */
    if (OS_IsValidIP(ip_address, &temp_ip) == 0) {
        return (!_true);
    }

    /* If negate is set */
    if (that_ip->ip[0] == '!') {
        _true = 0;
    }

    /* Check if IP is in thatip & netmask */
    if (sacmp((struct sockaddr *) &temp_ip.ss, 
              (struct sockaddr *) &that_ip->ss,
              that_ip->prefixlength)) {
        return (_true);
    }

    /* Didn't match */
    return (!_true);
}
Beispiel #3
0
/* Set OSSEC Server IP */
int set_ossec_server(char *ip, HWND hwnd)
{
    char **xml_pt = NULL;
    char *(xml_serverip[])={"ossec_config","client","server-ip", NULL};
    char *(xml_serverhost[])={"ossec_config","client","server-hostname", NULL};


    /* Verifying IP Address */
    if(OS_IsValidIP(ip, NULL) != 1)
    {
        char *s_ip;
        s_ip = OS_GetHost(ip, 0);

        if(!s_ip)
        {
            MessageBox(hwnd, "Invalid Server IP Address.\r\n"
                             "It must be the valid Ipv4 address of the "
                             "OSSEC server or its resolvable hostname.",
                             "Invalid Server IP Address.",MB_OK);
            return(0);
        }
        config_inst.server_type = SERVER_HOST_USED;
        xml_pt = xml_serverhost;
    }
    else
    {
        config_inst.server_type = SERVER_IP_USED;
        xml_pt = xml_serverip;
    }



    /* Reading the XML. Printing error and line number */
    if(OS_WriteXML(CONFIG, NEWCONFIG, xml_pt,
                   NULL, NULL, ip, 0) != 0)
    {
        MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n"
                   "(Internal error on the XML Write).",
                   "Unable to set Server IP Address.",MB_OK);
        return(0);
    }

    /* Renaming config files */
    unlink(LASTCONFIG);
    rename(CONFIG, LASTCONFIG);
    rename(NEWCONFIG, CONFIG);


    return(1);
}
Beispiel #4
0
int main(int argc, char **argv)
{
    os_ip myip;

    if(!argv[1])
        return(1);

    if(!OS_IsValidIP(argv[1], &myip))
    {
        printf("Invalid ip\n");
    }
    
    if(OS_IPFound(argv[2], &myip))
    {
        printf("IP MATCHED!\n");
    }
    return(0);
}
Beispiel #5
0
/* Set OSSEC Server IP */
int set_ossec_server(char *ip, HWND hwnd)
{
    const char **xml_pt = NULL;
    const char *(xml_serverip[]) = {"ossec_config", "client", "server-ip", NULL};
    const char *(xml_serverhost[]) = {"ossec_config", "client", "server-hostname", NULL};

    char config_tmp[] = CONFIG;
    char *conf_file = basename_ex(config_tmp);

    char tmp_path[strlen(TMP_DIR) + 1 + strlen(conf_file) + 6 + 1];

    snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, conf_file);

    /* Verify IP Address */
    if (OS_IsValidIP(ip, NULL) != 1) {
        char *s_ip;
        s_ip = OS_GetHost(ip, 0);

        if (!s_ip) {
            MessageBox(hwnd, "Invalid Server IP Address.\r\n"
                       "It must be the valid IPv4 address of the "
                       "OSSEC server or the resolvable hostname.",
                       "Error -- Failure Setting IP", MB_OK);
            return (0);
        }
        config_inst.server_type = SERVER_HOST_USED;
        xml_pt = xml_serverhost;
    } else {
        config_inst.server_type = SERVER_IP_USED;
        xml_pt = xml_serverip;
    }

    /* Create temporary file */
    if (mkstemp_ex(tmp_path) == -1) {
        MessageBox(hwnd, "Could not create temporary file.",
                   "Error -- Failure Setting IP", MB_OK);
        return (0);
    }

    /* Read the XML. Print error and line number. */
    if (OS_WriteXML(CONFIG, tmp_path, xml_pt, NULL, ip) != 0) {
        MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n"
                   "(Internal error on the XML Write).",
                   "Error -- Failure Setting IP", MB_OK);

        if (unlink(tmp_path)) {
            MessageBox(hwnd, "Could not delete temporary file.",
                       "Error -- Failure Deleting Temporary File", MB_OK);
        }

        return (0);
    }

    /* Rename config files */
    if (rename_ex(CONFIG, LASTCONFIG)) {
        MessageBox(hwnd, "Unable to backup configuration.",
                   "Error -- Failure Backing Up Configuration", MB_OK);

        if (unlink(tmp_path)) {
            MessageBox(hwnd, "Could not delete temporary file.",
                       "Error -- Failure Deleting Temporary File", MB_OK);
        }

        return (0);
    }

    if (rename_ex(tmp_path, CONFIG)) {
        MessageBox(hwnd, "Unable rename temporary file.",
                   "Error -- Failure Renaming Temporary File", MB_OK);

        if (unlink(tmp_path)) {
            MessageBox(hwnd, "Could not delete temporary file.",
                       "Error -- Failure Deleting Temporary File", MB_OK);
        }

        return (0);
    }

    return (1);
}
Beispiel #6
0
/* Get OSSEC Server IP */
int get_ossec_server()
{
    OS_XML xml;
    char *str = NULL;

    /* Definitions */
    const char *(xml_serverip[]) = {"ossec_config", "client", "server-ip", NULL};
    const char *(xml_serverhost[]) = {"ossec_config", "client", "server-hostname", NULL};

    /* Read XML */
    if (OS_ReadXML(CONFIG, &xml) < 0) {
        return (0);
    }

    /* We need to remove the entry for the server */
    if (config_inst.server) {
        free(config_inst.server);
        config_inst.server = NULL;
    }
    config_inst.server_type = 0;

    /* Get IP */
    str = OS_GetOneContentforElement(&xml, xml_serverip);
    if (str && (OS_IsValidIP(str, NULL) == 1)) {
        config_inst.server_type = SERVER_IP_USED;
        config_inst.server = str;

        OS_ClearXML(&xml);
        return (1);
    }
    /* If we don't find the IP, try the server hostname */
    else {
        if (str) {
            free(str);
            str = NULL;
        }

        str = OS_GetOneContentforElement(&xml, xml_serverhost);
        if (str) {
            char *s_ip;
            s_ip = OS_GetHost(str, 0);
            if (s_ip) {
                /* Clear the host memory */
                free(s_ip);

                /* Assign the hostname to the server info */
                config_inst.server_type = SERVER_HOST_USED;
                config_inst.server = str;
                OS_ClearXML(&xml);
                return (1);
            }
            free(str);
        }
    }

    /* Set up final server name when not available */
    config_inst.server = strdup(FL_NOSERVER);

    OS_ClearXML(&xml);
    return (0);
}
Beispiel #7
0
/* Set OSSEC Server IP */
int set_ossec_server(char *ip, HWND hwnd)
{
    FILE *fp;
    char **xml_pt = NULL;
    char *(xml_serverip[])= {"ossec_config","client","server-ip", NULL};
    char *(xml_serverhost[])= {"ossec_config","client","server-hostname", NULL};
    char *cacls;
    int cmdlen;

    /* Build command line to change permissions */
    cacls = "echo y|cacls \"%s\" /T /G Administrators:f";
    cmdlen = strlen(cacls) + strlen(NEWCONFIG);
    char cmd[cmdlen];
    snprintf(cmd, cmdlen, cacls, NEWCONFIG);

    /* Verifying IP Address */
    if(OS_IsValidIP(ip, NULL) != 1)
    {
        char *s_ip;
        s_ip = OS_GetHost(ip, 0);

        if(!s_ip)
        {
            MessageBox(hwnd, "Invalid Server IP Address.\r\n"
                       "It must be the valid Ipv4 address of the "
                       "OSSEC server or its resolvable hostname.",
                       "Error -- Failure Setting IP",MB_OK);
            return(0);
        }
        config_inst.server_type = SERVER_HOST_USED;
        xml_pt = xml_serverhost;
    }
    else
    {
        config_inst.server_type = SERVER_IP_USED;
        xml_pt = xml_serverip;
    }

    /* Create file */
    fp = fopen(NEWCONFIG, "w");
    if(fp)
    {
        fclose(fp);
    }
    else
    {
        MessageBox(hwnd, "Could not create configuration file.",
                   "Error -- Failure Setting IP",MB_OK);
        return(0);
    }

