Ejemplo n.º 1
0
int main(void)
{
	int i = 0;
	ilist e;
	int_node *node;

	ilist_create(&e);

	ilist_add_if_uniq(&e, 6, 0);
	ilist_add_if_uniq(&e, 5, 0);
	ilist_add_if_uniq(&e, 7, 0);
	ilist_add_if_uniq(&e, 1, 0);
	ilist_add_if_uniq(&e, 8, 0);
	ilist_add_if_uniq(&e, 2, 0);
	ilist_add_if_uniq(&e, 9, 0);
	ilist_add_if_uniq(&e, 0, 0);
	ilist_add_if_uniq(&e, 4, 0);
	ilist_add_if_uniq(&e, 3, 0);

	ilist_first(&e);
	do {
		node = ilist_get_cur(&e);
		if (i != node->num) {
			printf("Test failed - i:%d != num:%d\n", i, node->num);
			return 1;
		}
		i++;
	} while ((node = ilist_next(&e)));
	
	ilist_clear(&e);
	printf("ilist test passed\n");
	return 0;
}
Ejemplo n.º 2
0
int main(void)
{
	int i = 0;
	ilist e;
	int_node *node;

	ilist_create(&e);

	// This first test checks to see if list is 
	// created in a numeric order
	ilist_add_if_uniq(&e, 6, 0);
	ilist_add_if_uniq(&e, 5, 0);
	ilist_add_if_uniq(&e, 7, 0);
	ilist_add_if_uniq(&e, 1, 0);
	ilist_add_if_uniq(&e, 8, 0);
	ilist_add_if_uniq(&e, 2, 0);
	ilist_add_if_uniq(&e, 9, 0);
	ilist_add_if_uniq(&e, 0, 0);
	ilist_add_if_uniq(&e, 4, 0);
	ilist_add_if_uniq(&e, 3, 0);

	ilist_first(&e);
	do {
		node = ilist_get_cur(&e);
		if (i != node->num) {
			printf("Test failed - i:%d != num:%d\n", i, node->num);
			return 1;
		}
		i++;
	} while ((node = ilist_next(&e)));

	ilist_clear(&e);
	puts("starting sort test");

	// Now test to see if the sort function works
	// Fill the list exactly backwards
	ilist_add_if_uniq(&e, 3, 0);
	ilist_add_if_uniq(&e, 3, 0);
	ilist_add_if_uniq(&e, 4, 0);
	ilist_add_if_uniq(&e, 3, 0);
	ilist_add_if_uniq(&e, 4, 0);
	ilist_add_if_uniq(&e, 2, 0);
	ilist_add_if_uniq(&e, 4, 0);
	ilist_add_if_uniq(&e, 2, 0);
	ilist_add_if_uniq(&e, 4, 0); 
	ilist_add_if_uniq(&e, 1, 0);

	ilist_sort_by_hits(&e);

	i = 0;
	ilist_first(&e);
	do {
		node = ilist_get_cur(&e);
		if (node->hits != (4-i)) {
			printf("Sort test failed - i:%d != ihits:%d\n", i, node->hits);
			return 1;
		}
		i++;
	} while ((node = ilist_next(&e)));
	
	ilist_clear(&e);

	printf("ilist tests passed\n");
	return 0;
}
Ejemplo n.º 3
0
static int per_event_summary(llist *l)
{
	int rc = 0;

	switch (report_type)
	{
		case RPT_SUMMARY:
			do_summary_total(l);
			rc = 1;
			break;
		case RPT_AVC:
			if (list_find_msg(l, AUDIT_AVC)) {
				if (alist_find_avc(l->s.avc)) {
					do { 
						slist_add_if_uniq(&sd.avc_objs,
						      l->s.avc->cur->tcontext);
					} while (alist_next_avc(l->s.avc));
				}
			} else {
				if (list_find_msg(l, AUDIT_USER_AVC)) {
					if (alist_find_avc(l->s.avc)) { 
						do {
							slist_add_if_uniq(
								&sd.avc_objs,
						    l->s.avc->cur->tcontext);
						} while (alist_next_avc(
								l->s.avc));
					}
				}
			}
			break;
		case RPT_MAC:
			if (list_find_msg_range(l, AUDIT_MAC_POLICY_LOAD,
						AUDIT_MAC_MAP_DEL)) {
				ilist_add_if_uniq(&sd.mac_list, 
							l->head->type, 0);
			} else {
				if (list_find_msg_range(l, 
					AUDIT_FIRST_USER_LSPP_MSG,
						AUDIT_LAST_USER_LSPP_MSG)) {
					ilist_add_if_uniq(&sd.mac_list, 
							l->head->type, 0);
				}
			}
			break;
		case RPT_CONFIG:
			UNIMPLEMENTED;
			break;
		case RPT_AUTH:
			if (list_find_msg(l, AUDIT_USER_AUTH)) {
				if (l->s.loginuid == -2 && l->s.acct != NULL)
					slist_add_if_uniq(&sd.users, l->s.acct);
				else {
					char name[64];

