void MonProcessesGatherData(double *cf_this)
{
Item *userList = NULL;
int numProcUsers = 0;
int numRootProcs = 0;
int numOtherProcs = 0;
if (!GatherProcessUsers(&userList, &numProcUsers, &numRootProcs, &numOtherProcs))
{
return;
}
cf_this[ob_users] += numProcUsers;
cf_this[ob_rootprocs] += numRootProcs;
cf_this[ob_otherprocs] += numOtherProcs;
char vbuff[CF_MAXVARSIZE];
xsnprintf(vbuff, sizeof(vbuff), "%s/cf_users", GetStateDir());
MapName(vbuff);
RawSaveItemList(userList, vbuff, NewLineMode_Unix);
DeleteItemList(userList);
Log(LOG_LEVEL_VERBOSE, "(Users,root,other) = (%d,%d,%d)",
(int) cf_this[ob_users], (int) cf_this[ob_rootprocs],
(int) cf_this[ob_otherprocs]);
}
static void tests_setup(void)
{
xsnprintf(CFWORKDIR, CF_BUFSIZE, "/tmp/mon_processes_test.XXXXXX");
mkdtemp(CFWORKDIR);
char buf[CF_BUFSIZE];
xsnprintf(buf, CF_BUFSIZE, "%s", GetStateDir());
mkdir(buf, 0755);
}
/**
* @return True if the file STATEDIR/am_policy_hub exists
*/
bool GetAmPolicyHub(void)
{
char path[CF_BUFSIZE] = { 0 };
snprintf(path, sizeof(path), "%s/am_policy_hub", GetStateDir());
MapName(path);
struct stat sb;
return stat(path, &sb) == 0;
}
static void Nova_DumpSlots(void)
{
#define MAX_KEY_FILE_SIZE 16384 /* usually around 4000, cannot grow much */
char filename[CF_BUFSIZE];
int i;
snprintf(filename, CF_BUFSIZE - 1, "%s%cts_key", GetStateDir(), FILE_SEPARATOR);
char file_contents_new[MAX_KEY_FILE_SIZE] = {0};
for (i = 0; i < CF_OBSERVABLES; i++)
{
char line[CF_MAXVARSIZE];
if (NovaHasSlot(i))
{
snprintf(line, sizeof(line), "%d,%s,%s,%s,%.3lf,%.3lf,%d\n",
i,
NULLStringToEmpty((char*)NovaGetSlotName(i)),
NULLStringToEmpty((char*)NovaGetSlotDescription(i)),
NULLStringToEmpty((char*)NovaGetSlotUnits(i)),
NovaGetSlotExpectedMinimum(i), NovaGetSlotExpectedMaximum(i), NovaIsSlotConsolidable(i) ? 1 : 0);
}
else
{
snprintf(line, sizeof(line), "%d,spare,unused\n", i);
}
strlcat(file_contents_new, line, sizeof(file_contents_new));
}
bool contents_changed = true;
Writer *w = FileRead(filename, MAX_KEY_FILE_SIZE, NULL);
if (w)
{
if(strcmp(StringWriterData(w), file_contents_new) == 0)
{
contents_changed = false;
}
WriterClose(w);
}
if(contents_changed)
{
Log(LOG_LEVEL_VERBOSE, "Updating %s with new slot information", filename);
if(!FileWriteOver(filename, file_contents_new))
{
Log(LOG_LEVEL_ERR, "Nova_DumpSlots: Could not write file '%s'. (FileWriteOver: %s)", filename,
GetErrorStr());
}
}
chmod(filename, 0600);
}
static void SaveTCPEntropyData(Item *list, int i, char *inout)
{
Item *ip;
FILE *fp;
char filename[CF_BUFSIZE];
Log(LOG_LEVEL_VERBOSE, "TCP Save '%s'", TCPNAMES[i]);
if (list == NULL)
{
Log(LOG_LEVEL_VERBOSE, "No %s-%s events", TCPNAMES[i], inout);
return;
}
if (strncmp(inout, "in", 2) == 0)
{
snprintf(filename, CF_BUFSIZE, "%s%ccf_incoming.%s", GetStateDir(), FILE_SEPARATOR, TCPNAMES[i]);
}
else
{
snprintf(filename, CF_BUFSIZE, "%s%ccf_outgoing.%s", GetStateDir(), FILE_SEPARATOR, TCPNAMES[i]);
}
Log(LOG_LEVEL_VERBOSE, "TCP Save '%s'", filename);
if ((fp = fopen(filename, "w")) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't save TCP entropy to '%s' (fopen: %s)", filename, GetErrorStr());
return;
}
for (ip = list; ip != NULL; ip = ip->next)
{
fprintf(fp, "%d %s\n", ip->counter, ip->name);
}
fclose(fp);
}
void MonNetworkSnifferGatherData(void)
{
int i;
char vbuff[CF_BUFSIZE];
const char* const statedir = GetStateDir();
for (i = 0; i < CF_NETATTR; i++)
{
struct stat statbuf;
double entropy;
time_t now = time(NULL);
Log(LOG_LEVEL_DEBUG, "save incoming '%s'", TCPNAMES[i]);
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_incoming.%s", statedir, FILE_SEPARATOR, TCPNAMES[i]);
if (stat(vbuff, &statbuf) != -1)
{
if (ItemListSize(NETIN_DIST[i]) < statbuf.st_size &&
now < statbuf.st_mtime + 40 * 60)
{
Log(LOG_LEVEL_VERBOSE, "New state %s is smaller, retaining old for 40 mins longer", TCPNAMES[i]);
DeleteItemList(NETIN_DIST[i]);
NETIN_DIST[i] = NULL;
continue;
}
}
SaveTCPEntropyData(NETIN_DIST[i], i, "in");