    /* Change permissions */
    if (run_cmd(cmd, hwnd))
    {
        MessageBox(hwnd, "Unable to set permissions on new configuration file.",
                   "Error -- Failure Setting IP",MB_OK);

        /* Remove config */
        if(unlink(NEWCONFIG))
        {
            MessageBox(hwnd, "Unable to remove new configuration file.",
                       "Error -- Failure Setting IP",MB_OK);
        }

        return(0);
    }

    /* Reading the XML. Printing error and line number. */
    if(OS_WriteXML(CONFIG, NEWCONFIG, xml_pt,
                   NULL, ip) != 0)
    {
        MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n"
                   "(Internal error on the XML Write).",
                   "Error -- Failure Setting IP",MB_OK);
        return(0);
    }

    /* Renaming config files */
    unlink(LASTCONFIG);
    rename(CONFIG, LASTCONFIG);
    rename(NEWCONFIG, CONFIG);

    return(1);
}
Beispiel #8
0
/* Create the final key */
static void __chash(keystore *keys, const char *id, const char *name, char *ip, const char *key)
{
    os_md5 filesum1;
    os_md5 filesum2;

    char *tmp_str;
    char _finalstr[KEYSIZE];

    /* Allocate for the whole structure */
    keys->keyentries = (keyentry **)realloc(keys->keyentries,
                                            (keys->keysize + 2) * sizeof(keyentry *));
    if (!keys->keyentries) {
        ErrorExit(MEM_ERROR, __local_name, errno, strerror(errno));
    }
    os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);

    /* Set configured values for id */
    os_strdup(id, keys->keyentries[keys->keysize]->id);
    OSHash_Add(keys->keyhash_id,
               keys->keyentries[keys->keysize]->id,
               keys->keyentries[keys->keysize]);

    /* Agent IP */
    os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip);
    if (OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0) {
        ErrorExit(INVALID_IP, __local_name, ip);
    }

    /* We need to remove the "/" from the CIDR */
    if ((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL) {
        *tmp_str = '\0';
    }
    OSHash_Add(keys->keyhash_ip,
               keys->keyentries[keys->keysize]->ip->ip,
               keys->keyentries[keys->keysize]);

    /* Agent name */
    os_strdup(name, keys->keyentries[keys->keysize]->name);

    /* Initialize the variables */
    keys->keyentries[keys->keysize]->rcvd = 0;
    keys->keyentries[keys->keysize]->local = 0;
    keys->keyentries[keys->keysize]->keyid = keys->keysize;
    keys->keyentries[keys->keysize]->global = 0;
    keys->keyentries[keys->keysize]->fp = NULL;

    /** Generate final symmetric key **/

    /* MD5 from name, id and key */
    OS_MD5_Str(name, filesum1);
    OS_MD5_Str(id,  filesum2);

    /* Generate new filesum1 */
    snprintf(_finalstr, sizeof(_finalstr) - 1, "%s%s", filesum1, filesum2);

    /* Use just half of the first MD5 (name/id) */
    OS_MD5_Str(_finalstr, filesum1);
    filesum1[15] = '\0';
    filesum1[16] = '\0';

    /* Second md is just the key */
    OS_MD5_Str(key, filesum2);

    /* Generate final key */
    snprintf(_finalstr, 49, "%s%s", filesum2, filesum1);

    /* Final key is 48 * 4 = 192bits */
    os_strdup(_finalstr, keys->keyentries[keys->keysize]->key);

    /* Clean final string from memory */
    memset_secure(_finalstr, '\0', sizeof(_finalstr));

    /* Ready for next */
    keys->keysize++;

    return;
}
Beispiel #9
0
/* Bulk generate client keys from file */
int k_bulkload(const char *cmdbulk)
{
    int i = 1;
    FILE *fp, *infp;
    char str1[STR_SIZE + 1];
    char str2[STR_SIZE + 1];

    os_md5 md1;
    os_md5 md2;
    char line[FILE_SIZE + 1];
    char name[FILE_SIZE + 1];
    char id[FILE_SIZE + 1];
    char ip[FILE_SIZE + 1];
    char delims[] = ",";
    char *token = NULL;

    /* Check if we can open the input file */
    printf("Opening: [%s]\n", cmdbulk);
    infp = fopen(cmdbulk, "r");
    if (!infp) {
        perror("Failed.");
        ErrorExit(FOPEN_ERROR, ARGV0, cmdbulk, errno, strerror(errno));
    }

    /* Check if we can open the auth_file */
    fp = fopen(AUTH_FILE, "a");
    if (!fp) {
        ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
    }
    fclose(fp);

    while (fgets(line, FILE_SIZE - 1, infp) != NULL) {
        os_ip c_ip;
        c_ip.ip = NULL;

        if (1 >= strlen(trimwhitespace(line))) {
            continue;
        }

        memset(ip, '\0', FILE_SIZE + 1);
        token = strtok(line, delims);
        strncpy(ip, trimwhitespace(token), FILE_SIZE - 1);

        memset(name, '\0', FILE_SIZE + 1);
        token = strtok(NULL, delims);
        strncpy(name, trimwhitespace(token), FILE_SIZE - 1);

#ifndef WIN32
        if (chmod(AUTH_FILE, 0440) == -1) {
            ErrorExit(CHMOD_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
        }
#endif

        /* Set time 2 */
        time2 = time(0);

        srandom_init();
        rand1 = random();

        /* Zero strings */
        memset(str1, '\0', STR_SIZE + 1);
        memset(str2, '\0', STR_SIZE + 1);

        /* Check the name */
        if (!OS_IsValidName(name)) {
            printf(INVALID_NAME, name);
            continue;
        }

        /* Search for name  -- no duplicates */
        if (NameExist(name)) {
            printf(ADD_ERROR_NAME, name);
            continue;
        }

        if (!OS_IsValidIP(ip, &c_ip)) {
            printf(IP_ERROR, ip);
            continue;
        }

        /* Default ID */
        i = MAX_AGENTS + 32512;
        snprintf(id, 8, "%03d", i);
        while (!IDExist(id)) {
            i--;
            snprintf(id, 8, "%03d", i);

            /* No key present, use id 0 */
            if (i <= 0) {
                i = 0;
                break;
            }
        }
        snprintf(id, 8, "%03d", i + 1);

        if (!OS_IsValidID(id)) {
            printf(INVALID_ID, id);
            goto cleanup;
        }

        /* Search for ID KEY  -- no duplicates */
        if (IDExist(id)) {
            printf(NO_DEFAULT, i + 1);
            goto cleanup;
        }

        printf(AGENT_INFO, id, name, ip);
        fflush(stdout);

        time3 = time(0);
        rand2 = random();

        fp = fopen(AUTH_FILE, "a");
        if (!fp) {
            ErrorExit(FOPEN_ERROR, ARGV0, KEYS_FILE, errno, strerror(errno));
        }
#ifndef WIN32
        if (chmod(AUTH_FILE, 0440) == -1) {
            ErrorExit(CHMOD_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
        }
#endif

        /* Random 1: Time took to write the agent information
         * Random 2: Time took to choose the action
         * Random 3: All of this + time + pid
         * Random 4: MD5 all of this + the name, key and IP
         * Random 5: Final key
         */

        snprintf(str1, STR_SIZE, "%d%s%d", (int)(time3 - time2), name, (int)rand1);
        snprintf(str2, STR_SIZE, "%d%s%s%d", (int)(time2 - time1), ip, id, (int)rand2);

        OS_MD5_Str(str1, md1);
        OS_MD5_Str(str2, md2);

        snprintf(str1, STR_SIZE, "%s%d%d%d", md1, (int)getpid(), (int)random(),
                 (int)time3);
        OS_MD5_Str(str1, md1);

        fprintf(fp, "%s %s %s %s%s\n", id, name, c_ip.ip, md1, md2);
        fclose(fp);

        printf(AGENT_ADD);
        restart_necessary = 1;

cleanup:
        free(c_ip.ip);
    };

    fclose(infp);
    return (0);
}
Beispiel #10
0
int add_agent()
{
    int i = 1;
    FILE *fp;
    char str1[STR_SIZE + 1];
    char str2[STR_SIZE + 1];

    os_md5 md1;
    os_md5 md2;

    char *user_input;
    char *_name;
    char *_id;
    char *_ip;

    char name[FILE_SIZE + 1];
    char id[FILE_SIZE + 1];
    char ip[FILE_SIZE + 1];
    os_ip *c_ip;

