/* run_rk_check: v0.1
* Execute the rootkit checks
*/
void run_rk_check()
{
time_t time1;
time_t time2;
FILE *fp;
OSList *plist;
#ifndef WIN32
/* Hard coding basedir */
size_t i;
char basedir[] = "/";
/* Removing the last / from basedir */
i = strlen(basedir);
if(i > 0)
{
if(basedir[i-1] == '/')
{
basedir[i-1] = '\0';
}
}
#else
/* Basedir for Windows */
char basedir[] = "C:\\";
#endif
/* Setting basedir */
if(rootcheck.basedir == NULL)
{
rootcheck.basedir = basedir;
}
time1 = time(0);
/*** Initial message ***/
if(rootcheck.notify != QUEUE)
{
printf("\n");
printf("** Starting Rootcheck v0.9 by Daniel B. Cid **\n");
printf("** http://www.ossec.net/en/about.html#dev-team **\n");
printf("** http://www.ossec.net/rootcheck/ **\n\n");
printf("Be patient, it may take a few minutes to complete...\n");
printf("\n");
}
/* Cleaning the global variables */
rk_sys_count = 0;
rk_sys_file[rk_sys_count] = NULL;
rk_sys_name[rk_sys_count] = NULL;
/* Sending scan start message */
notify_rk(ALERT_POLICY_VIOLATION, "Starting rootcheck scan.");
if(rootcheck.notify == QUEUE)
{
merror("%s: INFO: Starting rootcheck scan.", ARGV0);
}
/*** First check, look for rootkits ***/
/* Open rootkit_files and pass the pointer to check_rc_files */
if (rootcheck.checks.rc_files)
{
if(!rootcheck.rootkit_files)
{
#ifndef WIN32
merror("%s: No rootcheck_files file configured.", ARGV0);
#endif
}
else
{
fp = fopen(rootcheck.rootkit_files, "r");
if(!fp)
{
merror("%s: No rootcheck_files file: '%s'",ARGV0,
rootcheck.rootkit_files);
}
else
{
check_rc_files(rootcheck.basedir, fp);
fclose(fp);
}
}
}
/*** Second check. look for trojan entries in common binaries ***/
if (rootcheck.checks.rc_trojans)
{
if(!rootcheck.rootkit_trojans)
{
#ifndef WIN32
merror("%s: No rootcheck_trojans file configured.", ARGV0);
#endif
}
else
{
fp = fopen(rootcheck.rootkit_trojans, "r");
if(!fp)
{
merror("%s: No rootcheck_trojans file: '%s'",ARGV0,
rootcheck.rootkit_trojans);
}
else
{
#ifndef HPUX
check_rc_trojans(rootcheck.basedir, fp);
#endif
fclose(fp);
}
}
}
#ifdef WIN32
/*** Getting process list ***/
plist = os_get_process_list();
/*** Windows audit check ***/
if (rootcheck.checks.rc_winaudit)
{
if(!rootcheck.winaudit)
{
merror("%s: No winaudit file configured.", ARGV0);
}
else
{
fp = fopen(rootcheck.winaudit, "r");
if(!fp)
{
merror("%s: No winaudit file: '%s'",ARGV0,
rootcheck.winaudit);
}
else
{
check_rc_winaudit(fp, plist);
fclose(fp);
}
}
}
/* Windows malware */
if (rootcheck.checks.rc_winmalware)
{
if(!rootcheck.winmalware)
{
merror("%s: No winmalware file configured.", ARGV0);
}
else
{
fp = fopen(rootcheck.winmalware, "r");
if(!fp)
{
merror("%s: No winmalware file: '%s'",ARGV0,
rootcheck.winmalware);
}
else
{
check_rc_winmalware(fp, plist);
fclose(fp);
}
}
}
/* Windows Apps */
if (rootcheck.checks.rc_winapps)
{
if(!rootcheck.winapps)
{
merror("%s: No winapps file configured.", ARGV0);
}
else
{
fp = fopen(rootcheck.winapps, "r");
if(!fp)
{
merror("%s: No winapps file: '%s'",ARGV0,
rootcheck.winapps);
}
else
{
check_rc_winapps(fp, plist);
