[Pkg-ossec-devel] [SCM] Git repository for pkg-ossec branch, master, updated. f89fb2c00b1a2606035e5cd0e35b4ebe99f049ac
Javier Fernandez-Sanguino
jfs at debian.org
Wed Aug 29 16:31:24 UTC 2012
The following commit has been merged in the master branch:
commit 157ad446c90a39f39344574d8e560380034608cc
Author: Javier Fernandez-Sanguino <jfs at debian.org>
Date: Sun Aug 26 13:42:32 2012 +0200
Patch to introduce a chroot option to all the applications
diff --git a/debian/patches/02-add-chroot-option.patch b/debian/patches/02-add-chroot-option.patch
new file mode 100644
index 0000000..b9a4268
--- /dev/null
+++ b/debian/patches/02-add-chroot-option.patch
@@ -0,0 +1,1388 @@
+Index: pkg-ossec/src/os_auth/main-server.c
+===================================================================
+--- pkg-ossec.orig/src/os_auth/main-server.c 2012-08-25 21:55:33.000000000 +0200
++++ pkg-ossec/src/os_auth/main-server.c 2012-08-26 13:36:38.000000000 +0200
+@@ -48,6 +48,7 @@
+ FILE *fp;
+ int c, test_config = 0;
+ int gid = 0, client_sock = 0, sock = 0, port = 1515, ret = 0;
++ int do_chroot = 1;
+ char *dir = DEFAULTDIR;
+ char *user = USER;
+ char *group = GROUPGLOBAL;
+@@ -67,7 +68,7 @@
+ /* Setting the name */
+ OS_SetName(ARGV0);
+
+- while((c = getopt(argc, argv, "Vdhu:g:D:c:m:p:")) != -1)
++ while((c = getopt(argc, argv, "Vdhu:g:D:c:m:p:NC")) != -1)
+ {
+ switch(c){
+ case 'V':
+@@ -110,6 +111,12 @@
+ ErrorExit("%s: Invalid port: %s", ARGV0, optarg);
+ }
+ break;
++ case 'N': /* Disable the use of chroot */
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ report_help();
+ break;
+@@ -138,7 +145,11 @@
+
+
+ /* do_chroot */
+- chdir(dir);
++ if (do_chroot)
++ chdir(dir);
++ else
++ chdir(dir);
++ /* Note: we currently we do not chroot so the option does not make any difference (yet) */
+
+
+
+Index: pkg-ossec/src/os_csyslogd/main.c
+===================================================================
+--- pkg-ossec.orig/src/os_csyslogd/main.c 2012-08-25 22:39:47.000000000 +0200
++++ pkg-ossec/src/os_csyslogd/main.c 2012-08-26 13:08:43.000000000 +0200
+@@ -20,6 +20,7 @@
+ int main(int argc, char **argv)
+ {
+ int c, test_config = 0,run_foreground = 0;
++ int do_chroot = 1;
+ int uid = 0,gid = 0;
+
+ /* Using MAILUSER (read only) */
+@@ -37,7 +38,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "vVdhtfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -76,6 +77,12 @@
+ case 't':
+ test_config = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -148,13 +155,14 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+-
+- /* Now on chroot */
+- nowChroot();
+-
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ /* Now on chroot */
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Changing user */
+Index: pkg-ossec/src/shared/help.c
+===================================================================
+--- pkg-ossec.orig/src/shared/help.c 2012-08-25 22:43:50.000000000 +0200
++++ pkg-ossec/src/shared/help.c 2012-08-26 13:09:35.000000000 +0200
+@@ -35,6 +35,8 @@
+ print_out(" -g <group> Run as 'group'");
+ print_out(" -c <config> Read the 'config' file");
+ print_out(" -D <dir> Chroot to 'dir'");
++ print_out(" -N Do not chroot");
++ print_out(" -C Chroot the program (default behaviour)");
+ print_out(" ");
+ exit(1);
+ }
+Index: pkg-ossec/src/analysisd/analysisd.c