    /* Check if we can open the auth_file */
    fp = fopen(AUTH_FILE, "a");
    if (!fp) {
        ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
    }
    fclose(fp);

    /* Allocate for c_ip */
    os_calloc(1, sizeof(os_ip), c_ip);

#ifndef WIN32
    if (chmod(AUTH_FILE, 0440) == -1) {
        ErrorExit(CHMOD_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
    }
#endif

    /* Set time 2 */
    time2 = time(0);

    rand1 = random();

    /* Zero strings */
    memset(str1, '\0', STR_SIZE + 1);
    memset(str2, '\0', STR_SIZE + 1);

    printf(ADD_NEW);

    /* Get the name */
    memset(name, '\0', FILE_SIZE + 1);

    do {
        printf(ADD_NAME);
        fflush(stdout);
        /* Read the agent's name from user environment. If it is invalid
         * we should force user to provide a name from input device.
         */
        _name = getenv("OSSEC_AGENT_NAME");
        if (_name == NULL || NameExist(_name) || !OS_IsValidName(_name)) {
            _name = read_from_user();
        }

        if (strcmp(_name, QUIT) == 0) {
            return (0);
        }

        strncpy(name, _name, FILE_SIZE - 1);

        /* Check the name */
        if (!OS_IsValidName(name)) {
            printf(INVALID_NAME, name);
        }

        /* Search for name  -- no duplicates */
        if (NameExist(name)) {
            printf(ADD_ERROR_NAME, name);
        }
    } while (NameExist(name) || !OS_IsValidName(name));

    /* Get IP */
    memset(ip, '\0', FILE_SIZE + 1);

    do {
        printf(ADD_IP);
        fflush(stdout);

        /* Read IP address from user's environment. If that IP is invalid,
         * force user to provide IP from input device */
        _ip = getenv("OSSEC_AGENT_IP");
        if (_ip == NULL || !OS_IsValidIP(_ip, c_ip)) {
            _ip = read_from_user();
        }

        /* Quit */
        if (strcmp(_ip, QUIT) == 0) {
            return (0);
        }

        strncpy(ip, _ip, FILE_SIZE - 1);

        if (!OS_IsValidIP(ip, c_ip)) {
            printf(IP_ERROR, ip);
            _ip = NULL;
        }

    } while (!_ip);

    do {
        /* Default ID */
        i = MAX_AGENTS + 32512;
        snprintf(id, 8, "%03d", i);
        while (!IDExist(id)) {
            i--;
            snprintf(id, 8, "%03d", i);

            /* No key present, use id 0 */
            if (i <= 0) {
                i = 0;
                break;
            }
        }
        snprintf(id, 8, "%03d", i + 1);

        /* Get ID */
        printf(ADD_ID, id);
        fflush(stdout);

        /* Get Agent ID from environment. If 0, use default ID. If null,
         * get from user input. If value from environment is invalid,
         * we force user to specify an ID from the terminal. Otherwise,
         * our program goes to infinite loop.
         */
        _id = getenv("OSSEC_AGENT_ID");
        if (_id == NULL || IDExist(_id) || !OS_IsValidID(_id)) {
            _id = read_from_user();
        }

        /* If user specified 0 as Agent ID, he meant use default value.
         * NOTE: a bad condition can cause infinite loop.
         */
        if (strcmp(_id, "0") == 0) {
            strncpy(_id, id, FILE_SIZE - 1);
        }

        /* Quit */
        if (strcmp(_id, QUIT) == 0) {
            return (0);
        }

        if (_id[0] != '\0') {
            strncpy(id, _id, FILE_SIZE - 1);
        }

        if (!OS_IsValidID(id)) {
            printf(INVALID_ID, id);
        }

        /* Search for ID KEY  -- no duplicates */
        if (IDExist(id)) {
            printf(ADD_ERROR_ID, id);
        }

    } while (IDExist(id) || !OS_IsValidID(id));

    printf(AGENT_INFO, id, name, ip);
    fflush(stdout);

    do {
        printf(ADD_CONFIRM);
        /* Confirmation by an environment variable. The valid value is y/Y.
         * If the user provides anything other string, it is considered as
         * n/N; please note that the old code only accepts y/Y/n/N. So if
         * the variable OSSEC_ACTION_CONFIRMED is 'foobar', the program will
         * go into an infinite loop.
         */
        user_input = getenv("OSSEC_ACTION_CONFIRMED");
        if (user_input == NULL) {
            user_input = read_from_user();
        }

        /* If user accepts to add */
        if (user_input[0] == 'y' || user_input[0] == 'Y') {
            time3 = time(0);
            rand2 = random();

            fp = fopen(AUTH_FILE, "a");
            if (!fp) {
                ErrorExit(FOPEN_ERROR, ARGV0, KEYS_FILE, errno, strerror(errno));
            }
#ifndef WIN32
            chmod(AUTH_FILE, 0440);
#endif

            /* Random 1: Time took to write the agent information
             * Random 2: Time took to choose the action
             * Random 3: All of this + time + pid
             * Random 4: Md5 all of this + the name, key and IP
             * Random 5: Final key
             */

            snprintf(str1, STR_SIZE, "%d%s%d", (int)(time3 - time2), name, (int)rand1);
            snprintf(str2, STR_SIZE, "%d%s%s%d", (int)(time2 - time1), ip, id, (int)rand2);

            OS_MD5_Str(str1, md1);
            OS_MD5_Str(str2, md2);

            snprintf(str1, STR_SIZE, "%s%d%d%d", md1, (int)getpid(), (int)random(),
                     (int)time3);
            OS_MD5_Str(str1, md1);

            fprintf(fp, "%s %s %s %s%s\n", id, name, c_ip->ip, md1, md2);

            fclose(fp);

            printf(AGENT_ADD);
            restart_necessary = 1;
            break;
        } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */
            printf(ADD_NOT);
            break;
        }
    } while (1);

    return (0);
}
Beispiel #11
0
/* Rules_OP_ReadRules, v0.3, 2005/03/21
 * Read the log rules.
 * v0.3: Fixed many memory problems.
 */ 
int OS_ReadXMLRules(char *rulefile, 
                    void *(*ruleact_function)(RuleInfo *rule, void *data),
                    void *data)
{
    OS_XML xml;
    XML_NODE node = NULL;


    /** XML variables **/ 
    /* These are the available options for the rule configuration */
    
    char *xml_group = "group";
    char *xml_rule = "rule";

    char *xml_regex = "regex";
    char *xml_match = "match";
    char *xml_decoded = "decoded_as";
    char *xml_category = "category";
    char *xml_cve = "cve";
    char *xml_info = "info";
    char *xml_day_time = "time";
    char *xml_week_day = "weekday";
    char *xml_comment = "description";
    char *xml_ignore = "ignore";
    char *xml_check_if_ignored = "check_if_ignored";
    
    char *xml_srcip = "srcip";
    char *xml_srcport = "srcport";
    char *xml_dstip = "dstip";
    char *xml_dstport = "dstport";
    char *xml_user = "******";
    char *xml_url = "url";
    char *xml_id = "id";
    char *xml_data = "extra_data";
    char *xml_hostname = "hostname";
    char *xml_program_name = "program_name";
    char *xml_status = "status";
    char *xml_action = "action";
    char *xml_compiled = "compiled_rule";
    
    char *xml_if_sid = "if_sid";
    char *xml_if_group = "if_group";
    char *xml_if_level = "if_level";
    char *xml_fts = "if_fts";
    
    char *xml_if_matched_regex = "if_matched_regex";
    char *xml_if_matched_group = "if_matched_group";
    char *xml_if_matched_sid = "if_matched_sid";
    
    char *xml_same_source_ip = "same_source_ip";
    char *xml_same_src_port = "same_src_port";
    char *xml_same_dst_port = "same_dst_port";
    char *xml_same_user = "******";
    char *xml_same_location = "same_location";
    char *xml_same_id = "same_id";
    char *xml_dodiff = "check_diff";

    char *xml_different_url = "different_url";
    
    char *xml_notsame_source_ip = "not_same_source_ip";
    char *xml_notsame_user = "******";
    char *xml_notsame_agent = "not_same_agent";
    char *xml_notsame_id = "not_same_id";

    char *xml_options = "options";
    
    char *rulepath;
    
    int i;


