/* int Start_win32_Syscheck()
* syscheck main for windows
*/
int Start_win32_Syscheck()
{
int r = 0;
char *cfg = DEFAULTCPATH;
/* Zeroing the structure */
syscheck.workdir = DEFAULTDIR;
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
/* Read syscheck config */
if((r = Read_Syscheck_Config(cfg)) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Disabled */
else if((r == 1) || (syscheck.disabled == 1))
{
if(!syscheck.dir)
{
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if(!syscheck.registry)
{
dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
}
syscheck.registry[0] = NULL;
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
/* Reading internal options */
read_internal();
/* Rootcheck config */
if(rootcheck_init(0) == 0)
{
syscheck.rootcheck = 1;
}
else
{
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Printing options */
r = 0;
while(syscheck.registry[r] != NULL)
{
verbose("%s: INFO: Monitoring registry entry: '%s'.",
ARGV0, syscheck.registry[r]);
r++;
}
r = 0;
while(syscheck.dir[r] != NULL)
{
verbose("%s: INFO: Monitoring directory: '%s'.",
ARGV0, syscheck.dir[r]);
r++;
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Waiting if agent started properly. */
os_wait();
start_daemon();
exit(0);
}
/* syscheck main for Windows */
int Start_win32_Syscheck()
{
int debug_level = 0;
int r = 0;
char *cfg = DEFAULTCPATH;
/* Read internal options */
read_internal(debug_level);
debug1(STARTED_MSG, ARGV0);
/* Check if the configuration is present */
if (File_DateofChange(cfg) < 0) {
ErrorExit(NO_CONFIG, ARGV0, cfg);
}
/* Read syscheck config */
if ((r = Read_Syscheck_Config(cfg)) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
} else if ((r == 1) || (syscheck.disabled == 1)) {
/* Disabled */
if (!syscheck.dir) {
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
} else if (!syscheck.dir[0]) {
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if (!syscheck.registry) {
dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
}
syscheck.registry[0].entry = NULL;
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
/* Rootcheck config */
if (rootcheck_init(0) == 0) {
syscheck.rootcheck = 1;
} else {
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Print options */
r = 0;
while (syscheck.registry[r].entry != NULL) {
verbose("%s: INFO: Monitoring registry entry: '%s%s'.",
ARGV0, syscheck.registry[r].entry, syscheck.registry[r].arch == ARCH_64BIT ? " [x64]" : "");
r++;
}
/* Print directories to be monitored */
r = 0;
while (syscheck.dir[r] != NULL) {
char optstr[ 100 ];
verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
ARGV0, syscheck.dir[r],
syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
r++;
}
/* Print ignores. */
if(syscheck.ignore)
for (r = 0; syscheck.ignore[r] != NULL; r++)
verbose("%s: INFO: ignoring: '%s'",
ARGV0, syscheck.ignore[r]);
/* Print files with no diff. */
if (syscheck.nodiff){
r = 0;
while (syscheck.nodiff[r] != NULL) {
verbose("%s: INFO: No diff for file: '%s'",
ARGV0, syscheck.nodiff[r]);
r++;
}
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Wait if agent started properly */
os_wait();
start_daemon();
exit(0);
}
int main(int argc, char **argv)
{
int c,r;
int test_config = 0,run_foreground = 0;
char *cfg = DEFAULTCPATH;
/* Zeroing the structure */
syscheck.workdir = NULL;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
{
switch(c)
{
case 'V':
print_version();
break;
case 'h':
help(ARGV0);
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
syscheck.workdir = optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help(ARGV0);
break;
}
}
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
/* Read syscheck config */
if((r = Read_Syscheck_Config(cfg)) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
else if((r == 1) || (syscheck.disabled == 1))
{
if(!syscheck.dir)
{
if(!test_config)
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
if(!test_config)
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if(!test_config)
{
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
}
/* Reading internal options */
read_internal();
/* Rootcheck config */
if(rootcheck_init(test_config) == 0)
{
syscheck.rootcheck = 1;
}
else
{
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Exit if testing config */
if(test_config)
exit(0);
/* Setting default values */
if(syscheck.workdir == NULL)
syscheck.workdir = DEFAULTDIR;
if(!run_foreground)
{
nowDaemon();
goDaemon();
}
/* Initial time to settle */
sleep(syscheck.tsleep + 2);
/* Connect to the queue */
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
{
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
{
/* more 10 seconds of wait.. */
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(10);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