					slist_add_if_uniq(&sd.users,
						aulookup_uid(l->s.loginuid,
							name,
							sizeof(name))
						);
				}
			} else if (list_find_msg(l, AUDIT_USER_ACCT)) {
				// Only count the failures
				if (l->s.success == S_FAILED) {
					if (l->s.loginuid == -2 && 
						l->s.acct != NULL)
					slist_add_if_uniq(&sd.users, l->s.acct);
					else {
						char name[64];
	
						slist_add_if_uniq(&sd.users,
							aulookup_uid(
								l->s.loginuid,
								name,
								sizeof(name))
							);
					}
				}
			}
			break;
		case RPT_LOGIN:
			if (list_find_msg(l, AUDIT_USER_LOGIN)) {
				if (l->s.loginuid == -2 && l->s.acct != NULL)
					slist_add_if_uniq(&sd.users, l->s.acct);
				else {
					char name[64];

					slist_add_if_uniq(&sd.users,
						aulookup_uid(l->s.loginuid,
							name,
							sizeof(name))
						);
				}
			}
			break;
		case RPT_ACCT_MOD:
			UNIMPLEMENTED;
			break;
		case RPT_EVENT: /* We will borrow the pid list */
			if (l->head->type != -1) {
				ilist_add_if_uniq(&sd.pids, l->head->type, 0);
			}
			break;
		case RPT_FILE:
			if (l->s.filename) {
				const snode *sn;
				slist *sptr = l->s.filename;

				slist_first(sptr);
				sn=slist_get_cur(sptr);
				while (sn) {
					if (sn->str)
						slist_add_if_uniq(&sd.files,
								sn->str);
					sn=slist_next(sptr);
				} 
			}
			break;
		case RPT_HOST:
			if (l->s.hostname)
				slist_add_if_uniq(&sd.hosts, l->s.hostname);
			break;
		case RPT_PID:
			if (l->s.pid != -1) {
				ilist_add_if_uniq(&sd.pids, l->s.pid, 0);
			}
			break;
		case RPT_SYSCALL:
			if (l->s.syscall > 0) {
				ilist_add_if_uniq(&sd.sys_list,
						l->s.syscall, l->s.arch);
			}
			break;
		case RPT_TERM:
			if (l->s.terminal)
				slist_add_if_uniq(&sd.terms, l->s.terminal);
			break;
		case RPT_USER:
			if (l->s.loginuid != -2) {
				char tmp[32];
				snprintf(tmp, sizeof(tmp), "%d", l->s.loginuid);
				slist_add_if_uniq(&sd.users, tmp);
			}
			break;
		case RPT_EXE:
			if (l->s.exe)
				slist_add_if_uniq(&sd.exes, l->s.exe);
			break;
		case RPT_ANOMALY:
			if (list_find_msg_range(l, AUDIT_FIRST_ANOM_MSG,
							AUDIT_LAST_ANOM_MSG)) {
				ilist_add_if_uniq(&sd.anom_list, 
							l->head->type, 0);
			} else {
				if (list_find_msg_range(l, 
					AUDIT_FIRST_KERN_ANOM_MSG,
						AUDIT_LAST_KERN_ANOM_MSG)) {
					ilist_add_if_uniq(&sd.anom_list, 
							l->head->type, 0);
				}
			}
			break;
		case RPT_RESPONSE:
			if (list_find_msg_range(l, AUDIT_FIRST_ANOM_RESP,
							AUDIT_LAST_ANOM_RESP)) {
				ilist_add_if_uniq(&sd.resp_list, 
							l->head->type, 0);
			}
			break;
		case RPT_CRYPTO:
			if (list_find_msg_range(l, AUDIT_FIRST_KERN_CRYPTO_MSG,
						AUDIT_LAST_KERN_CRYPTO_MSG)) {
				ilist_add_if_uniq(&sd.crypto_list, 
							l->head->type, 0);
			} else {
				if (list_find_msg_range(l, 
					AUDIT_FIRST_CRYPTO_MSG,
						AUDIT_LAST_CRYPTO_MSG)) {
					ilist_add_if_uniq(&sd.crypto_list, 
							l->head->type, 0);
				}
			}
			break;
		case RPT_KEY:
			if (l->s.key) {
				const snode *sn;
				slist *sptr = l->s.key;