    /* If no directory in the rulefile add the default */
    if((strchr(rulefile, '/')) == NULL)
    {
        /* Building the rule file name + path */
        i = strlen(RULEPATH) + strlen(rulefile) + 2;
        rulepath = (char *)calloc(i,sizeof(char));
        if(!rulepath)
        {
            ErrorExit(MEM_ERROR,ARGV0);
        }
        snprintf(rulepath,i,"%s/%s",RULEPATH,rulefile);
    }
    else
    {
        os_strdup(rulefile, rulepath);
        debug1("%s is the rulefile", rulefile);
        debug1("Not modifing the rule path");
    }
    
    
    /* Reading the XML */       
    if(OS_ReadXML(rulepath,&xml) < 0)
    {
        merror(XML_ERROR, __local_name, rulepath, xml.err, xml.err_line);
        free(rulepath);
        return(-1);	
    }


    /* Debug wrapper */
    debug1("%s: DEBUG: read xml for rule '%s'.", __local_name, rulepath);
    

    /* Applying any variable found */
    if(OS_ApplyVariables(&xml) != 0)
    {
        merror(XML_ERROR_VAR, __local_name, rulepath, xml.err);
        return(-1);
    }


    /* Debug wrapper */
    debug1("%s: DEBUG: XML Variables applied.", __local_name);
    

    /* Getting the root elements */
    node = OS_GetElementsbyNode(&xml, NULL);
    if(!node)
    {
        merror(CONFIG_ERROR, __local_name, rulepath);
        OS_ClearXML(&xml);
        return(-1);    
    }


    /* Zeroing the rule memory -- not used anymore */
    free(rulepath);
    

    /* Checking if there is any invalid global option */
    i = 0;
    while(node[i])
    {
        if(node[i]->element)
        {
            /* Verifying group */
            if(strcasecmp(node[i]->element,xml_group) != 0)
            {
                merror(RL_INV_ROOT, __local_name, node[i]->element);
                OS_ClearXML(&xml);
                return(-1);
            }
            /* Checking group attribute -- only name is allowed */
            if((!node[i]->attributes) || (!node[i]->values)||
               (!node[i]->values[0]) || (!node[i]->attributes[0]) ||
               (strcasecmp(node[i]->attributes[0],"name") != 0) ||
               (node[i]->attributes[1]))
            {
                merror(RL_INV_ROOT, __local_name, node[i]->element);
                OS_ClearXML(&xml);
                return(-1);
            }
        }
        else
        {
            merror(XML_READ_ERROR, __local_name);
            OS_ClearXML(&xml);
            return(-1);
        }
        i++;
    }


    /* Getting the rules now */   
    i = 0;
    while(node[i])
    {
        int j = 0;
        XML_NODE rule = NULL;


        /* Getting all rules for a global group */        
        rule = OS_GetElementsbyNode(&xml,node[i]);
        if(rule == NULL)
        {
            i++;
            continue;
        }

        /* Looping on the rules node */
        while(rule[j])
        {
            /* Rules options */
            int k = 0;
            char *regex = NULL, *match = NULL, *url = NULL, 
                 *if_matched_regex = NULL, *if_matched_group = NULL,
                 *user = NULL, *id = NULL, *srcport = NULL,
                 *dstport = NULL, *status = NULL, *hostname = NULL,
                 *extra_data = NULL, *program_name = NULL;
            
            RuleInfo *config_ruleinfo = NULL;
            XML_NODE rule_opt = NULL;
           

            /* Checking if the rule element is correct */
            if((!rule[j]->element)||
               (strcasecmp(rule[j]->element,xml_rule) != 0))
            {
                merror(RL_INV_RULE, __local_name, node[i]->element);
                OS_ClearXML(&xml);
                return(-1);
            }


            /* Checking for the attributes of the rule */
            if((!rule[j]->attributes) || (!rule[j]->values))
            {
                merror(RL_INV_RULE, __local_name, rulefile); 
                OS_ClearXML(&xml);
                return(-1);
            }

            
            /* Attribute block */
            config_ruleinfo = _OS_AllocateRule();

            if(_OS_GetRulesAttributes(rule[j]->attributes, rule[j]->values,
                                      config_ruleinfo) < 0)
            {
                merror(RL_INV_ATTR, __local_name, rulefile);
                OS_ClearXML(&xml);
                return(-1);
            }

            /* We must have an id or level */
            if((config_ruleinfo->sigid == -1)||(config_ruleinfo->level == -1))
            {
                merror(RL_INV_ATTR, __local_name, rulefile);
                OS_ClearXML(&xml);
                return(-1);
            }


            /* Here we can assign the group name to the rule.
             * The level is correct so the rule is probably going to
             * be fine
             */
            os_strdup(node[i]->values[0], config_ruleinfo->group);
            

            /* Getting rules options */    
            rule_opt =  OS_GetElementsbyNode(&xml, rule[j]);
            if(rule_opt == NULL)
            {
                merror(RL_NO_OPT, __local_name, config_ruleinfo->sigid);
                OS_ClearXML(&xml);
                return(-1);       
            }
                

            /* Reading the whole rule block */    
            while(rule_opt[k])
            {
                if((!rule_opt[k]->element)||(!rule_opt[k]->content))
                {
                    break;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_regex)==0)
                {
                    regex =
                        os_LoadString(regex,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_match)==0)
                {
                    match =
                        os_LoadString(match,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element, xml_decoded) == 0)
                {
                }
                else if(strcasecmp(rule_opt[k]->element,xml_info) == 0)
                {
                    config_ruleinfo->info=
                        os_LoadString(config_ruleinfo->info,
                                      rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_day_time) == 0)
                {
                    config_ruleinfo->day_time = 
                                     OS_IsValidTime(rule_opt[k]->content);
                    if(!config_ruleinfo->day_time)
                    {
                        merror(INVALID_CONFIG, __local_name,
                                rule_opt[k]->element,
                                rule_opt[k]->content);
                        return(-1);
                    }

                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_week_day) == 0)
                {
                    config_ruleinfo->week_day = 
                        OS_IsValidDay(rule_opt[k]->content);

                    if(!config_ruleinfo->week_day)
                    {
                        merror(INVALID_CONFIG, __local_name,
                                rule_opt[k]->element,
                                rule_opt[k]->content);
                        return(-1);
                    }
                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_group) == 0)
                {
                    config_ruleinfo->group =
                        os_LoadString(config_ruleinfo->group,
                                      rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_cve) == 0)
                {
                    config_ruleinfo->cve=
                        os_LoadString(config_ruleinfo->cve,
                                      rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_comment) == 0)
                {
                    char *newline;

                    newline = strchr(rule_opt[k]->content, '\n');
                    if(newline)
                    {
                        *newline = ' ';
                    }
                    config_ruleinfo->comment=
                        os_LoadString(config_ruleinfo->comment,
                                      rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_srcip)==0)
                {
                    int ip_s = 0;

                    /* Getting size of source ip list */
                    while(config_ruleinfo->srcip && 
                            config_ruleinfo->srcip[ip_s])
                    {
                        ip_s++;
                    }

                    config_ruleinfo->srcip = 
                                realloc(config_ruleinfo->srcip,
                                (ip_s + 2) * sizeof(os_ip *));


                    /* Allocating memory for the individual entries */
                    os_calloc(1, sizeof(os_ip), 
                                 config_ruleinfo->srcip[ip_s]);
                    config_ruleinfo->srcip[ip_s +1] = NULL;


                    /* Checking if the ip is valid */
                    if(!OS_IsValidIP(rule_opt[k]->content, 
                                     config_ruleinfo->srcip[ip_s]))
                    {
                        merror(INVALID_IP, __local_name, rule_opt[k]->content);
                        return(-1);
                    }

                    if(!(config_ruleinfo->alert_opts & DO_PACKETINFO))
                        config_ruleinfo->alert_opts |= DO_PACKETINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_dstip)==0)
                {
                    int ip_s = 0;

                    /* Getting size of source ip list */
                    while(config_ruleinfo->dstip &&
                            config_ruleinfo->dstip[ip_s])
                    {
                        ip_s++;
                    }

                    config_ruleinfo->dstip =
                                realloc(config_ruleinfo->dstip,
                                (ip_s + 2) * sizeof(os_ip *));