}
}
/* Start the signal handling */
StartSIG(ARGV0);
/* Creating pid */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
if(syscheck.rootcheck)
{
verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
}
/* Printing directories to be monitored. */
r = 0;
while(syscheck.dir[r] != NULL)
{
verbose("%s: INFO: Monitoring directory: '%s'.",
ARGV0, syscheck.dir[r]);
r++;
}
/* Checking directories set for real time. */
r = 0;
while(syscheck.dir[r] != NULL)
{
if(syscheck.opts[r] & CHECK_REALTIME)
{
#ifdef USEINOTIFY
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#elif WIN32
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#else
verbose("%s: WARN: Ignoring flag for real time monitoring on "
"directory: '%s'.", ARGV0, syscheck.dir[r]);
#endif
}
r++;
}
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Start the daemon */
start_daemon();
return(0);
}
/* Syscheck unix main */
int main(int argc, char **argv)
{
int c, r;
int debug_level = 0;
int test_config = 0, run_foreground = 0;
const char *cfg = DEFAULTCPATH;
/* Set the name */
OS_SetName(ARGV0);
while ((c = getopt(argc, argv, "Vtdhfc:")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 'h':
help_syscheckd();
break;
case 'd':
nowDebug();
debug_level ++;
break;
case 'f':
run_foreground = 1;
break;
case 'c':
if (!optarg) {
ErrorExit("%s: -c needs an argument", ARGV0);
}
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_syscheckd();
break;
}
}
/* Read internal options */
read_internal(debug_level);
debug1(STARTED_MSG, ARGV0);
/* Check if the configuration is present */
if (File_DateofChange(cfg) < 0) {
ErrorExit(NO_CONFIG, ARGV0, cfg);
}
/* Read syscheck config */
if ((r = Read_Syscheck_Config(cfg)) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
} else if ((r == 1) || (syscheck.disabled == 1)) {
if (!syscheck.dir) {
if (!test_config) {
merror(SK_NO_DIR, ARGV0);
}
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
} else if (!syscheck.dir[0]) {
if (!test_config) {
merror(SK_NO_DIR, ARGV0);
}
}
syscheck.dir[0] = NULL;
if (!test_config) {
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
}
/* Rootcheck config */
if (rootcheck_init(test_config) == 0) {
syscheck.rootcheck = 1;
} else {
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Exit if testing config */
if (test_config) {
exit(0);
}
/* Setup libmagic */
#ifdef USE_MAGIC
init_magic(&magic_cookie);
#endif
if (!run_foreground) {
nowDaemon();
goDaemon();
}
/* Initial time to settle */
sleep(syscheck.tsleep + 2);
/* Connect to the queue */
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
/* more 10 seconds of wait */
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(10);
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
}
}
}
/* Start signal handling */
StartSIG(ARGV0);
/* Create pid */
if (CreatePID(ARGV0, getpid()) < 0) {
ErrorExit(PID_ERROR, ARGV0);
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
if (syscheck.rootcheck) {
verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
}
/* Print directories to be monitored */
r = 0;
while (syscheck.dir[r] != NULL) {
char optstr[ 100 ];
verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
ARGV0, syscheck.dir[r],
syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
r++;
}
/* Print ignores. */
if(syscheck.ignore)
for (r = 0; syscheck.ignore[r] != NULL; r++)
verbose("%s: INFO: ignoring: '%s'",
ARGV0, syscheck.ignore[r]);
/* Print files with no diff. */
if (syscheck.nodiff){
r = 0;
while (syscheck.nodiff[r] != NULL) {
verbose("%s: INFO: No diff for file: '%s'",
ARGV0, syscheck.nodiff[r]);
r++;
}
}
/* Check directories set for real time */
r = 0;
while (syscheck.dir[r] != NULL) {
if (syscheck.opts[r] & CHECK_REALTIME) {
#ifdef INOTIFY_ENABLED
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#elif defined(WIN32)
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#else
verbose("%s: WARN: Ignoring flag for real time monitoring on "
"directory: '%s'.", ARGV0, syscheck.dir[r]);
#endif
}
r++;
}
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Start the daemon */
start_daemon();
}
/* Read directories attributes */
static int read_attr(syscheck_config *syscheck, const char *dirs, char **g_attrs, char **g_values)
{
const char *xml_check_all = "check_all";
const char *xml_check_sum = "check_sum";
const char *xml_check_sha1sum = "check_sha1sum";
const char *xml_check_md5sum = "check_md5sum";
const char *xml_check_size = "check_size";
const char *xml_check_owner = "check_owner";
const char *xml_check_group = "check_group";
const char *xml_check_perm = "check_perm";
const char *xml_check_mtime = "check_mtime";
const char *xml_check_inode = "check_inode";
const char *xml_real_time = "realtime";