entropy = MonEntropyCalculate(NETIN_DIST[i]);
MonEntropyClassesSet(TCPNAMES[i], "in", entropy);
DeleteItemList(NETIN_DIST[i]);
NETIN_DIST[i] = NULL;
}
for (i = 0; i < CF_NETATTR; i++)
{
struct stat statbuf;
double entropy;
time_t now = time(NULL);
Log(LOG_LEVEL_DEBUG, "save outgoing '%s'", TCPNAMES[i]);
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_outgoing.%s", statedir, FILE_SEPARATOR, TCPNAMES[i]);
if (stat(vbuff, &statbuf) != -1)
{
if (ItemListSize(NETOUT_DIST[i]) < statbuf.st_size &&
now < statbuf.st_mtime + 40 * 60)
{
Log(LOG_LEVEL_VERBOSE, "New state '%s' is smaller, retaining old for 40 mins longer", TCPNAMES[i]);
DeleteItemList(NETOUT_DIST[i]);
NETOUT_DIST[i] = NULL;
continue;
}
}
SaveTCPEntropyData(NETOUT_DIST[i], i, "out");
entropy = MonEntropyCalculate(NETOUT_DIST[i]);
MonEntropyClassesSet(TCPNAMES[i], "out", entropy);
DeleteItemList(NETOUT_DIST[i]);
NETOUT_DIST[i] = NULL;
}
}
/* Buffer should be at least CF_MAXVARSIZE large */
const char *GetSoftwarePatchesFilename(char *buffer)
{
snprintf(buffer, CF_MAXVARSIZE, "%s/%s", GetStateDir(), SOFTWARE_PATCHES_CACHE);
MapName(buffer);
return buffer;
}
int LoadProcessTable()
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE];
Item *rootprocs = NULL;
Item *otherprocs = NULL;
if (PROCESSTABLE)
{
Log(LOG_LEVEL_VERBOSE, "Reusing cached process table");
return true;
}
LoadPlatformExtraTable();
CheckPsLineLimitations();
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VPSHARDCLASS], psopts);
Log(LOG_LEVEL_VERBOSE, "Observe process table with %s", pscomm);
if ((prp = cf_popen(pscomm, "r", false)) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open the process list with command '%s'. (popen: %s)", pscomm, GetErrorStr());
return false;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
# ifdef HAVE_GETZONEID
char *names[CF_PROCCOLS];
int start[CF_PROCCOLS];
int end[CF_PROCCOLS];
Seq *pidlist = SeqNew(1, NULL);
Seq *rootpidlist = SeqNew(1, NULL);
bool global_zone = IsGlobalZone();
if (global_zone)
{
int res = ZLoadProcesstable(pidlist, rootpidlist);
if (res == false)
{
Log(LOG_LEVEL_ERR, "Unable to load solaris zone process table.");
return false;
}
}
# endif
ARG_UNUSED bool header = true; /* used only if HAVE_GETZONEID */
for (;;)
{
ssize_t res = CfReadLine(&vbuff, &vbuff_size, prp);
if (res == -1)
{
if (!feof(prp))
{
Log(LOG_LEVEL_ERR, "Unable to read process list with command '%s'. (fread: %s)", pscomm, GetErrorStr());
cf_pclose(prp);
free(vbuff);
return false;
}
else
{
break;
}
}
Chop(vbuff, vbuff_size);
# ifdef HAVE_GETZONEID
if (global_zone)
{
if (header)
{ /* this is the banner so get the column header names for later use*/
GetProcessColumnNames(vbuff, &names[0], start, end);
}
else
{
int gpid = ExtractPid(vbuff, names, end);
if (!IsGlobalProcess(gpid, pidlist, rootpidlist))
{
continue;
}
}
}
# endif
AppendItem(&PROCESSTABLE, vbuff, "");
header = false;
}
cf_pclose(prp);
/* Now save the data */
const char* const statedir = GetStateDir();
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_procs", statedir, FILE_SEPARATOR);
RawSaveItemList(PROCESSTABLE, vbuff, NewLineMode_Unix);
# ifdef HAVE_GETZONEID
if (global_zone) /* pidlist and rootpidlist are empty if we're not in the global zone */
{
Item *ip = PROCESSTABLE;
while (ip != NULL)
{
ZCopyProcessList(&rootprocs, ip, rootpidlist, names, end);
ip = ip->next;
}
ReverseItemList(rootprocs);
ip = PROCESSTABLE;
while (ip != NULL)
{
ZCopyProcessList(&otherprocs, ip, pidlist, names, end);
ip = ip->next;
}
ReverseItemList(otherprocs);
}
else
# endif
{
CopyList(&rootprocs, PROCESSTABLE);
CopyList(&otherprocs, PROCESSTABLE);
while (DeleteItemNotContaining(&rootprocs, "root"))
{
}
while (DeleteItemContaining(&otherprocs, "root"))
{
}
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_rootprocs", statedir, FILE_SEPARATOR);
RawSaveItemList(rootprocs, vbuff, NewLineMode_Unix);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_otherprocs", statedir, FILE_SEPARATOR);