                    /* Allocating memory for the individual entries */
                    os_calloc(1, sizeof(os_ip),
                            config_ruleinfo->dstip[ip_s]);
                    config_ruleinfo->dstip[ip_s +1] = NULL;


                    /* Checking if the ip is valid */
                    if(!OS_IsValidIP(rule_opt[k]->content,
                                config_ruleinfo->dstip[ip_s]))
                    {
                        merror(INVALID_IP, __local_name, rule_opt[k]->content);
                        return(-1);
                    }

                    if(!(config_ruleinfo->alert_opts & DO_PACKETINFO))
                        config_ruleinfo->alert_opts |= DO_PACKETINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_user) == 0)
                {
                    user = os_LoadString(user, rule_opt[k]->content);

                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_id) == 0)
                {
                    id = os_LoadString(id, rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_srcport) == 0)
                {
                    srcport = os_LoadString(srcport, rule_opt[k]->content);
                    
                    if(!(config_ruleinfo->alert_opts & DO_PACKETINFO))
                        config_ruleinfo->alert_opts |= DO_PACKETINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_dstport) == 0)
                {
                    dstport = os_LoadString(dstport, rule_opt[k]->content);

                    if(!(config_ruleinfo->alert_opts & DO_PACKETINFO))
                        config_ruleinfo->alert_opts |= DO_PACKETINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_status)==0)
                {
                    status = os_LoadString(status, rule_opt[k]->content);

                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_hostname) == 0)
                {
                    hostname = os_LoadString(hostname, rule_opt[k]->content);

                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,xml_data)==0)
                {
                    extra_data = os_LoadString(extra_data, rule_opt[k]->content);

                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_program_name)==0)
                {
                    program_name = os_LoadString(program_name,
                                              rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_action) == 0)
                {
                    config_ruleinfo->action = 
                                os_LoadString(config_ruleinfo->action,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_url) == 0)
                {
                    url= os_LoadString(url, rule_opt[k]->content);
                }

                else if(strcasecmp(rule_opt[k]->element, xml_compiled)==0)
                {
                    /* Not using this in here. */
                }

                /* We allow these categories so far */
                else if(strcasecmp(rule_opt[k]->element, xml_category)==0)
                {
                    if(strcmp(rule_opt[k]->content, "firewall") == 0)
                    {
                        config_ruleinfo->category = FIREWALL;
                    }
                    else if(strcmp(rule_opt[k]->content, "ids") == 0)
                    {
                        config_ruleinfo->category = IDS;
                    }
                    else if(strcmp(rule_opt[k]->content, "syslog") == 0)
                    {
                        config_ruleinfo->category = SYSLOG;
                    }
                    else if(strcmp(rule_opt[k]->content, "web-log") == 0)
                    {
                        config_ruleinfo->category = WEBLOG;
                    }
                    else if(strcmp(rule_opt[k]->content, "squid") == 0)
                    {
                        config_ruleinfo->category = SQUID;
                    }
                    else if(strcmp(rule_opt[k]->content,"windows") == 0)
                    {
                        config_ruleinfo->category = WINDOWS;
                    }
                    else if(strcmp(rule_opt[k]->content,"ossec") == 0)
                    {
                        config_ruleinfo->category = OSSEC_RL;
                    }
                    else
                    {
                        merror(INVALID_CAT, __local_name, rule_opt[k]->content);
                        return(-1);
                    }
                }
                else if(strcasecmp(rule_opt[k]->element,xml_if_sid)==0)
                {
                    config_ruleinfo->if_sid=
                                os_LoadString(config_ruleinfo->if_sid,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_if_level)==0)
                {
                    if(!OS_StrIsNum(rule_opt[k]->content))
                    {
                        merror(INVALID_CONFIG, __local_name, 
                                xml_if_level,
                                rule_opt[k]->content); 
                        return(-1);
                    }

                    config_ruleinfo->if_level=
                                os_LoadString(config_ruleinfo->if_level,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,xml_if_group)==0)
                {
                    config_ruleinfo->if_group=
                                os_LoadString(config_ruleinfo->if_group,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_if_matched_regex) == 0)
                {
                    config_ruleinfo->context = 1;
                    if_matched_regex=
                                os_LoadString(if_matched_regex,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_if_matched_group) == 0)
                {
                    config_ruleinfo->context = 1;
                    if_matched_group=
                                os_LoadString(if_matched_group,
                                rule_opt[k]->content);
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_if_matched_sid) == 0)
                {
                    config_ruleinfo->context = 1;
                    if(!OS_StrIsNum(rule_opt[k]->content))
                    {
                        merror(INVALID_CONFIG, __local_name,
                                rule_opt[k]->element,
                                rule_opt[k]->content);
                        return(-1);
                    }
                    config_ruleinfo->if_matched_sid = 
                        atoi(rule_opt[k]->content);

                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_same_source_ip)==0)
                {
                    config_ruleinfo->context_opts|= SAME_SRCIP;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_same_src_port)==0)
                {
                    config_ruleinfo->context_opts|= SAME_SRCPORT;

                    if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
                        config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,
                                   xml_dodiff)==0)
                {
                    config_ruleinfo->context++;
                    config_ruleinfo->context_opts|= SAME_DODIFF;
                    if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
                    {
                        config_ruleinfo->alert_opts |= DO_EXTRAINFO;
                    }
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_same_dst_port) == 0)
                {
                    config_ruleinfo->context_opts|= SAME_DSTPORT;

                    if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
                        config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_notsame_source_ip)==0)
                {
                    config_ruleinfo->context_opts&= NOT_SAME_SRCIP;
                }
                else if(strcmp(rule_opt[k]->element, xml_same_id) == 0)
                {
                    config_ruleinfo->context_opts|= SAME_ID;
                }
                else if(strcmp(rule_opt[k]->element,
                            xml_different_url) == 0)
                {
                    config_ruleinfo->context_opts|= DIFFERENT_URL;

                    if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
                        config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
                }
                else if(strcmp(rule_opt[k]->element,xml_notsame_id) == 0)
                {
                    config_ruleinfo->context_opts&= NOT_SAME_ID;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_fts) == 0)
                {
                    config_ruleinfo->alert_opts |= DO_FTS;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_same_user)==0)
                {
                    config_ruleinfo->context_opts|= SAME_USER;

                    if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
                        config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_notsame_user)==0)
                {
                    config_ruleinfo->context_opts&= NOT_SAME_USER;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_same_location)==0)
                {
                    config_ruleinfo->context_opts|= SAME_LOCATION;
                    if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
                        config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_notsame_agent)==0)
                {
                    config_ruleinfo->context_opts&= NOT_SAME_AGENT;
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_options) == 0)
                {
                    if(strcmp("alert_by_email", 
                                rule_opt[k]->content) == 0)
                    {
                        if(!(config_ruleinfo->alert_opts & DO_MAILALERT))
                        {
                            config_ruleinfo->alert_opts|= DO_MAILALERT;
                        }
                    }
                    else if(strcmp("no_email_alert",
                                rule_opt[k]->content) == 0)
                    {
                        if(config_ruleinfo->alert_opts & DO_MAILALERT)
                        {
                            config_ruleinfo->alert_opts&=0xfff-DO_MAILALERT;
                        }
                    }
                    else if(strcmp("log_alert", 
                                rule_opt[k]->content) == 0)
                    {
                        if(!(config_ruleinfo->alert_opts & DO_LOGALERT))
                        {
                            config_ruleinfo->alert_opts|= DO_LOGALERT;
                        }
                    }
                    else if(strcmp("no_log", rule_opt[k]->content) == 0)
                    {
                        if(config_ruleinfo->alert_opts & DO_LOGALERT)
                        {
                            config_ruleinfo->alert_opts &=0xfff-DO_LOGALERT;
                        }
                    }
                    else if(strcmp("no_ar", rule_opt[k]->content) == 0)
                    {
                        if(!(config_ruleinfo->alert_opts & NO_AR))
                        {
                            config_ruleinfo->alert_opts|= NO_AR;
                        }
                    }
                    else
                    {               
                        merror(XML_VALUEERR, __local_name, xml_options,
                                rule_opt[k]->content);