const char *xml_report_changes = "report_changes";
const char *xml_restrict = "restrict";
char *restrictfile = NULL;
char **dir;
char *tmp_str;
dir = OS_StrBreak(',', dirs, MAX_DIR_SIZE); /* Max number */
char **dir_org = dir;
int ret = 0, i;
/* Dir can not be null */
if (dir == NULL) {
return (0);
}
while (*dir) {
int j = 0;
int opts = 0;
char *tmp_dir;
char **attrs = NULL;
char **values = NULL;
tmp_dir = *dir;
restrictfile = NULL;
/* Remove spaces at the beginning */
while (*tmp_dir == ' ') {
tmp_dir++;
}
/* Remove spaces at the end */
tmp_str = strchr(tmp_dir, ' ');
if (tmp_str) {
tmp_str++;
/* Check if it is really at the end */
if ((*tmp_str == '\0') || (*tmp_str == ' ')) {
tmp_str--;
*tmp_str = '\0';
}
}
/* Get the options */
if (!g_attrs || !g_values) {
merror(SYSCHECK_NO_OPT, __local_name, dirs);
ret = 0;
goto out_free;
}
attrs = g_attrs;
values = g_values;
while (*attrs && *values) {
/* Check all */
if (strcmp(*attrs, xml_check_all) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_MD5SUM;
opts |= CHECK_SHA1SUM;
opts |= CHECK_PERM;
opts |= CHECK_SIZE;
opts |= CHECK_OWNER;
opts |= CHECK_GROUP;
opts |= CHECK_MTIME;
opts |= CHECK_INODE;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ ( CHECK_MD5SUM | CHECK_SHA1SUM | CHECK_PERM
| CHECK_SIZE | CHECK_OWNER | CHECK_GROUP | CHECK_MTIME | CHECK_INODE );
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check sum */
else if (strcmp(*attrs, xml_check_sum) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_MD5SUM;
opts |= CHECK_SHA1SUM;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ ( CHECK_MD5SUM | CHECK_SHA1SUM );
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check md5sum */
else if (strcmp(*attrs, xml_check_md5sum) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_MD5SUM;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_MD5SUM;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check sha1sum */
else if (strcmp(*attrs, xml_check_sha1sum) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_SHA1SUM;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_SHA1SUM;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check permission */
else if (strcmp(*attrs, xml_check_perm) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_PERM;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_PERM;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check size */
else if (strcmp(*attrs, xml_check_size) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_SIZE;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_SIZE;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check owner */
else if (strcmp(*attrs, xml_check_owner) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_OWNER;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_OWNER;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check group */
else if (strcmp(*attrs, xml_check_group) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_GROUP;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_GROUP;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check modification time */
else if (strcmp(*attrs, xml_check_mtime) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_MTIME;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_MTIME;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Check inode */
else if (strcmp(*attrs, xml_check_inode) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_INODE;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_INODE;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
}
else if (strcmp(*attrs, xml_real_time) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_REALTIME;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_REALTIME;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
} else if (strcmp(*attrs, xml_report_changes) == 0) {
if (strcmp(*values, "yes") == 0) {
opts |= CHECK_SEECHANGES;
} else if (strcmp(*values, "no") == 0) {
opts &= ~ CHECK_SEECHANGES;
} else {
merror(SK_INV_OPT, __local_name, *values, *attrs);
ret = 0;
goto out_free;
}
} else if (strcmp(*attrs, xml_restrict) == 0) {
if (restrictfile) {
free(restrictfile);
restrictfile = NULL;
}
os_strdup(*values, restrictfile);
} else {
merror(SK_INV_ATTR, __local_name, *attrs);
ret = 0;
goto out_free;
}
attrs++;
values++;
}
/* You must have something set */
if (opts == 0) {
merror(SYSCHECK_NO_OPT, __local_name, dirs);
ret = 0;
goto out_free;
}
/* Add directory - look for the last available */
j = 0;
while (syscheck->dir && syscheck->dir[j]) {
/* Duplicate entry */
if (strcmp(syscheck->dir[j], tmp_dir) == 0) {
merror(SK_DUP, __local_name, tmp_dir);
ret = 1;
goto out_free;
}
j++;
}
/* Check for glob */
/* The mingw32 builder used by travis.ci can't find glob.h
* Yet glob must work on actual win32.