+===================================================================
+--- pkg-ossec.orig/src/analysisd/analysisd.c 2012-08-25 22:44:49.000000000 +0200
++++ pkg-ossec/src/analysisd/analysisd.c 2012-08-26 13:07:28.000000000 +0200
+@@ -132,6 +132,7 @@
+ #endif
+ {
+ int c = 0, m_queue = 0, test_config = 0,run_foreground = 0;
++ int do_chroot = 1;
+ char *dir = DEFAULTDIR;
+ char *user = USER;
+ char *group = GROUPGLOBAL;
+@@ -151,7 +152,7 @@
+ hourly_syscheck = 0;
+ hourly_firewall = 0;
+
+- while((c = getopt(argc, argv, "Vtdhfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "Vtdhfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -187,6 +188,12 @@
+ case 't':
+ test_config = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -280,11 +287,13 @@
+ ErrorExit(SETGID_ERROR,ARGV0,group);
+
+ /* Chrooting */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+-
+- nowChroot();
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+
+Index: pkg-ossec/src/analysisd/makelists.c
+===================================================================
+--- pkg-ossec.orig/src/analysisd/makelists.c 2012-08-25 22:45:57.000000000 +0200
++++ pkg-ossec/src/analysisd/makelists.c 2012-08-26 13:08:05.000000000 +0200
+@@ -67,6 +67,8 @@
+ print_out(" -g <group> Run as 'group'");
+ print_out(" -c <config> Read the 'config' file");
+ print_out(" -D <dir> Chroot to 'dir'");
++ print_out(" -N Do not chroot");
++ print_out(" -C Chroot the daemon (default behaviour)");
+ print_out(" ");
+ exit(1);
+ }
+@@ -76,6 +78,7 @@
+ int main(int argc, char **argv)
+ {
+ int c = 0;
++ int do_chroot = 1;
+ char *dir = DEFAULTDIR;
+ char *user = USER;
+ char *group = GROUPGLOBAL;
+@@ -92,7 +95,7 @@
+ prev_year = 0;
+ memset(prev_month, '\0', 4);
+
+- while((c = getopt(argc, argv, "Vdhfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "Vdhfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -125,6 +128,12 @@
+ case 'f':
+ force = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -157,11 +166,13 @@
+ ErrorExit(SETGID_ERROR,ARGV0,group);
+
+ /* Chrooting */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+- nowChroot();
+-
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Createing the lists for use in rules */
+Index: pkg-ossec/src/os_maild/maild.c
+===================================================================
+--- pkg-ossec.orig/src/os_maild/maild.c 2012-08-25 22:48:21.000000000 +0200
++++ pkg-ossec/src/os_maild/maild.c 2012-08-26 13:09:05.000000000 +0200
+@@ -31,6 +31,7 @@
+ int main(int argc, char **argv)
+ {
+ int c, test_config = 0,run_foreground = 0;
++ int do_chroot = 1;
+ int uid = 0,gid = 0;
+ char *dir = DEFAULTDIR;
+ char *user = MAILUSER;
+@@ -45,7 +46,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "Vdhtfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -81,6 +82,12 @@
+ case 't':
+ test_config = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -137,11 +144,13 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+- nowChroot();
+-
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Changing user */
+Index: pkg-ossec/src/addagent/main.c
+===================================================================
+--- pkg-ossec.orig/src/addagent/main.c 2012-08-25 23:00:38.000000000 +0200
++++ pkg-ossec/src/addagent/main.c 2012-08-26 13:13:35.000000000 +0200
