Esempio n. 1
0
END_TEST

START_TEST(test_osgetcontents)
{
    char xml_file_name[256];
    create_xml_file("<root>value</root><root>value2</root><root2>value</root2>", xml_file_name, 256);
    OS_XML xml;
    ck_assert_int_eq(OS_ReadXML(xml_file_name, &xml), 0);
    ck_assert_int_eq(OS_ApplyVariables(&xml), 0);
    const char *xml_path1[] = { "root", NULL };
    const char *xml_path2[] = { "root2", NULL };
    char **content1, **content2;
    ck_assert_ptr_ne(content1 = OS_GetContents(&xml, xml_path1), NULL);
    ck_assert_str_eq(content1[0], "value");
    ck_assert_str_eq(content1[1], "value2");
    ck_assert_ptr_eq(content1[2], NULL);

    ck_assert_ptr_ne(content2 = OS_GetContents(&xml, xml_path2), NULL);
    ck_assert_str_eq(content2[0], "value");
    ck_assert_ptr_eq(content2[1], NULL);

    ck_assert_ptr_eq(OS_GetContents(&xml, NULL), NULL);

    int i = 0;
    while (content1[i]) {
        free(content1[i++]);
    }
    free(content1);

    i = 0;
    while (content2[i]) {
        free(content2[i++]);
    }
    free(content2);
    OS_ClearXML(&xml);
    unlink(xml_file_name);
}
Esempio n. 2
0
/* Read the rootcheck config */
int Read_Rootcheck_Config(const char *cfgfile)
{
    OS_XML xml;
#ifdef OSSECHIDS
    char *str = NULL;
#endif

    /* XML Definitions */
    const char *(xml_base_dir[]) = {xml_rootcheck, "base_directory", NULL};
    const char *(xml_workdir[]) = {xml_rootcheck, "work_directory", NULL};
    const char *(xml_rootkit_files[]) = {xml_rootcheck, "rootkit_files", NULL};
    const char *(xml_rootkit_trojans[]) = {xml_rootcheck, "rootkit_trojans", NULL};
    const char *(xml_rootkit_unixaudit[]) = {xml_rootcheck, "system_audit", NULL};
    const char *(xml_rootkit_winaudit[]) = {xml_rootcheck, "windows_audit", NULL};
    const char *(xml_rootkit_winapps[]) = {xml_rootcheck, "windows_apps", NULL};
    const char *(xml_rootkit_winmalware[]) = {xml_rootcheck, "windows_malware", NULL};
    const char *(xml_scanall[]) = {xml_rootcheck, "scanall", NULL};
    const char *(xml_readall[]) = {xml_rootcheck, "readall", NULL};
#ifdef OSSECHIDS
    const char *(xml_time[]) = {xml_rootcheck, "frequency", NULL};
#endif
    const char *(xml_check_dev[]) = {xml_rootcheck, "check_dev", NULL};
    const char *(xml_check_files[]) = {xml_rootcheck, "check_files", NULL};
    const char *(xml_check_if[]) = {xml_rootcheck, "check_if", NULL};
    const char *(xml_check_pids[]) = {xml_rootcheck, "check_pids", NULL};
    const char *(xml_check_ports[]) = {xml_rootcheck, "check_ports", NULL};
    const char *(xml_check_sys[]) = {xml_rootcheck, "check_sys", NULL};
    const char *(xml_check_trojans[]) = {xml_rootcheck, "check_trojans", NULL};
#ifdef WIN32
    const char *(xml_check_winapps[]) = {xml_rootcheck, "check_winapps", NULL};
    const char *(xml_check_winaudit[]) = {xml_rootcheck, "check_winaudit", NULL};
    const char *(xml_check_winmalware[]) = {xml_rootcheck, "check_winmalware", NULL};
#else
    const char *(xml_check_unixaudit[]) = {xml_rootcheck, "check_unixaudit", NULL};
#endif

#ifdef OSSECHIDS
    /* :) */
    xml_time[2] = NULL;
#endif

    if (OS_ReadXML(cfgfile, &xml) < 0) {
        merror("config_op: XML error: %s", xml.err);
        return (OS_INVALID);
    }

    if (!OS_RootElementExist(&xml, xml_rootcheck)) {
        OS_ClearXML(&xml);
        merror("%s: Rootcheck configuration not found. ", ARGV0);
        return (-1);
    }


#ifdef OSSECHIDS
    /* time  */
    str = OS_GetOneContentforElement(&xml, xml_time);
    if (str) {
        if (!OS_StrIsNum(str)) {
            merror("Invalid frequency time '%s' for the rootkit "
                   "detection (must be int).", str);
            return (OS_INVALID);
        }

        rootcheck.time = atoi(str);
        free(str);
        str = NULL;
    }
#endif /* OSSECHIDS */

    /* Scan all flags */
    if (!rootcheck.scanall) {
        rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml, xml_scanall), 0);
    }

    /* Read all flags */
    if (!rootcheck.readall) {
        rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml, xml_readall), 0);
    }

