/** * sim_db_insert_host_os: * * Insert 'host os' event in @databse */ void sim_db_insert_host_os (SimDatabase *database, SimInet *inet, gchar *date, SimInet *sensor, gchar *interface, gchar *os, SimUuid *context_id) { gchar *query = NULL; gchar *os_escaped; g_return_if_fail (SIM_IS_DATABASE (database)); g_return_if_fail (SIM_IS_INET (inet)); g_return_if_fail (date); g_return_if_fail (os); os_escaped = g_strescape (os, NULL); query = g_strdup_printf ("INSERT INTO host_os (id, ctx, sensor, date, os, interface) " "SELECT id, %s, %s, '%s', '%s', '%s' FROM host " "WHERE ip = %s and ctx = %s LIMIT 1", sim_uuid_get_db_string (context_id), sensor ? sim_inet_get_db_string (sensor) : "NULL", date, os_escaped, interface, sim_inet_get_db_string (inet), sim_uuid_get_db_string (context_id)); sim_db_execute_query (database, query); g_free (os_escaped); }
/** * sim_db_insert_host_service: * * Insert 'host service' in @databse */ void sim_db_insert_host_service (SimDatabase *database, SimInet *inet, gchar *date, gint port, gint protocol, SimInet *sensor, gchar *interface, gchar *service, gchar *application, SimUuid *context_id) { gchar *query; gint plugin_id; struct servent *temp_serv = NULL; struct protoent *temp_proto = NULL; g_return_if_fail (SIM_IS_DATABASE (database)); g_return_if_fail (SIM_IS_INET (inet)); g_return_if_fail (date); g_return_if_fail (port >= 0); /* Needed for ints */ g_return_if_fail (protocol >= 0); g_return_if_fail (sensor); g_return_if_fail (service); g_return_if_fail (application); temp_proto = getprotobynumber (protocol); if (temp_proto->p_name == NULL) return; /* Since we don't know the proto we wont insert a service without a protocol */ temp_serv = getservbyport (port, temp_proto->p_name); query = g_strdup_printf ("INSERT INTO host_services " "(id, date, port, protocol, service, service_type, version, origin, sensor, interface, ctx) " "SELECT id, '%s', %u, %u, '%s', '%s', '%s', 0, %s, '%s', %s " "FROM host WHERE ip = %s and ctx = %s LIMIT 1", date, port, protocol, (temp_serv != NULL) ? temp_serv->s_name : "unknown", service, application, sim_inet_get_db_string (sensor), interface, sim_uuid_get_db_string (context_id), sim_inet_get_db_string (inet), sim_uuid_get_db_string (context_id)); sim_db_execute_query (database, query); g_free (query); plugin_id = SIM_PLUGIN_SERVICE; sim_db_insert_host_plugin_sid (database, inet, plugin_id, port, context_id); }
/** * sim_db_insert_host_mac: * * Insert 'host mac' event in @databse */ void sim_db_insert_host_mac (SimDatabase *database, SimInet *inet, gchar *date, gchar *mac, gchar *vendor, gchar *interface, SimInet *sensor, SimUuid *context_id) { gchar *query; gchar *vendor_esc; g_return_if_fail (SIM_IS_DATABASE (database)); g_return_if_fail (SIM_IS_INET (inet)); g_return_if_fail (date); g_return_if_fail (mac); g_return_if_fail (interface); g_return_if_fail (sensor); // we want to insert only the hosts defined in Policy->hosts or inside a network from policy->networks // if((sim_container_get_host_by_ia(container,ia) == NULL) && (sim_container_get_nets_has_ia(container,ia) == NULL)) // return; vendor_esc = g_strescape (vendor, NULL); query = g_strdup_printf ("INSERT INTO host_mac (id, ctx, sensor, date, mac, vendor, interface) " "SELECT id, %s, %s, '%s', '%s', '%s', '%s' FROM host WHERE ip = %s and ctx = %s LIMIT 1", sim_uuid_get_db_string (context_id), sensor ? sim_inet_get_db_string (sensor) : "NULL", date, mac, (vendor_esc) ? vendor_esc : "", interface, sim_inet_get_db_string (inet), sim_uuid_get_db_string (context_id)); g_free (vendor_esc); ossim_debug ("%s: query: %s", __func__, query); sim_db_execute_query (database, query); g_free (query); }
const gchar * sim_geoip_lookup (SimInet *inet) { uint8_t *inet_addr; const gchar *ret; g_return_val_if_fail (SIM_IS_INET (inet), 0); inet_addr = sim_inet_get_in_addr (inet); if (sim_inet_is_ipv4 (inet)) { if (inet_addr[0] || inet_addr[1] || inet_addr[2] || inet_addr[3]) { unsigned long r_addr; r_addr = inet_addr[0] << 24 | inet_addr[1] << 16 | inet_addr[2] << 8 | inet_addr[3]; ret = GeoIP_code_by_id (GeoIP_id_by_ipnum (geoip_db, r_addr)); } else { ret = "--"; } } else { geoipv6_t r_addr; memcpy (r_addr.__in6_u.__u6_addr8, inet_addr, sizeof (geoipv6_t)); ret = GeoIP_code_by_id (GeoIP_id_by_ipnum_v6 (geoipV6_db, r_addr)); } g_free (inet_addr); return ret; }
/** * sim_db_insert_host_plugin_sid: * * Insert host plugin sid in @database */ void sim_db_insert_host_plugin_sid (SimDatabase *database, SimInet *inet, gint plugin_id, gint plugin_sid, SimUuid *context_id) { gchar *query; g_return_if_fail (SIM_IS_DATABASE (database)); g_return_if_fail (SIM_IS_INET (inet)); // this is a plugin_sid which comes from an special event, (the plugin_id) query = g_strdup_printf ("REPLACE INTO host_plugin_sid (host_ip, plugin_id, plugin_sid, ctx) " "VALUES (%s, %d, %d, %s)", sim_inet_get_db_string (inet), plugin_id, plugin_sid, sim_uuid_get_db_string (context_id)); sim_db_execute_query (database, query); g_free (query); }