/* run_rk_check: v0.1 * Execute the rootkit checks */ void run_rk_check() { time_t time1; time_t time2; FILE *fp; OSList *plist; #ifndef WIN32 /* Hard coding basedir */ size_t i; char basedir[] = "/"; /* Removing the last / from basedir */ i = strlen(basedir); if(i > 0) { if(basedir[i-1] == '/') { basedir[i-1] = '\0'; } } #else /* Basedir for Windows */ char basedir[] = "C:\\"; #endif /* Setting basedir */ if(rootcheck.basedir == NULL) { rootcheck.basedir = basedir; } time1 = time(0); /*** Initial message ***/ if(rootcheck.notify != QUEUE) { printf("\n"); printf("** Starting Rootcheck v0.9 by Daniel B. Cid **\n"); printf("** http://www.ossec.net/en/about.html#dev-team **\n"); printf("** http://www.ossec.net/rootcheck/ **\n\n"); printf("Be patient, it may take a few minutes to complete...\n"); printf("\n"); } /* Cleaning the global variables */ rk_sys_count = 0; rk_sys_file[rk_sys_count] = NULL; rk_sys_name[rk_sys_count] = NULL; /* Sending scan start message */ notify_rk(ALERT_POLICY_VIOLATION, "Starting rootcheck scan."); if(rootcheck.notify == QUEUE) { merror("%s: INFO: Starting rootcheck scan.", ARGV0); } /*** First check, look for rootkits ***/ /* Open rootkit_files and pass the pointer to check_rc_files */ if (rootcheck.checks.rc_files) { if(!rootcheck.rootkit_files) { #ifndef WIN32 merror("%s: No rootcheck_files file configured.", ARGV0); #endif } else { fp = fopen(rootcheck.rootkit_files, "r"); if(!fp) { merror("%s: No rootcheck_files file: '%s'",ARGV0, rootcheck.rootkit_files); } else { check_rc_files(rootcheck.basedir, fp); fclose(fp); } } } /*** Second check. look for trojan entries in common binaries ***/ if (rootcheck.checks.rc_trojans) { if(!rootcheck.rootkit_trojans) { #ifndef WIN32 merror("%s: No rootcheck_trojans file configured.", ARGV0); #endif } else { fp = fopen(rootcheck.rootkit_trojans, "r"); if(!fp) { merror("%s: No rootcheck_trojans file: '%s'",ARGV0, rootcheck.rootkit_trojans); } else { #ifndef HPUX check_rc_trojans(rootcheck.basedir, fp); #endif fclose(fp); } } } #ifdef WIN32 /*** Getting process list ***/ plist = os_get_process_list(); /*** Windows audit check ***/ if (rootcheck.checks.rc_winaudit) { if(!rootcheck.winaudit) { merror("%s: No winaudit file configured.", ARGV0); } else { fp = fopen(rootcheck.winaudit, "r"); if(!fp) { merror("%s: No winaudit file: '%s'",ARGV0, rootcheck.winaudit); } else { check_rc_winaudit(fp, plist); fclose(fp); } } } /* Windows malware */ if (rootcheck.checks.rc_winmalware) { if(!rootcheck.winmalware) { merror("%s: No winmalware file configured.", ARGV0); } else { fp = fopen(rootcheck.winmalware, "r"); if(!fp) { merror("%s: No winmalware file: '%s'",ARGV0, rootcheck.winmalware); } else { check_rc_winmalware(fp, plist); fclose(fp); } } } /* Windows Apps */ if (rootcheck.checks.rc_winapps) { if(!rootcheck.winapps) { merror("%s: No winapps file configured.", ARGV0); } else { fp = fopen(rootcheck.winapps, "r"); if(!fp) { merror("%s: No winapps file: '%s'",ARGV0, rootcheck.winapps); } else { check_rc_winapps(fp, plist); fclose(fp); } } } /* Freeing process list */ del_plist((void *)plist); /** Checks for other non Windows. **/ #else /*** Unix audit check ***/ if (rootcheck.checks.rc_unixaudit) { if(rootcheck.unixaudit) { /* Getting process list. */ plist = os_get_process_list(); i = 0; while(rootcheck.unixaudit[i]) { fp = fopen(rootcheck.unixaudit[i], "r"); if(!fp) { merror("%s: No unixaudit file: '%s'",ARGV0, rootcheck.unixaudit[i]); } else { /* Running unix audit. */ check_rc_unixaudit(fp, plist); fclose(fp); } i++; } /* Freeing list */ del_plist(plist); } } #endif /*** Third check, looking for files on the /dev ***/ if (rootcheck.checks.rc_dev) { debug1("%s: DEBUG: Going into check_rc_dev", ARGV0); check_rc_dev(rootcheck.basedir); } /*** Fourth check, scan the whole system looking for additional issues */ if (rootcheck.checks.rc_sys) { debug1("%s: DEBUG: Going into check_rc_sys", ARGV0); check_rc_sys(rootcheck.basedir); } /*** Process checking ***/ if (rootcheck.checks.rc_pids) { debug1("%s: DEBUG: Going into check_rc_pids", ARGV0); check_rc_pids(); } /*** Check all the ports ***/ if (rootcheck.checks.rc_ports) { debug1("%s: DEBUG: Going into check_rc_ports", ARGV0); check_rc_ports(); /*** Check open ports ***/ debug1("%s: DEBUG: Going into check_open_ports", ARGV0); check_open_ports(); } /*** Check interfaces ***/ if (rootcheck.checks.rc_if) { debug1("%s: DEBUG: Going into check_rc_if", ARGV0); check_rc_if(); } debug1("%s: DEBUG: Completed with all checks.", ARGV0); /* Cleaning the global memory */ { int li; for(li = 0; li <= rk_sys_count; li++) { if(!rk_sys_file[li] || !rk_sys_name[li]) break; free(rk_sys_file[li]); free(rk_sys_name[li]); } } /*** Final message ***/ time2 = time(0); if(rootcheck.notify != QUEUE) { printf("\n"); printf("- Scan completed in %d seconds.\n\n", (int)(time2 - time1)); } else { sleep(5); } /* Sending scan ending message */ notify_rk(ALERT_POLICY_VIOLATION, "Ending rootcheck scan."); if(rootcheck.notify == QUEUE) { merror("%s: INFO: Ending rootcheck scan.", ARGV0); } debug1("%s: DEBUG: Leaving run_rk_check",ARGV0); return; }