fclose(fp);
}
}
}
/* Freeing process list */
del_plist((void *)plist);
/** Checks for other non Windows. **/
#else
/*** Unix audit check ***/
if (rootcheck.checks.rc_unixaudit)
{
if(rootcheck.unixaudit)
{
/* Getting process list. */
plist = os_get_process_list();
i = 0;
while(rootcheck.unixaudit[i])
{
fp = fopen(rootcheck.unixaudit[i], "r");
if(!fp)
{
merror("%s: No unixaudit file: '%s'",ARGV0,
rootcheck.unixaudit[i]);
}
else
{
/* Running unix audit. */
check_rc_unixaudit(fp, plist);
fclose(fp);
}
i++;
}
/* Freeing list */
del_plist(plist);
}
}
#endif
/*** Third check, looking for files on the /dev ***/
if (rootcheck.checks.rc_dev)
{
debug1("%s: DEBUG: Going into check_rc_dev", ARGV0);
check_rc_dev(rootcheck.basedir);
}
/*** Fourth check, scan the whole system looking for additional issues */
if (rootcheck.checks.rc_sys)
{
debug1("%s: DEBUG: Going into check_rc_sys", ARGV0);
check_rc_sys(rootcheck.basedir);
}
/*** Process checking ***/
if (rootcheck.checks.rc_pids)
{
debug1("%s: DEBUG: Going into check_rc_pids", ARGV0);
check_rc_pids();
}
/*** Check all the ports ***/
if (rootcheck.checks.rc_ports)
{
debug1("%s: DEBUG: Going into check_rc_ports", ARGV0);
check_rc_ports();
/*** Check open ports ***/
debug1("%s: DEBUG: Going into check_open_ports", ARGV0);
check_open_ports();
}
/*** Check interfaces ***/
if (rootcheck.checks.rc_if)
{
debug1("%s: DEBUG: Going into check_rc_if", ARGV0);
check_rc_if();
}
debug1("%s: DEBUG: Completed with all checks.", ARGV0);
/* Cleaning the global memory */
{
int li;
for(li = 0; li <= rk_sys_count; li++)
{
if(!rk_sys_file[li] ||
!rk_sys_name[li])
break;
free(rk_sys_file[li]);
free(rk_sys_name[li]);
}
}
/*** Final message ***/
time2 = time(0);
if(rootcheck.notify != QUEUE)
{
printf("\n");
printf("- Scan completed in %d seconds.\n\n", (int)(time2 - time1));
}
else
{
sleep(5);
}
/* Sending scan ending message */
notify_rk(ALERT_POLICY_VIOLATION, "Ending rootcheck scan.");
if(rootcheck.notify == QUEUE)
{
merror("%s: INFO: Ending rootcheck scan.", ARGV0);
}
debug1("%s: DEBUG: Leaving run_rk_check",ARGV0);
return;
}
int
//main(int argc, char *argv[], char *envp[]) GLS
main(int argc, char *argv[], char *envp[])
{
int i, res;
int k[20];
char *mode = "s";
int flag = 0;
app_name = argv[0];
setlocale(LC_ALL, "");
shell = (Shell *) malloc(sizeof(Shell));
ENGY_ASSERT(shell);
memset(shell, 0, sizeof(Shell));
shell->title = TITLE;
check_rc_files();
{
char buf[4096];
char *home;
home = getenv("HOME");
if(!home || (strlen(home)==0)){
fprintf(stderr,"check out $HOME\n");
exit(-1);
}
if(strlen(home)>1000) {
fprintf(stderr,"check out $HOME\n");
exit(-1);
}
sprintf(buf, "%s/engycad", home);
shell->home = DUP(buf);
}
{
struct timeval tv;
gettimeofday(&tv, NULL);
srand(tv.tv_usec);
}
for (i = 0; i < 20; i++)
k[i] = 1;
k[0] = 0;
for (i = 1; i < argc; i++)
{
if (!strcmp(argv[i], "--fps"))
{
fpsflag = 1;
}
// GLS
/* if ((!strcmp(argv[i], "-m")) || (!strcmp(argv[i], "--mode")))
{
k[i] = 0;
k[i + 1] = 0;
if (!strcmp(argv[i + 1], "software"))
{