+@@ -24,6 +24,8 @@
+ printf("\t-l List available agents.\n");
+ printf("\t-e <id> Extracts key for an agent (Manager only).\n");
+ printf("\t-i <id> Import authentication key (Agent only).\n\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -68,6 +70,7 @@
+ char *user_msg;
+
+ int c = 0, cmdlist = 0;
++ int do_chroot = 1;
+ char *cmdexport = NULL;
+ char *cmdimport = NULL;
+
+@@ -82,7 +85,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "Vhle:i:")) != -1){
++ while((c = getopt(argc, argv, "Vhle:i:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -112,6 +115,12 @@
+ case 'l':
+ cmdlist = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ helpmsg();
+ break;
+@@ -143,16 +152,18 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+
+
+- /* Inside chroot now */
+- nowChroot();
+-
+-
+ /* Starting signal handler */
+ StartSIG2(ARGV0, manage_shutdown);
+ #endif
+Index: pkg-ossec/src/monitord/main.c
+===================================================================
+--- pkg-ossec.orig/src/monitord/main.c 2012-08-25 22:58:45.000000000 +0200
++++ pkg-ossec/src/monitord/main.c 2012-08-26 13:10:49.000000000 +0200
+@@ -19,6 +19,7 @@
+ int main(int argc, char **argv)
+ {
+ int c, test_config = 0, run_foreground = 0;
++ int do_chroot = 1;
+ int uid=0,gid=0;
+ char *dir = DEFAULTDIR;
+ char *user = USER;
+@@ -32,7 +33,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "Vdhtfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -68,6 +69,12 @@
+ case 't':
+ test_config = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -169,11 +176,13 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+- nowChroot();
+-
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Changing user */
+Index: pkg-ossec/src/monitord/report.c
+===================================================================
+--- pkg-ossec.orig/src/monitord/report.c 2012-08-25 22:53:34.000000000 +0200
++++ pkg-ossec/src/monitord/report.c 2012-08-26 13:10:17.000000000 +0200
+@@ -24,6 +24,8 @@
+ printf("\t-r <filter> <value> Show related entries.\n");
+ printf("\t-n Creates a description for the report.\n");
+ printf("\t-s Show the alert dump.\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ printf("\n");
+ printf("\tFilters allowed: group, rule, level, location,\n");
+ printf("\t user, srcip, filename\n");
+@@ -41,6 +43,7 @@
+ {
+ int c, test_config = 0;
+ int uid=0,gid=0;
++ int do_chroot = 1;
+ char *dir = DEFAULTDIR;
+ char *user = USER;
+ char *group = GROUPGLOBAL;
+@@ -76,7 +79,7 @@
+
+ r_filter.report_name = NULL;
+
+- while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:")) != -1)
++ while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:NC")) != -1)
+ {
+ switch(c){
+ case 'V':
+@@ -144,6 +147,12 @@
+ case 's':
+ r_filter.show_alerts = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ report_help();
+ break;
+@@ -173,11 +182,13 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+- nowChroot();
+-
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Changing user */
+Index: pkg-ossec/src/os_dbd/main.c
+===================================================================
+--- pkg-ossec.orig/src/os_dbd/main.c 2012-08-25 23:01:50.000000000 +0200
++++ pkg-ossec/src/os_dbd/main.c 2012-08-26 13:14:01.000000000 +0200
+@@ -55,6 +55,7 @@
+ {
+ int c, test_config = 0, run_foreground = 0;