                        merror(INVALID_ELEMENT, __local_name,
                                                rule_opt[k]->element,
                                                rule_opt[k]->content);
                        OS_ClearXML(&xml);
                        return(-1);
                    }   
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_ignore) == 0)
                {
                    if(strstr(rule_opt[k]->content, "user") != NULL)
                    {
                        config_ruleinfo->ignore|=FTS_USER;
                    }
                    if(strstr(rule_opt[k]->content, "srcip") != NULL)
                    {
                        config_ruleinfo->ignore|=FTS_SRCIP;
                    }
                    if(strstr(rule_opt[k]->content, "dstip") != NULL)
                    {
                        config_ruleinfo->ignore|=FTS_DSTIP;
                    }
                    if(strstr(rule_opt[k]->content, "id") != NULL)
                    {
                        config_ruleinfo->ignore|=FTS_ID;
                    }
                    if(strstr(rule_opt[k]->content,"location")!= NULL)
                    {
                        config_ruleinfo->ignore|=FTS_LOCATION;
                    }
                    if(strstr(rule_opt[k]->content,"data")!= NULL)
                    {
                        config_ruleinfo->ignore|=FTS_DATA;
                    }
                    if(strstr(rule_opt[k]->content, "name") != NULL)
                    {
                        config_ruleinfo->ignore|=FTS_NAME;

                    }
                    if(!config_ruleinfo->ignore)
                    {
                        merror(INVALID_ELEMENT, __local_name,
                                rule_opt[k]->element,
                                rule_opt[k]->content);

                        return(-1);
                    }
                }
                else if(strcasecmp(rule_opt[k]->element,
                            xml_check_if_ignored) == 0)
                {
                    if(strstr(rule_opt[k]->content, "user") != NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_USER;
                    }
                    if(strstr(rule_opt[k]->content, "srcip") != NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_SRCIP;
                    }
                    if(strstr(rule_opt[k]->content, "dstip") != NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_DSTIP;
                    }
                    if(strstr(rule_opt[k]->content, "id") != NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_ID;
                    }
                    if(strstr(rule_opt[k]->content,"location")!= NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_LOCATION;
                    }
                    if(strstr(rule_opt[k]->content,"data")!= NULL)
                    {
                        config_ruleinfo->ignore|=FTS_DATA;
                    }
                    if(strstr(rule_opt[k]->content, "name") != NULL)
                    {
                        config_ruleinfo->ckignore|=FTS_NAME;

                    }
                    if(!config_ruleinfo->ckignore)
                    {
                        merror(INVALID_ELEMENT, __local_name,
                                rule_opt[k]->element,
                                rule_opt[k]->content);

                        return(-1);
                    }
                }
                /* XXX As new features are added into ../analysisd/rules.c 
                 * This code needs to be updated to match, but is out of date 
                 * it's become a nightmare to correct with out just make the 
                 * problem for someone later.   
                 *
                 * This hack will allow any crap xml to pass without an 
                 * error.  The correct fix is to refactor the code so that 
                 * ../analysisd/rules* and this code are not duplicates
                 *
                else
                {
                    merror(XML_INVELEM, __local_name, rule_opt[k]->element);
                    OS_ClearXML(&xml);
                    return(-1);
                }
                */

                k++;
            }


            /* Checking for a valid use of frequency */
            if((config_ruleinfo->context_opts ||
                config_ruleinfo->frequency) &&
               !config_ruleinfo->context)
            {
                merror("%s: Invalid use of frequency/context options. "
                        "Missing if_matched on rule '%d'.",
                        __local_name, config_ruleinfo->sigid);
                OS_ClearXML(&xml);
                return(-1);
            }


            /* If if_matched_group we must have a if_sid or if_group */
            if(if_matched_group)
            {
                if(!config_ruleinfo->if_sid && !config_ruleinfo->if_group)
                {
                    os_strdup(if_matched_group, config_ruleinfo->if_group);
                }
            }
                

            /* If_matched_sid, we need to get the if_sid */
            if(config_ruleinfo->if_matched_sid &&
               !config_ruleinfo->if_sid &&
               !config_ruleinfo->if_group)
            {
                os_calloc(16, sizeof(char), config_ruleinfo->if_sid);
                snprintf(config_ruleinfo->if_sid, 15, "%d",
                        config_ruleinfo->if_matched_sid);
            }


            /* Checking the regexes */
            if(regex)
            {
                os_calloc(1, sizeof(OSRegex), config_ruleinfo->regex);
                if(!OSRegex_Compile(regex, config_ruleinfo->regex, 0))
                {
                    merror(REGEX_COMPILE, __local_name, regex,
                            config_ruleinfo->regex->error);
                    return(-1);
                }
                free(regex);
                regex = NULL;
            }


            /* Adding in match */
            if(match)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->match);
                if(!OSMatch_Compile(match, config_ruleinfo->match, 0))
                {
                    merror(REGEX_COMPILE, __local_name, match,
                            config_ruleinfo->match->error);
                    return(-1);
                }
                free(match);
                match = NULL;
            }


            /* Adding in id */
            if(id)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->id);
                if(!OSMatch_Compile(id, config_ruleinfo->id, 0))
                {
                    merror(REGEX_COMPILE, __local_name, id,
                            config_ruleinfo->id->error);
                    return(-1);
                }
                free(id);
                id = NULL;
            }


            /* Adding srcport */
            if(srcport)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->srcport);
                if(!OSMatch_Compile(srcport, config_ruleinfo->srcport, 0))
                {
                    merror(REGEX_COMPILE, __local_name, srcport,
                            config_ruleinfo->id->error);
                    return(-1);
                }
                free(srcport);
                srcport = NULL;
            }


            /* Adding dstport */
            if(dstport)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->dstport);
                if(!OSMatch_Compile(dstport, config_ruleinfo->dstport, 0))
                {
                    merror(REGEX_COMPILE, __local_name, dstport,
                            config_ruleinfo->id->error);
                    return(-1);
                }
                free(dstport);
                dstport = NULL;
            }


            /* Adding in status */
            if(status)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->status);
                if(!OSMatch_Compile(status, config_ruleinfo->status, 0))
                {
                    merror(REGEX_COMPILE, __local_name, status,
                            config_ruleinfo->status->error);
                    return(-1);
                }
                free(status);
                status = NULL;
            }


            /* Adding in hostname */
            if(hostname)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->hostname);
                if(!OSMatch_Compile(hostname, config_ruleinfo->hostname,0))
                {
                    merror(REGEX_COMPILE, __local_name, hostname,
                            config_ruleinfo->hostname->error);
                    return(-1);
                }
                free(hostname);
                hostname = NULL;
            }


            /* Adding extra data */
            if(extra_data)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->extra_data);
                if(!OSMatch_Compile(extra_data,
                            config_ruleinfo->extra_data, 0))
                {
                    merror(REGEX_COMPILE, __local_name, extra_data,
                            config_ruleinfo->extra_data->error);
                    return(-1);
                }
                free(extra_data);
                extra_data = NULL;
            }


            /* Adding in program name */
            if(program_name)
            {
                os_calloc(1,sizeof(OSMatch),config_ruleinfo->program_name);
                if(!OSMatch_Compile(program_name,
                            config_ruleinfo->program_name,0))
                {
                    merror(REGEX_COMPILE, __local_name, program_name,
                            config_ruleinfo->program_name->error);
                    return(-1);
                }
                free(program_name);
                program_name = NULL;
            }


            /* Adding in user */
            if(user)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->user);
                if(!OSMatch_Compile(user, config_ruleinfo->user, 0))
                {
                    merror(REGEX_COMPILE, __local_name, user,
                            config_ruleinfo->user->error);
                    return(-1);
                }
                free(user);
                user = NULL;
            }


            /* Adding in url */
            if(url)
            {
                os_calloc(1, sizeof(OSMatch), config_ruleinfo->url);
                if(!OSMatch_Compile(url, config_ruleinfo->url, 0))
                {
                    merror(REGEX_COMPILE, __local_name, url,
                            config_ruleinfo->url->error);
                    return(-1);
                }
                free(url);
                url = NULL;
            }


            /* Adding matched_group */
            if(if_matched_group)
            {
                os_calloc(1,sizeof(OSMatch),config_ruleinfo->if_matched_group);

                if(!OSMatch_Compile(if_matched_group,
                            config_ruleinfo->if_matched_group,0))
                {
                    merror(REGEX_COMPILE, __local_name, if_matched_group,
                            config_ruleinfo->if_matched_group->error);
                    return(-1);
                }
                free(if_matched_group);
                if_matched_group = NULL;
            }


