END_TEST START_TEST(test_osgetonecontentforelement) { char xml_file_name[256]; create_xml_file("<root><child>test</child><child>test2</child><child2>test</child2></root>", xml_file_name, 256); OS_XML xml; ck_assert_int_eq(OS_ReadXML(xml_file_name, &xml), 0); ck_assert_int_eq(OS_ApplyVariables(&xml), 0); const char *xml_path1[] = { "root", "child", NULL }; const char *xml_path2[] = { "root", "child2", NULL }; const char *xml_path3[] = { "root", "child3", NULL }; char *content1, *content2; ck_assert_str_eq(content1 = OS_GetOneContentforElement(&xml, xml_path1), "test"); ck_assert_str_eq(content2 = OS_GetOneContentforElement(&xml, xml_path2), "test"); ck_assert_ptr_eq(OS_GetOneContentforElement(&xml, xml_path3), NULL); free(content1); free(content2); OS_ClearXML(&xml); unlink(xml_file_name); }
/* Get OSSEC Server IP */ int get_ossec_server() { OS_XML xml; char *str = NULL; /* Definitions */ const char *(xml_serverip[]) = {"ossec_config", "client", "server-ip", NULL}; const char *(xml_serverhost[]) = {"ossec_config", "client", "server-hostname", NULL}; /* Read XML */ if (OS_ReadXML(CONFIG, &xml) < 0) { return (0); } /* We need to remove the entry for the server */ if (config_inst.server) { free(config_inst.server); config_inst.server = NULL; } config_inst.server_type = 0; /* Get IP */ str = OS_GetOneContentforElement(&xml, xml_serverip); if (str && (OS_IsValidIP(str, NULL) == 1)) { config_inst.server_type = SERVER_IP_USED; config_inst.server = str; OS_ClearXML(&xml); return (1); } /* If we don't find the IP, try the server hostname */ else { if (str) { free(str); str = NULL; } str = OS_GetOneContentforElement(&xml, xml_serverhost); if (str) { char *s_ip; s_ip = OS_GetHost(str, 0); if (s_ip) { /* Clear the host memory */ free(s_ip); /* Assign the hostname to the server info */ config_inst.server_type = SERVER_HOST_USED; config_inst.server = str; OS_ClearXML(&xml); return (1); } free(str); } } /* Set up final server name when not available */ config_inst.server = strdup(FL_NOSERVER); OS_ClearXML(&xml); return (0); }
/* ExecdConfig v0.1, 2006/03/24 * Read the config file */ int ExecdConfig(char * cfgfile) { extern int repeated_offenders_timeout[]; #ifdef WIN32 int is_disabled = 1; #else int is_disabled = 0; #endif const char *(xmlf[]) = {"ossec_config", "active-response", "disabled", NULL}; const char *(blocks[]) = {"ossec_config", "active-response", "repeated_offenders", NULL}; char *disable_entry; char *repeated_t; char **repeated_a; OS_XML xml; /* Reading XML file */ if(OS_ReadXML(cfgfile,&xml) < 0) { ErrorExit(XML_ERROR, ARGV0, cfgfile, xml.err, xml.err_line); } /* We do not validate the xml in here. It is done by other processes */ disable_entry = OS_GetOneContentforElement(&xml, xmlf); if(disable_entry) { if(strcmp(disable_entry, "yes") == 0) { is_disabled = 1; } else if(strcmp(disable_entry, "no") == 0) { is_disabled = 0; } else { merror(XML_VALUEERR, ARGV0, "disabled", disable_entry); return(-1); } } repeated_t = OS_GetOneContentforElement(&xml, blocks); if(repeated_t) { int i = 0; int j = 0; repeated_a = OS_StrBreak(',', repeated_t, 5); if(!repeated_a) { merror(XML_VALUEERR, ARGV0, "repeated_offenders", disable_entry); return(-1); } while(repeated_a[i] != NULL) { char *tmpt = repeated_a[i]; while(*tmpt != '\0') { if(*tmpt == ' ' || *tmpt == '\t') tmpt++; else break; } if(*tmpt == '\0') { i++; continue; } repeated_offenders_timeout[j] = atoi(tmpt); verbose("%s: INFO: Adding offenders timeout: %d (for #%d)", ARGV0, repeated_offenders_timeout[j], j+1); j++; repeated_offenders_timeout[j] = 0; if(j >= 6) break; i++; } } OS_ClearXML(&xml); return(is_disabled); }
/* Read the rootcheck config */ int Read_Rootcheck_Config(const char *cfgfile) { OS_XML xml; #ifdef OSSECHIDS char *str = NULL; #endif /* XML Definitions */ const char *(xml_base_dir[]) = {xml_rootcheck, "base_directory", NULL}; const char *(xml_workdir[]) = {xml_rootcheck, "work_directory", NULL}; const char *(xml_rootkit_files[]) = {xml_rootcheck, "rootkit_files", NULL}; const char *(xml_rootkit_trojans[]) = {xml_rootcheck, "rootkit_trojans", NULL}; const char *(xml_rootkit_unixaudit[]) = {xml_rootcheck, "system_audit", NULL}; const char *(xml_rootkit_winaudit[]) = {xml_rootcheck, "windows_audit", NULL}; const char *(xml_rootkit_winapps[]) = {xml_rootcheck, "windows_apps", NULL}; const char *(xml_rootkit_winmalware[]) = {xml_rootcheck, "windows_malware", NULL}; const char *(xml_scanall[]) = {xml_rootcheck, "scanall", NULL}; const char *(xml_readall[]) = {xml_rootcheck, "readall", NULL}; #ifdef OSSECHIDS const char *(xml_time[]) = {xml_rootcheck, "frequency", NULL}; #endif const char *(xml_check_dev[]) = {xml_rootcheck, "check_dev", NULL}; const char *(xml_check_files[]) = {xml_rootcheck, "check_files", NULL}; const char *(xml_check_if[]) = {xml_rootcheck, "check_if", NULL}; const char *(xml_check_pids[]) = {xml_rootcheck, "check_pids", NULL}; const char *(xml_check_ports[]) = {xml_rootcheck, "check_ports", NULL}; const char *(xml_check_sys[]) = {xml_rootcheck, "check_sys", NULL}; const char *(xml_check_trojans[]) = {xml_rootcheck, "check_trojans", NULL}; #ifdef WIN32 const char *(xml_check_winapps[]) = {xml_rootcheck, "check_winapps", NULL}; const char *(xml_check_winaudit[]) = {xml_rootcheck, "check_winaudit", NULL}; const char *(xml_check_winmalware[]) = {xml_rootcheck, "check_winmalware", NULL}; #else const char *(xml_check_unixaudit[]) = {xml_rootcheck, "check_unixaudit", NULL}; #endif #ifdef OSSECHIDS /* :) */ xml_time[2] = NULL; #endif if (OS_ReadXML(cfgfile, &xml) < 0) { merror("config_op: XML error: %s", xml.err); return (OS_INVALID); } if (!OS_RootElementExist(&xml, xml_rootcheck)) { OS_ClearXML(&xml); merror("%s: Rootcheck configuration not found. ", ARGV0); return (-1); } #ifdef OSSECHIDS /* time */ str = OS_GetOneContentforElement(&xml, xml_time); if (str) { if (!OS_StrIsNum(str)) { merror("Invalid frequency time '%s' for the rootkit " "detection (must be int).", str); return (OS_INVALID); } rootcheck.time = atoi(str); free(str); str = NULL; } #endif /* OSSECHIDS */ /* Scan all flags */ if (!rootcheck.scanall) { rootcheck.scanall = eval_bool2(OS_GetOneContentforElement(&xml, xml_scanall), 0); } /* Read all flags */ if (!rootcheck.readall) { rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml, xml_readall), 0); } /* Get work directory */ if (!rootcheck.workdir) { rootcheck.workdir = OS_GetOneContentforElement(&xml, xml_workdir); } rootcheck.rootkit_files = OS_GetOneContentforElement (&xml, xml_rootkit_files); rootcheck.rootkit_trojans = OS_GetOneContentforElement (&xml, xml_rootkit_trojans); rootcheck.unixaudit = OS_GetContents (&xml, xml_rootkit_unixaudit); rootcheck.winaudit = OS_GetOneContentforElement (&xml, xml_rootkit_winaudit); rootcheck.winapps = OS_GetOneContentforElement (&xml, xml_rootkit_winapps); rootcheck.winmalware = OS_GetOneContentforElement (&xml, xml_rootkit_winmalware); rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir); rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_dev), 1); rootcheck.checks.rc_files = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_files), 1); rootcheck.checks.rc_if = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_if), 1); rootcheck.checks.rc_pids = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_pids), 1); rootcheck.checks.rc_ports = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_ports), 1); rootcheck.checks.rc_sys = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_sys), 1); rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_trojans), 1); #ifdef WIN32 rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winapps), 1); rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winaudit), 1); rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_winmalware), 1); #else rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml, xml_check_unixaudit), 1); #endif /* WIN32 */ OS_ClearXML(&xml); return (0); }
int main(int argc, char **argv) { int c, test_config = 0, run_foreground = 0; int uid=0,gid=0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; /* Initializing global variables */ mond.a_queue = 0; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help(ARGV0); break; case 'd': nowDebug(); break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; default: help(ARGV0); break; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); /*Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Getting config options */ mond.day_wait = getDefine_Int("monitord", "day_wait", 5,240); mond.compress = getDefine_Int("monitord", "compress", 0,1); mond.sign = getDefine_Int("monitord","sign",0,1); mond.monitor_agents = getDefine_Int("monitord","monitor_agents",0,1); mond.agents = NULL; mond.smtpserver = NULL; mond.emailfrom = NULL; c = 0; c|= CREPORTS; if(ReadConfig(c, cfg, &mond, NULL) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } /* If