+ int uid = 0,gid = 0;
++ int do_chroot = 1;
+
+ /* Using MAILUSER (read only) */
+ char *dir = DEFAULTDIR;
+@@ -72,7 +73,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1){
++ while((c = getopt(argc, argv, "vVdhtfu:g:D:c:NC")) != -1){
+ switch(c){
+ case 'V':
+ db_info();
+@@ -111,6 +112,12 @@
+ case 't':
+ test_config = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'N':
++ do_chroot = 1;
++ break;
+ default:
+ help(ARGV0);
+ break;
+@@ -215,12 +222,14 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+-
+- /* Now on chroot */
+- nowChroot();
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ /* Now on chroot */
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Inserting server info into the db */
+Index: pkg-ossec/src/remoted/main.c
+===================================================================
+--- pkg-ossec.orig/src/remoted/main.c 2012-08-25 22:59:37.000000000 +0200
++++ pkg-ossec/src/remoted/main.c 2012-08-26 13:13:01.000000000 +0200
+@@ -20,6 +20,7 @@
+ int i = 0,c = 0;
+ int uid = 0, gid = 0;
+ int test_config = 0,run_foreground = 0;
++ int do_chroot = 1;
+
+ char *cfg = DEFAULTCPATH;
+ char *dir = DEFAULTDIR;
+@@ -31,7 +32,7 @@
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1){
++ while((c = getopt(argc, argv, "Vdthfu:g:c:D:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -67,6 +68,17 @@
+ if(!optarg)
+ ErrorExit("%s: -D needs an argument",ARGV0);
+ dir = optarg;
++ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
++ default:
++ print_out("Unknown argument");
++ help(ARGV0);
++ break;
+ }
+ }
+
+@@ -113,11 +125,13 @@
+ ErrorExit(SETGID_ERROR, ARGV0, group);
+
+ /* Going on chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR,ARGV0,dir);
+-
+-
+- nowChroot();
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR,ARGV0,dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ /* Starting the signal manipulation */
+Index: pkg-ossec/src/util/agent_control.c
+===================================================================
+--- pkg-ossec.orig/src/util/agent_control.c 2012-08-25 23:02:58.000000000 +0200
++++ pkg-ossec/src/util/agent_control.c 2012-08-26 13:14:37.000000000 +0200
+@@ -34,6 +34,8 @@
+ printf("\t-f <ar> Used with -b, specifies which response to run.\n");
+ printf("\t-L List available active responses.\n");
+ printf("\t-s Changes the output to CSV (comma delimited).\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -54,6 +56,7 @@
+ int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
+ int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
+ int list_responses = 0, end_time = 0, restart_agent = 0;
++ int do_chroot = 1;
+
+ char shost[512];
+
+@@ -72,7 +75,7 @@
+ }
+
+
+- while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
++ while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:NC")) != -1)
+ {
+ switch(c){
+ case 'V':
+@@ -139,6 +142,12 @@
+ case 'a':
+ restart_all_agents = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ helpmsg();
+ break;
+@@ -164,14 +173,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+Index: pkg-ossec/src/util/rootcheck_control.c
+===================================================================
+--- pkg-ossec.orig/src/util/rootcheck_control.c 2012-08-25 23:07:53.000000000 +0200
++++ pkg-ossec/src/util/rootcheck_control.c 2012-08-26 13:15:09.000000000 +0200