            /* Adding matched_regex */
            if(if_matched_regex)
            {
                os_calloc(1, sizeof(OSRegex),
                        config_ruleinfo->if_matched_regex);
                if(!OSRegex_Compile(if_matched_regex,
                            config_ruleinfo->if_matched_regex, 0))
                {
                    merror(REGEX_COMPILE, __local_name, if_matched_regex,
                            config_ruleinfo->if_matched_regex->error);
                    return(-1);
                }
                free(if_matched_regex);
                if_matched_regex = NULL;
            }


            /* Calling the function provided. */
            ruleact_function(config_ruleinfo, data);

            
            j++; /* next rule */


        } /* while(rule[j]) */
        OS_ClearNode(rule);
        i++;
        
    } /* while (node[i]) */

    /* Cleaning global node */
    OS_ClearNode(node);
    OS_ClearXML(&xml);


    /* Done over here */
    return(0);
}
Beispiel #12
0
/* GlobalConf v0.2: 2005/03/03
 * v0.2: Changing to support the new OS_XML
 */
int Read_Global(XML_NODE node, void *configp, void *mailp)
{
    int i = 0;

    /* White list size */
    int white_size = 1;
    int hostname_white_size = 1;
    int mailto_size = 1;


    /* XML definitions */
    char *xml_mailnotify = "email_notification";
    char *xml_logall = "logall";
    char *xml_integrity = "integrity_checking";
    char *xml_rootcheckd = "rootkit_detection";
    char *xml_hostinfo = "host_information";
    char *xml_picviz = "picviz_output";
    char *xml_picviz_socket = "picviz_socket";
    char *xml_prelude = "prelude_output";
    char *xml_prelude_profile = "prelude_profile";
    char *xml_prelude_log_level = "prelude_log_level";
    char *xml_zeromq_output = "zeromq_output";
    char *xml_zeromq_output_uri = "zeromq_uri";
    char *xml_stats = "stats";
    char *xml_memorysize = "memory_size";
    char *xml_white_list = "white_list";
    char *xml_compress_alerts = "compress_alerts";
    char *xml_custom_alert_output = "custom_alert_output";

    char *xml_emailto = "email_to";
    char *xml_emailfrom = "email_from";
    char *xml_emailidsname = "email_idsname";
    char *xml_smtpserver = "smtp_server";
    char *xml_mailmaxperhour = "email_maxperhour";

#ifdef GEOIP
    /* GeoIP */
    char *xml_geoip_db_path = "geoip_db_path";
    char *xml_geoip6_db_path = "geoip6_db_path";
#endif

    _Config *Config;
    MailConfig *Mail;

    Config = (_Config *)configp;
    Mail = (MailConfig *)mailp;

    /* Getting right white_size */
    if(Config && Config->white_list)
    {
        os_ip **ww;
        ww = Config->white_list;

        while(*ww != NULL)
        {
            white_size++;
            ww++;
        }
    }

     /* Getting right white_size */
    if(Config && Config->hostname_white_list)
    {
        OSMatch **ww;
        ww = Config->hostname_white_list;

        while(*ww != NULL)
        {
            hostname_white_size++;
            ww++;
        }
    }

    /* Getting mail_to size */
    if(Mail && Mail->to)
    {
        char **ww;
        ww = Mail->to;
        while(*ww != NULL)
        {
            mailto_size++;
            ww++;
        }
    }

    while(node[i])
    {
        if(!node[i]->element)
        {
            merror(XML_ELEMNULL, ARGV0);
            return(OS_INVALID);
        }
        else if(!node[i]->content)
        {
            merror(XML_VALUENULL, ARGV0, node[i]->element);
            return(OS_INVALID);
        }
        else if(strcmp(node[i]->element, xml_custom_alert_output) == 0)
        {
          if(Config)
          {
            Config->custom_alert_output= 1;
            os_strdup(node[i]->content, Config->custom_alert_output_format);
          }
        }
        /* Mail notification */
        else if(strcmp(node[i]->element, xml_mailnotify) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
            {
                if(Config) Config->mailnotify = 1;
                if(Mail) Mail->mn = 1;
            }
            else if(strcmp(node[i]->content, "no") == 0)
            {
                if(Config) Config->mailnotify = 0;
                if(Mail) Mail->mn = 0;
            }
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
        }
        /* Picviz support */
        else if(strcmp(node[i]->element, xml_picviz) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
            {
                if(Config) Config->picviz = 1;
            }
            else if(strcmp(node[i]->content, "no") == 0)
            {
                if(Config) Config->picviz = 0;
            }
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element, node[i]->content);
                return(OS_INVALID);
            }
        }
        else if(strcmp(node[i]->element, xml_picviz_socket) == 0)
        {
            if(Config)
            {
                os_strdup(node[i]->content, Config->picviz_socket);
            }
        }
        /* Prelude support */
        else if(strcmp(node[i]->element, xml_prelude) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
            {
                if(Config) Config->prelude = 1;
            }
            else if(strcmp(node[i]->content, "no") == 0)
            {
                if(Config) Config->prelude = 0;
            }
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element, node[i]->content);
                return(OS_INVALID);
            }
        }
        else if(strcmp(node[i]->element, xml_prelude_profile) == 0)
        {
            if(Config)
            {
                Config->prelude_profile = strdup(node[i]->content);
            }
        }
        else if(strcmp(node[i]->element, xml_prelude_log_level) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }

            if(Config)
            {
                Config->prelude_log_level = atoi(node[i]->content);
            }
        }
        /* ZeroMQ output */
        else if(strcmp(node[i]->element, xml_zeromq_output) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
            { 
                if(Config) Config->zeromq_output = 1; 
            }
            else if(strcmp(node[i]->content, "no") == 0)
            { 
                if(Config) Config->zeromq_output = 0; 
            }
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element, node[i]->content);
                return(OS_INVALID);
            }
        }
        else if(strcmp(node[i]->element, xml_zeromq_output_uri) == 0)
        {
            if(Config)
            {
                Config->zeromq_output_uri = strdup(node[i]->content);
            }
        }
        /* Log all */
        else if(strcmp(node[i]->element, xml_logall) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
                { if(Config) Config->logall = 1;}
            else if(strcmp(node[i]->content, "no") == 0)
                {if(Config) Config->logall = 0;}
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
        }
        /* compress alerts */
        else if(strcmp(node[i]->element, xml_compress_alerts) == 0)
        {
            /* removed from here -- compatility issues only */
        }
        /* Integrity */
        else if(strcmp(node[i]->element, xml_integrity) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            if(Config)
            {
                Config->integrity = atoi(node[i]->content);
            }
        }
        /* rootcheck */
        else if(strcmp(node[i]->element, xml_rootcheckd) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            if(Config)
            {
                Config->rootcheck = atoi(node[i]->content);
            }
        }
        /* hostinfo */
        else if(strcmp(node[i]->element, xml_hostinfo) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            if(Config)
            {
                Config->hostinfo = atoi(node[i]->content);
            }
        }
        /* stats */
        else if(strcmp(node[i]->element, xml_stats) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            if(Config)
            {
                Config->stats = atoi(node[i]->content);
            }
        }
        else if(strcmp(node[i]->element, xml_memorysize) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            if(Config)
            {
                Config->memorysize = atoi(node[i]->content);
            }
        }
        /* whitelist */
        else if(strcmp(node[i]->element, xml_white_list) == 0)
        {
            /* Windows do not need it */
            #ifndef WIN32

            char *ip_address_regex =
             "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/?"
             "([0-9]{0,2}|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$";

            if(Config && OS_PRegex(node[i]->content, ip_address_regex))
            {
                white_size++;
                Config->white_list =
                    realloc(Config->white_list, sizeof(os_ip *)*white_size);
                if(!Config->white_list)
                {
                    merror(MEM_ERROR, ARGV0);
                    return(OS_INVALID);
                }

                os_calloc(1, sizeof(os_ip), Config->white_list[white_size -2]);
                Config->white_list[white_size -1] = NULL;

                if(!OS_IsValidIP(node[i]->content,
                                 Config->white_list[white_size -2]))
                {
                    merror(INVALID_IP, ARGV0,
                                       node[i]->content);
                    return(OS_INVALID);
                }
            }
            /* Adding hostname */
            else if(Config)
            {
                hostname_white_size++;
                Config->hostname_white_list =
                    realloc(Config->hostname_white_list,
                    sizeof(OSMatch *)*hostname_white_size);

                if(!Config->hostname_white_list)
                {
                    merror(MEM_ERROR, ARGV0);
                    return(OS_INVALID);
                }
                os_calloc(1,
                          sizeof(OSMatch),
                          Config->hostname_white_list[hostname_white_size -2]);
                Config->hostname_white_list[hostname_white_size -1] = NULL;

                if(!OSMatch_Compile(
                        node[i]->content,
                        Config->hostname_white_list[hostname_white_size -2],
                        0))
                {
                    merror(REGEX_COMPILE, ARGV0, node[i]->content,
                           Config->hostname_white_list
                           [hostname_white_size -2]->error);
                    return(-1);
                }
            }