we have any reports configured, read smtp/emailfrom */ if(mond.reports) { OS_XML xml; char *tmpsmtp; char *(xml_smtp[])={"ossec_config", "global", "smtp_server", NULL}; char *(xml_from[])={"ossec_config", "global", "email_from", NULL}; if(OS_ReadXML(cfg, &xml) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } tmpsmtp = OS_GetOneContentforElement(&xml,xml_smtp); mond.emailfrom = OS_GetOneContentforElement(&xml,xml_from); if(tmpsmtp && mond.emailfrom) { mond.smtpserver = OS_GetHost(tmpsmtp, 5); if(!mond.smtpserver) { merror(INVALID_SMTP, ARGV0, tmpsmtp); if(mond.emailfrom) free(mond.emailfrom); mond.emailfrom = NULL; merror("%s: Invalid SMTP server. Disabling email reports.", ARGV0); } } else { if(tmpsmtp) free(tmpsmtp); if(mond.emailfrom) free(mond.emailfrom); mond.emailfrom = NULL; merror("%s: SMTP server or 'email from' missing. Disabling email reports.", ARGV0); } OS_ClearXML(&xml); } /* Exit here if test config is set */ if(test_config) exit(0); if (!run_foreground) { /* Going on daemon mode */ nowDaemon(); goDaemon(); } /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR,ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real daemon now */ Monitord(); exit(0); }
/* Read_Rootcheck_Config: Reads the rootcheck config */ int Read_Rootcheck_Config(char * cfgfile) { OS_XML xml; char *str = NULL; /* XML Definitions */ char *(xml_daemon[])={xml_rootcheck,"daemon", NULL}; char *(xml_notify[])={xml_rootcheck, "notify", NULL}; char *(xml_base_dir[])={xml_rootcheck, "base_directory", NULL}; char *(xml_workdir[])={xml_rootcheck, "work_directory", NULL}; char *(xml_rootkit_files[])={xml_rootcheck, "rootkit_files", NULL}; char *(xml_rootkit_trojans[])={xml_rootcheck, "rootkit_trojans", NULL}; char *(xml_rootkit_unixaudit[])={xml_rootcheck, "system_audit", NULL}; char *(xml_rootkit_winaudit[])={xml_rootcheck, "windows_audit", NULL}; char *(xml_rootkit_winapps[])={xml_rootcheck, "windows_apps", NULL}; char *(xml_rootkit_winmalware[])={xml_rootcheck, "windows_malware", NULL}; char *(xml_scanall[])={xml_rootcheck, "scanall", NULL}; char *(xml_readall[])={xml_rootcheck, "readall", NULL}; char *(xml_time[])={xml_rootcheck, "frequency", NULL}; /* :) */ xml_time[2] = NULL; if(OS_ReadXML(cfgfile,&xml) < 0) { merror("config_op: XML error: %s",xml.err); return(OS_INVALID); } if(!OS_RootElementExist(&xml,xml_rootcheck)) { OS_ClearXML(&xml); merror("%s: Rootcheck configuration not found. ",ARGV0); return(-1); } /* run as a daemon */ str = OS_GetOneContentforElement(&xml,xml_daemon); if(str) { if(str[0] == 'n') rootcheck.daemon = 0; free(str); str = NULL; } /* time */ #ifdef OSSECHIDS str = OS_GetOneContentforElement(&xml,xml_time); if(str) { if(!OS_StrIsNum(str)) { merror("Invalid frequency time '%s' for the rootkit " "detection (must be int).", str); return(OS_INVALID); } rootcheck.time = atoi(str); free(str); str = NULL; } #endif /* Scan all flag */ if(!rootcheck.scanall) { str = OS_GetOneContentforElement(&xml,xml_scanall); if(str) { if(str[0] == 'y') rootcheck.scanall = 1; free(str); str = NULL; } } /* read all flag */ if(!rootcheck.readall) { str = OS_GetOneContentforElement(&xml,xml_readall); if(str) { if(str[0] == 'y') rootcheck.readall = 1; free(str); str = NULL; } } /* Notifications type */ str = OS_GetOneContentforElement(&xml,xml_notify); if(str) { if(strcasecmp(str,"queue") == 0) rootcheck.notify = QUEUE; else if(strcasecmp(str,"syslog") == 0) rootcheck.notify = SYSLOG; else { merror("%s: Invalid notification option. Only " "'syslog' or 'queue' are allowed.",ARGV0); return(-1); } free(str); str = NULL; } else { /* Default to SYSLOG */ rootcheck.notify = SYSLOG; } /* Getting work directory */ if(!rootcheck.workdir) rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir); rootcheck.rootkit_files = OS_GetOneContentforElement (&xml,xml_rootkit_files); rootcheck.rootkit_trojans = OS_GetOneContentforElement (&xml,xml_rootkit_trojans); rootcheck.unixaudit = OS_GetContents (&xml,xml_rootkit_unixaudit); rootcheck.winaudit = OS_GetOneContentforElement (&xml,xml_rootkit_winaudit); rootcheck.winapps = OS_GetOneContentforElement (&xml,xml_rootkit_winapps); rootcheck.winmalware = OS_GetOneContentforElement (&xml,xml_rootkit_winmalware); rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir); OS_ClearXML(&xml); debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon); debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify); return(0); }