+@@ -34,6 +34,8 @@
+ printf("\t-q Used with -i, prints all the outstanding issues.\n");
+ printf("\t-L Used with -i, prints the last scan.\n");
+ printf("\t-s Changes the output to CSV (comma delimited).\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -48,6 +50,7 @@
+
+ int gid = 0;
+ int uid = 0;
++ int do_chroot = 1;
+ int c = 0, info_agent = 0, update_rootcheck = 0,
+ list_agents = 0, show_last = 0,
+ resolved_only = 0;
+@@ -68,7 +71,7 @@
+ }
+
+
+- while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1)
++ while((c = getopt(argc, argv, "VhqrDdLlcsu:i:N")) != -1)
+ {
+ switch(c){
+ case 'V':
+@@ -116,6 +119,12 @@
+ agent_id = optarg;
+ update_rootcheck = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ helpmsg();
+ break;
+@@ -141,14 +150,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+Index: pkg-ossec/src/util/clear_stats.c
+===================================================================
+--- pkg-ossec.orig/src/util/clear_stats.c 2012-08-25 23:12:25.000000000 +0200
++++ pkg-ossec/src/util/clear_stats.c 2012-08-26 13:29:44.000000000 +0200
+@@ -27,6 +27,8 @@
+ printf("\t-a Clear all the stats (averages).\n");
+ printf("\t-d Clear the daily averages.\n");
+ printf("\t-w Clear the weekly averages.\n\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -42,6 +44,7 @@
+ char *user = USER;
+ int gid;
+ int uid;
++ int do_chroot = 1;
+
+
+ /* Setting the name */
+@@ -49,11 +52,42 @@
+
+
+ /* user arguments */
+- if(argc != 2)
++
++ while((c = getopt(argc, argv, "hadwNC")) != -1)
+ {
+- helpmsg();
++ switch(c){
++ case 'h':
++ helpmsg();
++ break;
++ case 'a':
++ clear_daily = 1;
++ clear_weekly = 1;
++ break;
++ case 'd':
++ clear_daily = 1;
++ break;
++ case 'w':
++ clear_weekly = 1;
++ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
++ default:
++ printf("\n** Invalid option '%s'.\n", argv[1]);
++ helpmsg();
++ break;
++ }
+ }
+-
++
++ if(! clear_weekly && ! clear_daily)
++ {
++ /* We did not get any valid a, d or w option */
++ helpmsg();
++ }
++
+ /* Getting the group name */
+ gid = Privsep_GetGroup(group);
+ uid = Privsep_GetUser(user);
+@@ -71,14 +105,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+@@ -87,30 +123,6 @@
+ ErrorExit(SETUID_ERROR, ARGV0, user);
+ }
+
+- /* User options */
+- if(strcmp(argv[1], "-h") == 0)
+- {
+- helpmsg();
+- }
+- else if(strcmp(argv[1], "-a") == 0)
+- {
+- clear_daily = 1;
+- clear_weekly = 1;
+- }
+- else if(strcmp(argv[1], "-d") == 0)
+- {
+- clear_daily = 1;
+- }
+- else if(strcmp(argv[1], "-w") == 0)
+- {
+- clear_weekly = 1;
+- }
+- else
+- {
+- printf("\n** Invalid option '%s'.\n", argv[1]);
+- helpmsg();
+- }
+-
+
+ /* Clear daily files */
+ if(clear_daily)
+Index: pkg-ossec/src/util/syscheck_update.c
+===================================================================
+--- pkg-ossec.orig/src/util/syscheck_update.c 2012-08-25 23:09:36.000000000 +0200
++++ pkg-ossec/src/util/syscheck_update.c 2012-08-26 13:29:07.000000000 +0200
+@@ -27,6 +27,8 @@
+ printf("\t-a Update syscheck database for all agents.\n");
+ printf("\t-u <id> Update syscheck database for a specific agent.\n");
+ printf("\t-u local Update syscheck database locally.\n\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -39,6 +41,9 @@
+ char *user = USER;
+ int gid;
+ int uid;