*/
#ifndef __MINGW32__
if (strchr(tmp_dir, '*') ||
strchr(tmp_dir, '?') ||
strchr(tmp_dir, '[')) {
int gindex = 0;
glob_t g;
if (glob(tmp_dir, 0, NULL, &g) != 0) {
merror(GLOB_ERROR, __local_name, tmp_dir);
ret = 1;
goto out_free;
}
if (g.gl_pathv[0] == NULL) {
merror(GLOB_NFOUND, __local_name, tmp_dir);
ret = 1;
goto out_free;
}
while (g.gl_pathv[gindex]) {
dump_syscheck_entry(syscheck, g.gl_pathv[gindex], opts, 0, restrictfile);
gindex++;
}
globfree(&g);
}
else {
dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile);
}
#else
dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile);
#endif
if (restrictfile) {
free(restrictfile);
restrictfile = NULL;
}
/* Next entry */
dir++;
}
ret = 1;
out_free:
i = 0;
while (dir_org[i]) {
free(dir_org[i++]);
}
free(dir_org);
free(restrictfile);
return ret;
}
/* Read Windows registry configuration */
int read_reg(syscheck_config *syscheck, char *entries, int arch)
{
int i;
char **entry;
char *tmp_str;
/* Get each entry separately */
entry = OS_StrBreak(',', entries, MAX_DIR_SIZE); /* Max number */
if (entry == NULL) {
return (0);
}
while (*entry) {
char *tmp_entry;
tmp_entry = *entry;
/* Remove spaces at the beginning */
while (*tmp_entry == ' ') {
tmp_entry++;
}
/* Remove spaces at the end */
tmp_str = strchr(tmp_entry, ' ');
if (tmp_str) {
tmp_str++;
/* Check if it is really at the end */
if ((*tmp_str == '\0') || (*tmp_str == ' ')) {
tmp_str--;
*tmp_str = '\0';
}
}
/* Add entries - look for the last available */
i = 0;
while (syscheck->registry && syscheck->registry[i].entry) {
int str_len_i;
int str_len_dir;
str_len_dir = strlen(tmp_entry);
str_len_i = strlen(syscheck->registry[i].entry);
if (str_len_dir > str_len_i) {
str_len_dir = str_len_i;
}
/* Duplicated entry */
if (syscheck->registry[i].arch == arch && strcmp(syscheck->registry[i].entry, tmp_entry) == 0) {
merror(SK_DUP, __local_name, tmp_entry);
return (1);
}
i++;
}
/* Add new entry */
dump_syscheck_entry(syscheck, tmp_entry, arch, 1, NULL);
/* Next entry */
entry++;
}
return (1);
}
/* Read directories attributes */
int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
{
char *xml_check_all = "check_all";
char *xml_check_sum = "check_sum";
char *xml_check_sha1sum = "check_sha1sum";
char *xml_check_md5sum = "check_md5sum";
char *xml_check_size = "check_size";
char *xml_check_owner = "check_owner";
char *xml_check_group = "check_group";
char *xml_check_perm = "check_perm";
char *xml_real_time = "realtime";
char *xml_report_changes = "report_changes";
char *xml_restrict = "restrict";
char *restrictfile = NULL;
char **dir;
char *tmp_str;
dir = OS_StrBreak(',', dirs, MAX_DIR_SIZE); /* Max number */
char **dir_org = dir;
int ret = 0, i;
/* Dir can not be null */
if(dir == NULL)
{
return(0);
}
/* Doing it for each directory */
while(*dir)
{
int i = 0;
int opts = 0;
char *tmp_dir;
char **attrs = NULL;
char **values = NULL;
tmp_dir = *dir;
restrictfile = NULL;
/* Removing spaces at the beginning */
while(*tmp_dir == ' ')
{
tmp_dir++;
}
/* Removing spaces at the end */
tmp_str = strchr(tmp_dir, ' ');
if(tmp_str)
{
tmp_str++;
/* Checking if it is really at the end */
if((*tmp_str == '\0') || (*tmp_str == ' '))
{
tmp_str--;
*tmp_str = '\0';
}
}
/* Getting the options */
if(!g_attrs || !g_values)
{
merror(SYSCHECK_NO_OPT, ARGV0, dirs);
ret = 0;
goto out_free;
}
attrs = g_attrs;
values = g_values;
while(*attrs && *values)
{
/* Checking all */
if(strcmp(*attrs, xml_check_all) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_MD5SUM;
opts|=CHECK_SHA1SUM;
opts|=CHECK_PERM;
opts|=CHECK_SIZE;
opts|=CHECK_OWNER;
opts|=CHECK_GROUP;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking sum */
else if(strcmp(*attrs, xml_check_sum) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_MD5SUM;
opts|=CHECK_SHA1SUM;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking md5sum */
else if(strcmp(*attrs, xml_check_md5sum) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_MD5SUM;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking sha1sum */