render_method = RENDER_METHOD_ALPHA_SOFTWARE;
mode = "s";
}
if (!strcmp(argv[i + 1], "x11"))
{
render_method = RENDER_METHOD_BASIC_HARDWARE;
mode = "x11";
}
if (!strcmp(argv[i + 1], "3d"))
{
render_method = RENDER_METHOD_3D_HARDWARE;
mode = "3d";
}
}
*/
if (!strcmp(argv[i], "--rcfile") || !strcmp(argv[i], "-f"))
{
IF_FREE(shell->rcfile);
shell->rcfile = DUP(argv[i + 1]);
k[i] = 0;
k[i + 1] = 0;
}
if (!strcmp(argv[i], "-s") || !strcmp(argv[i], "--serv"))
{
my_run("caddserv &");
exit(0);
}
if (!strcmp(argv[i], "-h"))
{
print_help(argv[0]);
exit(0);
}
if (!strcmp(argv[i], "--help"))
{
print_help(argv[0]);
exit(0);
}
}
for (i = argc; i < 20; i++)
k[i] = 0;
/* starting multiple instances */
for (i = 0; i < 20; i++)
if (k[i])
flag++;
if (flag > 1)
{
char buf[4096];
flag = 0;
for (i = 1; i < 20; i++)
{
if (k[i])
{
snprintf(buf, 4000,"%s -f %s -m %s %s &",
argv[0], shell->rcfile, mode, argv[i]);
my_run(buf);
}
}
exit(0);
}
/* single mode runing */
for (i = 0; i < 20; i++)
if (k[i])
shell->drawingfile = argv[i];
{
char buf[4096];
char *s;
E_DB_STR_GET(shell->rcfile, "/home", s, res);
if(res){
IF_FREE(shell->home);
shell->home = s;
} else {
IF_FREE(shell->home);
shell->home = DUP(PACKAGE_DATA_DIR);
}
E_DB_STR_GET(shell->rcfile, "/menufile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000,"%s/%s", shell->home, s);
shell->menu_file = DUP(buf);
FREE(s);
}
else
{
shell->menu_file = s;
}
E_DB_STR_GET(shell->rcfile, "/iconsfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->icons_file = DUP(buf);
FREE(s);
}
else
{
shell->icons_file = s;
}
E_DB_STR_GET(shell->rcfile, "/dimstylesfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->dim_styles_file = DUP(buf);
FREE(s);
}
else
{
shell->dim_styles_file = s;
}
E_DB_STR_GET(shell->rcfile, "/textstylesfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->text_styles_file = DUP(buf);
FREE(s);
}
else
{
shell->text_styles_file = s;
}
E_DB_STR_GET(shell->rcfile, "/linestylesfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->line_styles_file = DUP(buf);
FREE(s);
}
else
{
shell->line_styles_file = s;
}
E_DB_STR_GET(shell->rcfile, "/pointstylesfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->point_styles_file = DUP(buf);
FREE(s);
}
else
{
shell->point_styles_file = s;
}
E_DB_STR_GET(shell->rcfile, "/hatchstylesfile", s, res);
ENGY_ASSERT(res);
if (s[0] != '/')
{
snprintf(buf, 4000, "%s/%s", shell->home, s);
shell->hatch_styles_file = DUP(buf);
FREE(s);
}
else
{
shell->hatch_styles_file = s;
}
}
// GLS
/*
{
char buf[4096];
char *td;
E_DB_STR_GET(shell->rcfile, "/textdomain", td, res);
if(!res){
td = DUP(PACKAGE_LOCALE_DIR);
}
if(td[0]!='/'){
snprintf(buf, 4000, "%s/%s", shell->home, td);
bindtextdomain("engycad", buf);
FREE(td);
} else {
bindtextdomain("engycad", td);
FREE(td);
}
}
*/
if (!ecore_init()) return -1;
ecore_app_args_set(argc, (const char **)argv);
ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT,
handler_signal_exit, NULL);
shell_init();
ecore_main_loop_begin();
shell_shutdown();
ecore_evas_shutdown();
return 0;
}