++ int do_chroot = 1;
++ int list_agents, update_agents = 0;
++ char *agent_id = NULL;
+
+
+ /* Setting the name */
+@@ -50,6 +55,33 @@
+ {
+ helpmsg();
+ }
++ while((c = getopt(argc, argv, "hlau:NC")) != -1)
++ {
++ switch(c){
++ case 'h':
++ helpmsg();
++ break;
++ case 'l':
++ list_agents = 1;
++ break;
++ case 'u':
++ if(!optarg)
++ {
++ merror("%s: -u needs an argument",ARGV0);
++ helpmsg();
++ }
++ agent_id = optarg;
++ update_agents = 1;
++ break;
++ case 'a':
++ agent_id = strdup("all");
++ update_agents = 1;
++ break;
++ default:
++ helpmsg();
++ }
++ }
++
+
+ /* Getting the group name */
+ gid = Privsep_GetGroup(group);
+@@ -68,14 +100,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+@@ -85,11 +119,7 @@
+ }
+
+ /* User options */
+- if(strcmp(argv[1], "-h") == 0)
+- {
+- helpmsg();
+- }
+- else if(strcmp(argv[1], "-l") == 0)
++ if( list_agents )
+ {
+ printf("\nOSSEC HIDS %s: Updates the integrity check database.",
+ ARGV0);
+@@ -97,108 +127,98 @@
+ printf("\n");
+ exit(0);
+ }
+- else if(strcmp(argv[1], "-u") == 0)
++ else if( update_agents ))
+ {
+- if(argc != 3)
+- {
+- printf("\n** Option -u requires an extra argument\n");
+- helpmsg();
+- }
+- }
+- else if(strcmp(argv[1], "-a") == 0)
+- {
+- DIR *sys_dir;
+- struct dirent *entry;
+-
+- sys_dir = opendir(SYSCHECK_DIR);
+- if(!sys_dir)
+- {
+- ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
+- }
+-
+- while((entry = readdir(sys_dir)) != NULL)
+- {
+- FILE *fp;
+- char full_path[OS_MAXSTR +1];
+-
+- /* Do not even attempt to delete . and .. :) */
+- if((strcmp(entry->d_name,".") == 0)||
+- (strcmp(entry->d_name,"..") == 0))
+- {
+- continue;
+- }
+-
+- snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
+-
+- fp = fopen(full_path, "w");
+- if(fp)
+- {
+- fclose(fp);
+- }
+- if(entry->d_name[0] == '.')
+- {
+- unlink(full_path);
+- }
+- }
++ if ( strcmp(agent_id, "all") == 0 )
++ {
++ DIR *sys_dir;
++ struct dirent *entry;
++
++ sys_dir = opendir(SYSCHECK_DIR);
++ if(!sys_dir)
++ {
++ ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
++ }
++
++ while((entry = readdir(sys_dir)) != NULL)
++ {
++ FILE *fp;
++ char full_path[OS_MAXSTR +1];
++
++ /* Do not even attempt to delete . and .. :) */
++ if((strcmp(entry->d_name,".") == 0)||
++ (strcmp(entry->d_name,"..") == 0))
++ {
++ continue;
++ }
++
++ snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
++
++ fp = fopen(full_path, "w");
++ if(fp)
++ {
++ fclose(fp);
++ }
++ if(entry->d_name[0] == '.')
++ {
++ unlink(full_path);
++ }
++ }
++
++ closedir(sys_dir);
++ printf("\n** Integrity check database updated.\n\n");
++ exit(0);
++ }
++ else if(strcmp(agent_id,"local") == 0)
++ {
++ /* local */
++ char final_dir[1024];
++ FILE *fp;
++ snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
++
++ fp = fopen(final_dir, "w");
++ if(fp)
++ {
++ fclose(fp);
++ }
++ unlink(final_dir);
++
++
++ /* Deleting cpt file */
++ snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
++
++ fp = fopen(final_dir, "w");
++ if(fp)
++ {
++ fclose(fp);
++ }
++ /* unlink(final_dir); */
++ }
++ /* external agents */
++ else
++ {
++ int i;
++ keystore keys;
++
++ OS_ReadKeys(&keys);
++
++ i = OS_IsAllowedID(&keys, argv[2]);
++ if(i < 0)
++ {
++ printf("\n** Invalid agent id '%s'.\n", argv[2]);
++ helpmsg();
++ }
++
++ /* Deleting syscheck */
++ delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
++ }
+
+- closedir(sys_dir);
+- printf("\n** Integrity check database updated.\n\n");
+- exit(0);
++ printf("\n** Integrity check database updated.\n\n");
++ exit(0);
+ }
+- else
+- {
+- printf("\n** Invalid option '%s'.\n", argv[1]);
+- helpmsg();
+- }
+-
+-
+- /* local */
+- if(strcmp(argv[2],"local") == 0)
+- {
+- char final_dir[1024];
+- FILE *fp;
+- snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
+-
+- fp = fopen(final_dir, "w");
+- if(fp)
+- {
+- fclose(fp);
+- }
+- unlink(final_dir);
+-
+
+- /* Deleting cpt file */
+- snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
+-
+- fp = fopen(final_dir, "w");
+- if(fp)
+- {
+- fclose(fp);
+- }
+- /* unlink(final_dir); */
+- }
+-
+- /* external agents */
+- else
+- {
+- int i;
+- keystore keys;
+-
+- OS_ReadKeys(&keys);
+-
+- i = OS_IsAllowedID(&keys, argv[2]);
+- if(i < 0)
+- {
+- printf("\n** Invalid agent id '%s'.\n", argv[2]);
+- helpmsg();
+- }
+-
+- /* Deleting syscheck */
+- delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
+- }
+-
+- printf("\n** Integrity check database updated.\n\n");
+- return(0);
++ printf("\n** No work to do (wrong options?).\n\n");
++ exit(0);
+ }
+
+
+Index: pkg-ossec/src/util/syscheck_control.c
+===================================================================
+--- pkg-ossec.orig/src/util/syscheck_control.c 2012-08-26 13:31:48.000000000 +0200
++++ pkg-ossec/src/util/syscheck_control.c 2012-08-26 13:39:43.000000000 +0200
+@@ -51,6 +51,7 @@
+
+ int gid = 0;
+ int uid = 0;
++ int do_chroot = 1;
+ int c = 0, info_agent = 0, update_syscheck = 0,
+ list_agents = 0, zero_counter = 0,
+ registry_only = 0;
+@@ -71,7 +72,7 @@
+ }
+
+
+- while((c = getopt(argc, argv, "VhzrDdlcsu:i:f:")) != -1)
++ while((c = getopt(argc, argv, "VhzrDdlcsu:i:f:NC")) != -1)
+ {
+ switch(c){
+ case 'V':
+@@ -126,6 +127,12 @@
+ agent_id = optarg;
+ update_syscheck = 1;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ default:
+ helpmsg();
+ break;
+@@ -151,14 +158,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+Index: pkg-ossec/src/client-agent/agentd.c
+===================================================================
+--- pkg-ossec.orig/src/client-agent/agentd.c 2012-08-26 13:36:47.000000000 +0200
++++ pkg-ossec/src/client-agent/agentd.c 2012-08-26 13:39:26.000000000 +0200
+@@ -24,7 +24,7 @@
+ /* AgentdStart v0.2, 2005/11/09
+ * Starts the agent daemon.
+ */
+-void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
++void AgentdStart(char *dir, int uid, int gid, char *user, char *group, int do_chroot)
+ {
+ int rc = 0;
+ int pid = 0;
+@@ -48,11 +48,13 @@
+
+
+ /* do_chroot */
+- if(Privsep_Chroot(dir) < 0)
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
+-
+-
+- nowChroot();
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ nowChroot();
++ } else {
++ chdir(dir);
++ }
+
+
+ if(Privsep_SetUser(uid) < 0)
+Index: pkg-ossec/src/client-agent/agentd.h
+===================================================================
+--- pkg-ossec.orig/src/client-agent/agentd.h 2012-08-26 13:38:21.000000000 +0200
++++ pkg-ossec/src/client-agent/agentd.h 2012-08-26 13:38:46.000000000 +0200
+@@ -28,7 +28,7 @@
+ int ClientConf(char *cfgfile);
+
+ /* Agentd init function */
+-void AgentdStart(char *dir, int uid, int gid, char *user, char *group);