else if(strcmp(*attrs, xml_check_sha1sum) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_SHA1SUM;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking permission */
else if(strcmp(*attrs, xml_check_perm) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_PERM;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking size */
else if(strcmp(*attrs, xml_check_size) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_SIZE;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking owner */
else if(strcmp(*attrs, xml_check_owner) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_OWNER;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
/* Checking group */
else if(strcmp(*attrs, xml_check_group) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_GROUP;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
else if(strcmp(*attrs, xml_real_time) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_REALTIME;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
else if(strcmp(*attrs, xml_report_changes) == 0)
{
if(strcmp(*values, "yes") == 0)
{
opts|=CHECK_SEECHANGES;
}
else if(strcmp(*values, "no") == 0)
{
}
else
{
merror(SK_INV_OPT, ARGV0, *values, *attrs);
ret = 0;
goto out_free;
}
}
else if(strcmp(*attrs, xml_restrict) == 0)
{
os_strdup(*values, restrictfile);
}
else
{
merror(SK_INV_ATTR, ARGV0, *attrs);
ret = 0;
goto out_free;
}
attrs++; values++;
}
/* You must have something set */
if(opts == 0)
{
merror(SYSCHECK_NO_OPT, ARGV0, dirs);
if(restrictfile) free(restrictfile);
ret = 0;
goto out_free;
}
/* Adding directory - looking for the last available */
i = 0;
while(syscheck->dir && syscheck->dir[i])
{
int str_len_i;
int str_len_dir;
str_len_dir = strlen(tmp_dir);
str_len_i = strlen(syscheck->dir[i]);
if(str_len_dir > str_len_i)
{
str_len_dir = str_len_i;
}
/* Duplicate entry */
if(strcmp(syscheck->dir[i], tmp_dir) == 0)
{
merror(SK_DUP, ARGV0, tmp_dir);
ret = 1;
goto out_free;
}
i++;
}
/* Checking for glob. */
#ifndef WIN32
if(strchr(tmp_dir, '*') ||
strchr(tmp_dir, '?') ||
strchr(tmp_dir, '['))
{
int gindex = 0;
glob_t g;
if(glob(tmp_dir, 0, NULL, &g) != 0)
{
merror(GLOB_ERROR, ARGV0, tmp_dir);
ret = 1;
goto out_free;
}
if(g.gl_pathv[0] == NULL)
{
merror(GLOB_NFOUND, ARGV0, tmp_dir);
ret = 1;
goto out_free;
}
while(g.gl_pathv[gindex])
{
dump_syscheck_entry(syscheck, g.gl_pathv[gindex], opts, 0, restrictfile);
gindex++;
}
globfree(&g);
}
else
{
dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile);
}
#else
dump_syscheck_entry(syscheck, tmp_dir, opts, 0, restrictfile);
#endif
if(restrictfile)
{
free(restrictfile);
restrictfile = NULL;
}
/* Next entry */
dir++;
}
ret = 1;
out_free:
i = 0;
while(dir_org[i])
free(dir_org[i++]);
free(dir_org);
return ret;
}
int read_reg(config *syscheck, char *entries)
{
int i;
char **entry;
char *tmp_str;
/* Getting each entry separately */
entry = OS_StrBreak(',', entries, MAX_DIR_SIZE); /* Max number */
/* entry can not be null */
if(entry == NULL)
{
return(0);
}
/* Doing it for each Entry */
while(*entry)
{
char *tmp_entry;
tmp_entry = *entry;
/* Removing spaces at the beginning */
while(*tmp_entry == ' ')
{
tmp_entry++;
}
/* Removing spaces at the end */
tmp_str = strchr(tmp_entry, ' ');
if(tmp_str)
{
tmp_str++;
/* Checking if it is really at the end */
if((*tmp_str == '\0') || (*tmp_str == ' '))
{
tmp_str--;
*tmp_str = '\0';
}
}
/* Adding entries - looking for the last available */
i = 0;
while(syscheck->registry && syscheck->registry[i])
{
int str_len_i;
int str_len_dir;
str_len_dir = strlen(tmp_entry);
str_len_i = strlen(syscheck->registry[i]);
if(str_len_dir > str_len_i)
{
str_len_dir = str_len_i;
}
/* Duplicated entry */
if(strcmp(syscheck->registry[i], tmp_entry) == 0)
{
merror(SK_DUP, ARGV0, tmp_entry);
return(1);
}
i++;
}
/* Adding new entry */
dump_syscheck_entry(syscheck, tmp_entry, 0, 1, NULL);
/* Next entry */
entry++;
}
return(1);
}