				slist_first(sptr);
				sn=slist_get_cur(sptr);
				while (sn) {
					if (sn->str &&
						    strcmp(sn->str, "(null)"))
						slist_add_if_uniq(&sd.keys,
								sn->str);
					sn=slist_next(sptr);
				} 
			}
			break;
		case RPT_TTY:
			UNIMPLEMENTED;
			break;
		default:
			break;
	}
	return rc;
}
Ejemplo n.º 4
0
static void do_summary_total(llist *l)
{
	// add events
	sd.events++;

	// add config changes
	if (list_find_msg(l, AUDIT_CONFIG_CHANGE))
		sd.changes++;
	if (list_find_msg(l, AUDIT_DAEMON_CONFIG)) 
		sd.changes++;
	if (list_find_msg(l, AUDIT_USYS_CONFIG)) 
		sd.changes++;
	list_first(l);
	if (list_find_msg_range(l, AUDIT_MAC_POLICY_LOAD,
					AUDIT_MAC_UNLBL_STCDEL))
		sd.changes++;

	// add acct changes
	if (list_find_msg(l, AUDIT_USER_CHAUTHTOK))
		sd.acct_changes++;
	if (list_find_msg_range(l, AUDIT_ADD_USER, AUDIT_DEL_GROUP))
		sd.acct_changes++;
	if (list_find_msg(l, AUDIT_CHGRP_ID))
		sd.acct_changes++;
	list_first(l);
	if (list_find_msg_range(l, AUDIT_ROLE_ASSIGN, AUDIT_ROLE_REMOVE))
		sd.acct_changes++;

	// Crypto
	list_first(l);
	if (list_find_msg_range(l, AUDIT_FIRST_KERN_CRYPTO_MSG,
					AUDIT_LAST_KERN_CRYPTO_MSG))
		sd.crypto++;
	if (list_find_msg_range(l, AUDIT_FIRST_CRYPTO_MSG, 
					AUDIT_LAST_CRYPTO_MSG))
		sd.crypto++;

	// add logins
	if (list_find_msg(l, AUDIT_USER_LOGIN)) {
		if (l->s.success == S_SUCCESS)
			sd.good_logins++;
		else if (l->s.success == S_FAILED)
			sd.bad_logins++;
	}

	// add use of auth
	if (list_find_msg(l, AUDIT_USER_AUTH)) {
		if (l->s.success == S_SUCCESS)
			sd.good_auth++;
		else if (l->s.success == S_FAILED)
			sd.bad_auth++;
	} else if (list_find_msg(l, AUDIT_USER_ACCT)) {
		// Only count the failures
		if (l->s.success == S_FAILED)
			sd.bad_auth++;
	} else if (list_find_msg(l, AUDIT_GRP_AUTH)) {
		if (l->s.success == S_SUCCESS)
			sd.good_auth++;
		else if (l->s.success == S_FAILED)
			sd.bad_auth++;
	}

	// add users
	if (l->s.loginuid != -2) {
		char tmp[32];
		snprintf(tmp, sizeof(tmp), "%d", l->s.loginuid);
		slist_add_if_uniq(&sd.users, tmp);
	}

	// add terminals
	if (l->s.terminal)
		slist_add_if_uniq(&sd.terms, l->s.terminal);

	// add hosts
	if (l->s.hostname)
		slist_add_if_uniq(&sd.hosts, l->s.hostname);