RawSaveItemList(otherprocs, vbuff, NewLineMode_Unix);
DeleteItemList(otherprocs);
free(vbuff);
return true;
}
void GenericAgentInitialize(EvalContext *ctx, GenericAgentConfig *config)
{
int force = false;
struct stat statbuf, sb;
char vbuff[CF_BUFSIZE];
char ebuff[CF_EXPANDSIZE];
#ifdef __MINGW32__
InitializeWindows();
#endif
DetermineCfenginePort();
EvalContextClassPutHard(ctx, "any", "source=agent");
GenericAgentAddEditionClasses(ctx);
/* Define trusted directories */
const char *workdir = GetWorkDir();
if (!workdir)
{
FatalError(ctx, "Error determining working directory");
}
OpenLog(LOG_USER);
SetSyslogFacility(LOG_USER);
Log(LOG_LEVEL_VERBOSE, "Work directory is %s", workdir);
snprintf(vbuff, CF_BUFSIZE, "%s%cupdate.conf", GetInputDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%cbin%ccf-agent -D from_cfexecd", workdir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs%cspooled_reports", workdir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%clastseen%cintermittencies", workdir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%creports%cvarious", workdir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%c.", GetLogDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%c.", GetPidDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
snprintf(vbuff, CF_BUFSIZE, "%s%c.", GetStateDir(), FILE_SEPARATOR);
MakeParentDirectory(vbuff, force);
MakeParentDirectory(GetLogDir(), force);
snprintf(vbuff, CF_BUFSIZE, "%s", GetInputDir());
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/inputs dir");
}
/* ensure WORKSPACE/inputs directory has all user bits set (u+rwx) */
if ((sb.st_mode & 0700) != 0700)
{
chmod(vbuff, sb.st_mode | 0700);
}
snprintf(vbuff, CF_BUFSIZE, "%s%coutputs", workdir, FILE_SEPARATOR);
if (stat(vbuff, &sb) == -1)
{
FatalError(ctx, " No access to WORKSPACE/outputs dir");
}
/* ensure WORKSPACE/outputs directory has all user bits set (u+rwx) */
if ((sb.st_mode & 0700) != 0700)
{
chmod(vbuff, sb.st_mode | 0700);
}
const char* const statedir = GetStateDir();
snprintf(ebuff, sizeof(ebuff), "%s%ccf_procs",
statedir, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%ccf_rootprocs",
statedir, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%ccf_otherprocs",
statedir, FILE_SEPARATOR);
if (stat(ebuff, &statbuf) == -1)
{
CreateEmptyFile(ebuff);
}
snprintf(ebuff, sizeof(ebuff), "%s%cprevious_state%c",
statedir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cdiff%c",
statedir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cuntracked%c",
statedir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
snprintf(ebuff, sizeof(ebuff), "%s%cpromise_log%c",
statedir, FILE_SEPARATOR, FILE_SEPARATOR);
MakeParentDirectory(ebuff, force);
OpenNetwork();
CryptoInitialize();
CheckWorkingDirectories(ctx);
/* Initialize keys and networking. cf-key, doesn't need keys. In fact it
must function properly even without them, so that it generates them! */
if (config->agent_type != AGENT_TYPE_KEYGEN)
{
LoadSecretKeys();
char *bootstrapped_policy_server = ReadPolicyServerFile(workdir);
PolicyHubUpdateKeys(bootstrapped_policy_server);
free(bootstrapped_policy_server);
}
size_t cwd_size = PATH_MAX;
while (true)
{
char cwd[cwd_size];
if (!getcwd(cwd, cwd_size))
{
if (errno == ERANGE)
{
cwd_size *= 2;
continue;
}
else
{
Log(LOG_LEVEL_WARNING,
"Could not determine current directory (getcwd: %s)",
GetErrorStr());
break;
}
}
EvalContextSetLaunchDirectory(ctx, cwd);
break;
}
if (!MINUSF)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "promises.cf");
}
setlinebuf(stdout);
if (config->agent_specific.agent.bootstrap_policy_server)
{
snprintf(vbuff, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
if (stat(vbuff, &statbuf) == -1)
{
GenericAgentConfigSetInputFile(config, GetInputDir(), "failsafe.cf");
}
else
{
GenericAgentConfigSetInputFile(config, GetInputDir(), vbuff);
}
}
}
/**
* @brief Set the STATEDIR/am_policy_hub marker file.