            #endif

        }

        /* For the email now
         * email_to, email_from, idsname, smtp_Server and maxperhour.
         * We will use a separate structure for that.
         */
        else if(strcmp(node[i]->element, xml_emailto) == 0)
        {
            #ifndef WIN32
            if(!OS_PRegex(node[i]->content, "[a-zA-Z0-9\\._-]+@[a-zA-Z0-9\\._-]"))
            {
                merror("%s: ERROR: Invalid Email address: %s.", ARGV0, node[i]->content);
                return(OS_INVALID);
            }
            #endif

            if(Mail)
            {
                mailto_size++;
                Mail->to = realloc(Mail->to, sizeof(char *)*mailto_size);
                if(!Mail->to)
                {
                    merror(MEM_ERROR, ARGV0);
                    return(OS_INVALID);
                }

                os_strdup(node[i]->content, Mail->to[mailto_size - 2]);
                Mail->to[mailto_size - 1] = NULL;
            }
        }
        else if(strcmp(node[i]->element, xml_emailfrom) == 0)
        {
            if(Mail)
            {
                if(Mail->from)
                {
                    free(Mail->from);
                }
                os_strdup(node[i]->content, Mail->from);
            }
        }
        else if(strcmp(node[i]->element, xml_emailidsname) == 0)
        {
            if(Mail)
            {
                if(Mail->idsname)
                {
                    free(Mail->idsname);
                }
                os_strdup(node[i]->content, Mail->idsname);
            }
        }
        else if(strcmp(node[i]->element, xml_smtpserver) == 0)
        {
            #ifndef WIN32
            if(Mail && (Mail->mn))
            {
                Mail->smtpserver = OS_GetHost(node[i]->content, 5);
                if(!Mail->smtpserver)
                {
                    merror(INVALID_SMTP, ARGV0, node[i]->content);
                    return(OS_INVALID);
                }
            }
            #endif
        }
        else if(strcmp(node[i]->element, xml_mailmaxperhour) == 0)
        {
            if(Mail)
            {
                if(!OS_StrIsNum(node[i]->content))
                {
                   merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                   return(OS_INVALID);
                }
                Mail->maxperhour = atoi(node[i]->content);

                if((Mail->maxperhour <= 0) || (Mail->maxperhour > 9999))
                {
                   merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                   return(OS_INVALID);
                }
            }
        }
#ifdef GEOIP
        /* GeoIP v4 DB location */
        else if(strcmp(node[i]->element, xml_geoip_db_path) == 0)
        {
            if(Config)
            {
                os_strdup(node[i]->content, Config->geoip_db_path);
            }
        }
        /* GeoIP v6 DB location */
        else if(strcmp(node[i]->element, xml_geoip6_db_path) == 0)
        {
            if(Config)
            {
                os_strdup(node[i]->content, Config->geoip6_db_path);
            }
        }
#endif
        else
        {
            merror(XML_INVELEM, ARGV0, node[i]->element);
            return(OS_INVALID);
        }
        i++;
    }

    return(0);
}
Beispiel #13
0
int Read_Client(XML_NODE node, void *d1, void *d2)
{
    int i = 0;

    /* XML definitions */
    char *xml_client_ip = "server-ip";
    char *xml_client_hostname = "server-hostname";
    char *xml_local_ip = "local_ip";
    char *xml_client_port = "port";
    char *xml_ar_disabled = "disable-active-response";
    char *xml_notify_time = "notify_time";
    char *xml_max_time_reconnect_try = "time-reconnect";

    /* cmoraes */
    char *xml_profile_name = "config-profile";

    agent *logr;

    logr = (agent *)d1;

    logr->notify_time = 0;
    logr->max_time_reconnect_try = 0;

    while(node[i])
    {
        if(!node[i]->element)
        {
            merror(XML_ELEMNULL, ARGV0);
            return(OS_INVALID);
        }
        else if(!node[i]->content)
        {
            merror(XML_VALUENULL, ARGV0, node[i]->element);
            return(OS_INVALID);
        }
        /* Getting local ip. */
        else if(strcmp(node[i]->element, xml_local_ip) == 0)
        {
            os_strdup(node[i]->content, logr->lip);
            if(OS_IsValidIP(logr->lip, NULL) != 1)
            {
                merror(INVALID_IP, ARGV0, logr->lip);
                return(OS_INVALID);
            }
        }
        /* Getting server ip */
        else if(strcmp(node[i]->element,xml_client_ip) == 0)
        {
            int ip_id = 0;

            /* Getting last ip */
            if(logr->rip)
            {
                while(logr->rip[ip_id])
                {
                    ip_id++;
                }
            }
            os_realloc(logr->rip, (ip_id + 2) * sizeof(char*), logr->rip);
            logr->rip[ip_id] = NULL;
            logr->rip[ip_id +1] = NULL;

            os_strdup(node[i]->content, logr->rip[ip_id]);
            if(OS_IsValidIP(logr->rip[ip_id], NULL) != 1)
            {
                merror(INVALID_IP, ARGV0, logr->rip[ip_id]);
                return(OS_INVALID);
            }
            logr->rip_id++;
        }
        else if(strcmp(node[i]->element,xml_client_hostname) == 0)
        {
            int ip_id = 0;
            char *s_ip;
            char f_ip[128];


            /* Getting last ip. */
            if(logr->rip)
            {
                while(logr->rip[ip_id])
                {
                    ip_id++;
                }
            }

            os_realloc(logr->rip, (ip_id + 2) * sizeof(char*),
                       logr->rip);


            s_ip = OS_GetHost(node[i]->content, 5);
            if(!s_ip)
            {
                merror("%s: WARN: Unable to get hostname for '%s'.",
                       ARGV0, node[i]->content);
                merror(AG_INV_HOST, ARGV0, node[i]->content);

                os_strdup("invalid_ip", s_ip);
            }


            f_ip[127] = '\0';
            snprintf(f_ip, 127, "%s/%s", node[i]->content, s_ip);

            os_strdup(f_ip, logr->rip[ip_id]);
            logr->rip[ip_id +1] = NULL;

            free(s_ip);

            logr->rip_id++;
        }
        else if(strcmp(node[i]->element,xml_client_port) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            logr->port = atoi(node[i]->content);

            if(logr->port <= 0 || logr->port > 65535)
            {
                merror(PORT_ERROR, ARGV0, logr->port);
                return(OS_INVALID);
            }
        }
        else if(strcmp(node[i]->element,xml_notify_time) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            logr->notify_time = atoi(node[i]->content);
        }
        else if(strcmp(node[i]->element,xml_max_time_reconnect_try) == 0)
        {
            if(!OS_StrIsNum(node[i]->content))
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
            logr->max_time_reconnect_try = atoi(node[i]->content);
        }
        else if(strcmp(node[i]->element,xml_ar_disabled) == 0)
        {
            if(strcmp(node[i]->content, "yes") == 0)
                logr->execdq = -1;
            else if(strcmp(node[i]->content, "no") == 0)
                logr->execdq = 0;
            else
            {
                merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
                return(OS_INVALID);
            }
        }
        /* cmoraes */
        else if(strcmp(node[i]->element,xml_profile_name) == 0)
        {
            /* profile name can be anything hence no validation */
            os_strdup(node[i]->content, logr->profile);
        }
        else
        {
            merror(XML_INVELEM, ARGV0, node[i]->element);
            return(OS_INVALID);
        }
        i++;
    }

    if(!logr->rip)
    {
        return(OS_INVALID);
    }

    return(0);
}