	// add execs
	if (l->s.exe)
		slist_add_if_uniq(&sd.exes, l->s.exe);

	// add files
	if (l->s.filename) {
		const snode *sn;
		slist *sptr = l->s.filename;

		slist_first(sptr);
		sn=slist_get_cur(sptr);
		while (sn) {
			if (sn->str)
				slist_add_if_uniq(&sd.files, sn->str);
			sn=slist_next(sptr);
		} 
	}

	// add avcs
	if (list_find_msg(l, AUDIT_AVC)) 
		sd.avcs++;
	else if (list_find_msg(l, AUDIT_USER_AVC))
			sd.avcs++;

	// MAC
	list_first(l);
	if (list_find_msg_range(l, AUDIT_MAC_POLICY_LOAD,
					AUDIT_MAC_UNLBL_STCDEL))
		sd.mac++;
	if (list_find_msg_range(l, AUDIT_FIRST_USER_LSPP_MSG, 
					AUDIT_LAST_USER_LSPP_MSG))
		sd.mac++;

	// add failed syscalls
	if (l->s.success == S_FAILED && l->s.syscall > 0)
		sd.failed_syscalls++;

	// add pids
	if (l->s.pid != -1) {
		ilist_add_if_uniq(&sd.pids, l->s.pid, 0);
	}

	// add anomalies
	if (list_find_msg_range(l, AUDIT_FIRST_ANOM_MSG, AUDIT_LAST_ANOM_MSG))
		sd.anomalies++;
	if (list_find_msg_range(l, AUDIT_FIRST_KERN_ANOM_MSG,
				 AUDIT_LAST_KERN_ANOM_MSG))
		sd.anomalies++;

	// add response to anomalies
	if (list_find_msg_range(l, AUDIT_FIRST_ANOM_RESP, AUDIT_LAST_ANOM_RESP))
		sd.responses++;

	// add keys
	if (l->s.key) {
		const snode *sn;
		slist *sptr = l->s.key;

		slist_first(sptr);
		sn=slist_get_cur(sptr);
		while (sn) {
			if (sn->str && strcmp(sn->str, "(null)")) {
				slist_add_if_uniq(&sd.keys, sn->str);
			}
			sn=slist_next(sptr);
		} 
	}
}
Ejemplo n.º 5
0
static int watched_accounts_parser(struct nv_pair *nv, int line,
	prelude_conf_t *config)
{
	char *str = (char *)nv->value;
	do {
		char *ptr = strchr(str, '-');
		if (ptr) {
			char *user1, *user2;
			int start, end, i;

			user1 = str;
			*ptr = 0;
			user2 = ptr+1;
			if (string_is_numeric(user1)) {
				start = strtoul(user1, NULL, 10);
			} else {
				struct passwd *pw;
				pw = getpwnam(user1);
				if (pw == NULL) {
					syslog(LOG_ERR,
				"user %s is invalid - line %d, skipping",
						user1, line);
					continue;
				}
				start = pw->pw_uid;
			}
			i = strlen(user2);
			if (i>0 && user2[i-1] == ',')
				user2[i-1] = 0;
			if (string_is_numeric(user2)) {
				end = strtoul(user2, NULL, 10);
			} else {
				struct passwd *pw;
				pw = getpwnam(user2);
				if (pw == NULL) {
					syslog(LOG_ERR,
				"user %s is invalid - line %d, skipping",
						user2, line);
					continue;
				}
				end = pw->pw_uid;
			}
			if (start >= end) {
				syslog(LOG_ERR,
			"%s is larger or equal to %s, please fix, skipping",
					user1, user2);
				continue;
			}
			for (i=start; i<=end; i++) {
				ilist_add_if_uniq(
						&config->watched_accounts, i);
			}
		} else {
			int acct;
			if (string_is_numeric(str))
				acct = strtoul(str, NULL, 10);
			else {
				struct passwd *pw;
				pw = getpwnam(str);
				if (pw == NULL) {
					syslog(LOG_ERR,
				"user %s is invalid - line %d, skipping",
						str, line);
					continue;
				}
				acct = pw->pw_uid;
			}
			ilist_add_if_uniq(&config->watched_accounts, acct);
		}
		str = strtok(NULL, ", ");
	} while(str);

        return 0;
}