    /* Get work directory */
    if (!rootcheck.workdir) {
        rootcheck.workdir  = OS_GetOneContentforElement(&xml, xml_workdir);
    }

    rootcheck.rootkit_files  = OS_GetOneContentforElement
                               (&xml, xml_rootkit_files);
    rootcheck.rootkit_trojans  = OS_GetOneContentforElement
                                 (&xml, xml_rootkit_trojans);
    rootcheck.unixaudit = OS_GetContents
                          (&xml, xml_rootkit_unixaudit);
    rootcheck.winaudit  = OS_GetOneContentforElement
                          (&xml, xml_rootkit_winaudit);
    rootcheck.winapps  = OS_GetOneContentforElement
                         (&xml, xml_rootkit_winapps);
    rootcheck.winmalware  = OS_GetOneContentforElement
                            (&xml, xml_rootkit_winmalware);
    rootcheck.basedir  = OS_GetOneContentforElement(&xml, xml_base_dir);
    rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_dev), 1);
    rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_files), 1);
    rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_if), 1);
    rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_pids), 1);
    rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_ports), 1);
    rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_sys), 1);
    rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_trojans), 1);
#ifdef WIN32
    rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winapps), 1);
    rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winaudit), 1);
    rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winmalware), 1);
#else
    rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_unixaudit), 1);
#endif /* WIN32 */
    OS_ClearXML(&xml);


    return (0);
}
Esempio n. 3
0
/* Read_Rootcheck_Config: Reads the rootcheck config
 */
int Read_Rootcheck_Config(char * cfgfile)
{
    OS_XML xml;

    char *str = NULL;


    /* XML Definitions */
    char *(xml_daemon[])={xml_rootcheck,"daemon", NULL};
    char *(xml_notify[])={xml_rootcheck, "notify", NULL};
    char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL};
    char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL};
    char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL};
    char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL};
    char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL};
    char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL};
    char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL};
    char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL};
    char *(xml_scanall[])={xml_rootcheck, "scanall", NULL};
    char *(xml_readall[])={xml_rootcheck, "readall", NULL};
    char *(xml_time[])={xml_rootcheck, "frequency", NULL};

    /* :) */
    xml_time[2] = NULL;
    
    if(OS_ReadXML(cfgfile,&xml) < 0)
    {
        merror("config_op: XML error: %s",xml.err);
        return(OS_INVALID);
    }

    if(!OS_RootElementExist(&xml,xml_rootcheck))
    {
        OS_ClearXML(&xml);
        merror("%s: Rootcheck configuration not found. ",ARGV0);
        return(-1);
    }


    /* run as a daemon */
    str = OS_GetOneContentforElement(&xml,xml_daemon);
    if(str)
    {
        if(str[0] == 'n')
            rootcheck.daemon = 0;
        free(str);
        str = NULL;    
    }

    /* time  */
    #ifdef OSSECHIDS
    str = OS_GetOneContentforElement(&xml,xml_time);
    if(str)
    {
        if(!OS_StrIsNum(str))
        {
            merror("Invalid frequency time '%s' for the rootkit "
                    "detection (must be int).", str);
            return(OS_INVALID);
        }

        rootcheck.time = atoi(str);

        free(str);
        str = NULL;
    }
    #endif
                                                                                                            
    
    /* Scan all flag */
    if(!rootcheck.scanall)
    {
        str = OS_GetOneContentforElement(&xml,xml_scanall);
        if(str)
        {
            if(str[0] == 'y')
                rootcheck.scanall = 1;
            free(str);
            str = NULL;
        }
    }


    /* read all flag */
    if(!rootcheck.readall)
    {
        str = OS_GetOneContentforElement(&xml,xml_readall);
        if(str)
        {
            if(str[0] == 'y')
                rootcheck.readall = 1;
            free(str);
            str = NULL;
        }
    }
    
    
    /* Notifications type */
    str  = OS_GetOneContentforElement(&xml,xml_notify);
    if(str)
    {
        if(strcasecmp(str,"queue") == 0)
            rootcheck.notify = QUEUE;
        else if(strcasecmp(str,"syslog") == 0)
            rootcheck.notify = SYSLOG;
        else
        {
            merror("%s: Invalid notification option. Only "
                      "'syslog' or 'queue' are allowed.",ARGV0);
            return(-1);
        }
        
        free(str);
        str = NULL;           
    }
    else
    {
        /* Default to SYSLOG */
        rootcheck.notify = SYSLOG;
    }

    /* Getting work directory */
    if(!rootcheck.workdir)
        rootcheck.workdir  = OS_GetOneContentforElement(&xml,xml_workdir);    
    
    
    rootcheck.rootkit_files  = OS_GetOneContentforElement
                               (&xml,xml_rootkit_files);
    rootcheck.rootkit_trojans  = OS_GetOneContentforElement
                               (&xml,xml_rootkit_trojans);
    
    rootcheck.unixaudit = OS_GetContents 
                                (&xml,xml_rootkit_unixaudit);

    rootcheck.winaudit  = OS_GetOneContentforElement
                                (&xml,xml_rootkit_winaudit);

    rootcheck.winapps  = OS_GetOneContentforElement
                                (&xml,xml_rootkit_winapps);

    rootcheck.winmalware  = OS_GetOneContentforElement
                                (&xml,xml_rootkit_winmalware);
                                
    rootcheck.basedir  = OS_GetOneContentforElement(&xml, xml_base_dir);


    OS_ClearXML(&xml);
 
    debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon);
    debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify);
       
    return(0);
}