// Assumes GPIO is set up as input
bool gpio_read(int number){
std::string path = SYS_GPIO_BASE + "gpio" + std::to_string(number) + "/value";
std::string res = read_sys_file(path);
if (res.empty()) {
MICROFLO_DEBUG(debug, DebugLevelError, DebugIoFailure);
}
res = rtrim(res);
return res == "1";
}
int read_sys_dir(char *dir_name)
{
DIR *dp;
struct dirent *entry;
struct stat statbuf;
/* Getting the number of nodes. The total number on opendir
* must be the same
*/
if(stat(dir_name, &statbuf) < 0)
{
return(-1);
}
/* Must be a directory */
if(!S_ISDIR(statbuf.st_mode))
{
return(-1);
}
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
{
return(-1);
}
/* Reading every entry in the directory */
while((entry = readdir(dp)) != NULL)
{
char f_name[MAX_PATH +2];
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
/* Creating new file + path string */
snprintf(f_name, MAX_PATH +1, "%s\\%s",dir_name, entry->d_name);
read_sys_file(f_name);
}
closedir(dp);
return(0);
}
int main(int argc, char **argv)
{
printf("%s: NTFS ADS dumper (GPL v2)\n", argv[0]);
printf("by Daniel B. Cid - dcid at ossec.net\n\n");
/* Going to print every NTFS ADS found */
if(argc < 2)
{
printf("%s dir\n", argv[0]);
exit(1);
}
/* Getting streams */
read_sys_file(argv[1]);
if(ads_found == 0)
{
printf("No NTFS ADS found.\n");
}
return(0);
}
/* read_dir v0.1
*
*/
int read_sys_dir(char *dir_name, int do_read)
{
int i = 0;
unsigned int entry_count = 0;
int did_changed = 0;
DIR *dp;
struct dirent *entry;
struct stat statbuf;
#ifndef WIN32
char *(dirs_to_doread[]) = { "/bin", "/sbin", "/usr/bin",
"/usr/sbin", "/dev", "/etc",
"/boot", NULL };
#endif
if((dir_name == NULL)||(strlen(dir_name) > PATH_MAX))
{
merror("%s: Invalid directory given.",ARGV0);
return(-1);
}
/* Ignoring user-supplied list. */
if(rootcheck.ignore)
{
while(rootcheck.ignore[i])
{
if(strcmp(dir_name, rootcheck.ignore[i]) == 0)
{
return(1);
}
i++;
}
i = 0;
}
/* Getting the number of nodes. The total number on opendir
* must be the same
*/
if(lstat(dir_name, &statbuf) < 0)
{
return(-1);
}
/* Currently device id */
if(did != statbuf.st_dev)
{
if(did != 0)
did_changed = 1;
did = statbuf.st_dev;
}
if(!S_ISDIR(statbuf.st_mode))
{
return(-1);
}
#ifndef WIN32
/* Check if the do_read is valid for this directory */
while(dirs_to_doread[i])
{
if(strcmp(dir_name, dirs_to_doread[i]) == 0)
{
do_read = 1;
break;
}
i++;
}
#else
do_read = 0;
#endif
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
{
if((strcmp(dir_name, "") == 0)&&
(dp = opendir("/")))
{
/* ok */
}
else
{
return(-1);
}
}
/* Reading every entry in the directory */
while((entry = readdir(dp)) != NULL)
{
char f_name[PATH_MAX +2];
struct stat statbuf_local;
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
(strcmp(entry->d_name,"..") == 0))
{
entry_count++;
continue;
}
/* Creating new file + path string */
if(strcmp(dir_name, "/") == 0)
{
snprintf(f_name, PATH_MAX +1, "/%s", entry->d_name);
}
else
{
snprintf(f_name, PATH_MAX +1, "%s/%s",dir_name, entry->d_name);
}
/* Checking if file is a directory */
if(lstat(f_name, &statbuf_local) == 0)
{
/* On all the systems, except darwin, the
* link count is only increased on directories.
*/
#ifndef Darwin
if(S_ISDIR(statbuf_local.st_mode))
#else
if(S_ISDIR(statbuf_local.st_mode) ||
S_ISREG(statbuf_local.st_mode) ||
S_ISLNK(statbuf_local.st_mode))
#endif
{
entry_count++;
}
}
/* Checking every file against the rootkit database */
for(i = 0; i<= rk_sys_count; i++)
{
if(!rk_sys_file[i])
break;
if(strcmp(rk_sys_file[i], entry->d_name) == 0)
{
char op_msg[OS_SIZE_1024 +1];
_sys_errors++;
snprintf(op_msg, OS_SIZE_1024, "Rootkit '%s' detected "
"by the presence of file '%s/%s'.",
rk_sys_name[i], dir_name, rk_sys_file[i]);
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
}
}
/* Ignoring /proc */
if((strcmp(f_name, "/proc") == 0) || (strcmp(f_name, "/sys") == 0))
continue;
read_sys_file(f_name, do_read);
}
/* Entry count for directory different than the actual
* link count from stats.
*/
if((entry_count != statbuf.st_nlink) &&
((did_changed == 0) || ((entry_count + 1) != statbuf.st_nlink)))
{
#ifndef WIN32
struct stat statbuf2;
char op_msg[OS_SIZE_1024 +1];
if((lstat(dir_name, &statbuf2) == 0) &&
(statbuf2.st_nlink != entry_count))
{
snprintf(op_msg, OS_SIZE_1024, "Files hidden inside directory "
"'%s'. Link count does not match number of files "
"(%d,%d).",
dir_name, entry_count, (int)statbuf.st_nlink);
/* Solaris /boot is terrible :) */
#ifdef SOLARIS
if(strncmp(dir_name, "/boot", strlen("/boot")) != 0)
{
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
_sys_errors++;
}
#elif Darwin
if(strncmp(dir_name, "/dev", strlen("/dev")) != 0)
{
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
_sys_errors++;
}
#else
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
_sys_errors++;
#endif
}
#endif
}
closedir(dp);
return(0);
}