++void AgentdStart(char *dir, int uid, int gid, char *user, char *group, int do_chroot);
+
+ /* Event Forwarder */
+ void *EventForward();
+Index: pkg-ossec/src/client-agent/main.c
+===================================================================
+--- pkg-ossec.orig/src/client-agent/main.c 2012-08-26 13:37:27.000000000 +0200
++++ pkg-ossec/src/client-agent/main.c 2012-08-26 13:38:13.000000000 +0200
+@@ -42,13 +42,14 @@
+
+ int uid = 0;
+ int gid = 0;
++ int do_chroot = 1;
+
+
+ /* Setting the name */
+ OS_SetName(ARGV0);
+
+
+- while((c = getopt(argc, argv, "Vtdhu:g:D:")) != -1){
++ while((c = getopt(argc, argv, "Vtdhu:g:D:NC")) != -1){
+ switch(c){
+ case 'V':
+ print_version();
+@@ -77,6 +78,12 @@
+ ErrorExit("%s: -D needs an argument",ARGV0);
+ dir = optarg;
+ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
+ }
+ }
+
+@@ -129,7 +136,7 @@
+
+
+ /* Agentd Start */
+- AgentdStart(dir, uid, gid, user, group);
++ AgentdStart(dir, uid, gid, user, group, do_chroot);
+
+
+ return(0);
+Index: pkg-ossec/src/util/list_agents.c
+===================================================================
+--- pkg-ossec.orig/src/util/list_agents.c 2012-08-26 13:32:08.000000000 +0200
++++ pkg-ossec/src/util/list_agents.c 2012-08-26 13:35:58.000000000 +0200
+@@ -25,6 +25,8 @@
+ printf("\t-a List all agents.\n");
+ printf("\t-c List the connected (active) agents.\n");
+ printf("\t-n List the not connected (active) agents.\n");
++ printf("\t-N Do not chroot.\n");
++ printf("\t-C Chroot the program (default behaviour).\n");
+ exit(1);
+ }
+
+@@ -41,6 +43,7 @@
+ int gid;
+ int uid;
+ int flag;
++ int do_chroot = 1;
+
+
+ /* Setting the name */
+@@ -52,6 +55,36 @@
+ {
+ helpmsg();
+ }
++ /* User options */
++ while((c = getopt(argc, argv, "hacnNC")) != -1)
++ {
++ switch(c){
++ case 'h':
++ helpmsg();
++ break;
++ case 'a':
++ flag = GA_ALL;
++ msg = "is available.";
++ break;
++ case 'c':
++ flag = GA_ACTIVE;
++ msg = "is active.";
++ break;
++ case 'n':
++ flag = GA_NOTACTIVE;
++ msg = "is not active.";
++ break;
++ case 'N':
++ do_chroot = 0;
++ break;
++ case 'C':
++ do_chroot = 1;
++ break;
++ default:
++ helpmsg;
++ }
++ }
++
+
+ /* Getting the group name */
+ gid = Privsep_GetGroup(group);
+@@ -70,14 +103,16 @@
+
+
+ /* Chrooting to the default directory */
+- if(Privsep_Chroot(dir) < 0)
+- {
+- ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ if (do_chroot) {
++ if(Privsep_Chroot(dir) < 0)
++ {
++ ErrorExit(CHROOT_ERROR, ARGV0, dir);
++ }
++ /* Inside chroot now */
++ nowChroot();
++ } else {
++ chdir(dir);
+ }
+-
+-
+- /* Inside chroot now */
+- nowChroot();
+
+
+ /* Setting the user */
+@@ -86,32 +121,6 @@
+ ErrorExit(SETUID_ERROR, ARGV0, user);
+ }
+
+- /* User options */
+- if(strcmp(argv[1], "-h") == 0)
+- {
+- helpmsg();
+- }
+- else if(strcmp(argv[1], "-a") == 0)
+- {
+- flag = GA_ALL;
+- msg = "is available.";
+- }
+- else if(strcmp(argv[1], "-c") == 0)
+- {
+- flag = GA_ACTIVE;
+- msg = "is active.";
+- }
+- else if(strcmp(argv[1], "-n") == 0)
+- {
+- flag = GA_NOTACTIVE;
+- msg = "is not active.";
+- }
+- else
+- {
+- printf("\n** Invalid option '%s'.\n", argv[1]);
+- helpmsg();
+- }
+-
+
+ agent_list = get_agents(flag);
+ if(agent_list)
--
Git repository for pkg-ossec
More information about the Pkg-ossec-devel
mailing list