* @param am_policy_hub If true, create marker file. If false, delete it.
* @return True if successful
*/
static char *AmPolicyHubFilename(void)
{
return StringFormat("%s%cam_policy_hub", GetStateDir(), FILE_SEPARATOR);
}
static BOOL Directories_OnInitDialog(HWND hDlg, HWND hwndFocus, LPARAM lParam)
{
RECT rectClient;
LVCOLUMN LVCol;
char* token;
char buf[MAX_PATH * MAX_DIRS];
int i;
pDirInfo = (struct tDirInfo*) malloc(sizeof(struct tDirInfo));
if (pDirInfo == NULL) /* bummer */
{
EndDialog(hDlg, -1);
return FALSE;
}
for (i = LASTDIR - 1; i >= 0; i--)
{
ComboBox_InsertString(GetDlgItem(hDlg, IDC_DIR_COMBO), 0, dir_names[i]);
}
ComboBox_SetCurSel(GetDlgItem(hDlg, IDC_DIR_COMBO), 0);
GetClientRect(GetDlgItem(hDlg, IDC_DIR_LIST), &rectClient);
memset(&LVCol, 0, sizeof(LVCOLUMN));
LVCol.mask = LVCF_WIDTH;
LVCol.cx = rectClient.right - rectClient.left - GetSystemMetrics(SM_CXHSCROLL);
ListView_InsertColumn(GetDlgItem(hDlg, IDC_DIR_LIST), 0, &LVCol);
/* Keep a temporary copy of the directory strings in pDirInfo. */
memset(pDirInfo, 0, sizeof(struct tDirInfo));
strcpy(buf, GetRomDirs());
pDirInfo->m_Paths[ROM].m_NumDirectories = 0;
token = strtok(buf, ";");
while ((DirInfo_NumDir(pDirInfo, ROM) < MAX_DIRS) && token)
{
strcpy(DirInfo_Path(pDirInfo, ROM, DirInfo_NumDir(pDirInfo, ROM)), token);
DirInfo_NumDir(pDirInfo, ROM)++;
token = strtok(NULL, ";");
}
pDirInfo->m_Paths[ROM].m_bModified = FALSE;
strcpy(buf, GetSampleDirs());
pDirInfo->m_Paths[SAMPLE].m_NumDirectories = 0;
token = strtok(buf, ";");
while ((DirInfo_NumDir(pDirInfo, SAMPLE) < MAX_DIRS) && token)
{
strcpy(DirInfo_Path(pDirInfo, SAMPLE, DirInfo_NumDir(pDirInfo, SAMPLE)), token);
DirInfo_NumDir(pDirInfo, SAMPLE)++;
token = strtok(NULL, ";");
}
pDirInfo->m_Paths[SAMPLE].m_bModified = FALSE;
strcpy(DirInfo_Dir(pDirInfo, CFG), GetCfgDir());
strcpy(DirInfo_Dir(pDirInfo, HI), GetHiDir());
strcpy(DirInfo_Dir(pDirInfo, IMG), GetImgDir());
strcpy(DirInfo_Dir(pDirInfo, INP), GetInpDir());
strcpy(DirInfo_Dir(pDirInfo, STATE), GetStateDir());
strcpy(DirInfo_Dir(pDirInfo, ART), GetArtDir());
strcpy(DirInfo_Dir(pDirInfo, MEMCARD), GetMemcardDir());
strcpy(DirInfo_Dir(pDirInfo, FLYER), GetFlyerDir());
strcpy(DirInfo_Dir(pDirInfo, CABINET), GetCabinetDir());
strcpy(DirInfo_Dir(pDirInfo, NVRAM), GetNvramDir());
UpdateDirectoryList(hDlg);
return TRUE;
}