int //main(int argc, char *argv[], char *envp[]) GLS main(int argc, char *argv[], char *envp[]) { int i, res; int k[20]; char *mode = "s"; int flag = 0; app_name = argv[0]; setlocale(LC_ALL, ""); shell = (Shell *) malloc(sizeof(Shell)); ENGY_ASSERT(shell); memset(shell, 0, sizeof(Shell)); shell->title = TITLE; check_rc_files(); { char buf[4096]; char *home; home = getenv("HOME"); if(!home || (strlen(home)==0)){ fprintf(stderr,"check out $HOME\n"); exit(-1); } if(strlen(home)>1000) { fprintf(stderr,"check out $HOME\n"); exit(-1); } sprintf(buf, "%s/engycad", home); shell->home = DUP(buf); } { struct timeval tv; gettimeofday(&tv, NULL); srand(tv.tv_usec); } for (i = 0; i < 20; i++) k[i] = 1; k[0] = 0; for (i = 1; i < argc; i++) { if (!strcmp(argv[i], "--fps")) { fpsflag = 1; } // GLS /* if ((!strcmp(argv[i], "-m")) || (!strcmp(argv[i], "--mode"))) { k[i] = 0; k[i + 1] = 0; if (!strcmp(argv[i + 1], "software")) { render_method = RENDER_METHOD_ALPHA_SOFTWARE; mode = "s"; } if (!strcmp(argv[i + 1], "x11")) { render_method = RENDER_METHOD_BASIC_HARDWARE; mode = "x11"; } if (!strcmp(argv[i + 1], "3d")) { render_method = RENDER_METHOD_3D_HARDWARE; mode = "3d"; } } */ if (!strcmp(argv[i], "--rcfile") || !strcmp(argv[i], "-f")) { IF_FREE(shell->rcfile); shell->rcfile = DUP(argv[i + 1]); k[i] = 0; k[i + 1] = 0; } if (!strcmp(argv[i], "-s") || !strcmp(argv[i], "--serv")) { my_run("caddserv &"); exit(0); } if (!strcmp(argv[i], "-h")) { print_help(argv[0]); exit(0); } if (!strcmp(argv[i], "--help")) { print_help(argv[0]); exit(0); } } for (i = argc; i < 20; i++) k[i] = 0; /* starting multiple instances */ for (i = 0; i < 20; i++) if (k[i]) flag++; if (flag > 1) { char buf[4096]; flag = 0; for (i = 1; i < 20; i++) { if (k[i]) { snprintf(buf, 4000,"%s -f %s -m %s %s &", argv[0], shell->rcfile, mode, argv[i]); my_run(buf); } } exit(0); } /* single mode runing */ for (i = 0; i < 20; i++) if (k[i]) shell->drawingfile = argv[i]; { char buf[4096]; char *s; E_DB_STR_GET(shell->rcfile, "/home", s, res); if(res){ IF_FREE(shell->home); shell->home = s; } else { IF_FREE(shell->home); shell->home = DUP(PACKAGE_DATA_DIR); } E_DB_STR_GET(shell->rcfile, "/menufile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000,"%s/%s", shell->home, s); shell->menu_file = DUP(buf); FREE(s); } else { shell->menu_file = s; } E_DB_STR_GET(shell->rcfile, "/iconsfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->icons_file = DUP(buf); FREE(s); } else { shell->icons_file = s; } E_DB_STR_GET(shell->rcfile, "/dimstylesfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->dim_styles_file = DUP(buf); FREE(s); } else { shell->dim_styles_file = s; } E_DB_STR_GET(shell->rcfile, "/textstylesfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->text_styles_file = DUP(buf); FREE(s); } else { shell->text_styles_file = s; } E_DB_STR_GET(shell->rcfile, "/linestylesfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->line_styles_file = DUP(buf); FREE(s); } else { shell->line_styles_file = s; } E_DB_STR_GET(shell->rcfile, "/pointstylesfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->point_styles_file = DUP(buf); FREE(s); } else { shell->point_styles_file = s; } E_DB_STR_GET(shell->rcfile, "/hatchstylesfile", s, res); ENGY_ASSERT(res); if (s[0] != '/') { snprintf(buf, 4000, "%s/%s", shell->home, s); shell->hatch_styles_file = DUP(buf); FREE(s); } else { shell->hatch_styles_file = s; } } // GLS /* { char buf[4096]; char *td; E_DB_STR_GET(shell->rcfile, "/textdomain", td, res); if(!res){ td = DUP(PACKAGE_LOCALE_DIR); } if(td[0]!='/'){ snprintf(buf, 4000, "%s/%s", shell->home, td); bindtextdomain("engycad", buf); FREE(td); } else { bindtextdomain("engycad", td); FREE(td); } } */ if (!ecore_init()) return -1; ecore_app_args_set(argc, (const char **)argv); ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT, handler_signal_exit, NULL); shell_init(); ecore_main_loop_begin(); shell_shutdown(); ecore_evas_shutdown(); return 0; }