[Pkg-ossec-devel] [pkg-ossec] 01/03: Imported Upstream version 2.7.1
Jose Antonio Quevedo Muñoz
jaqm-guest at moszumanska.debian.org
Thu Mar 6 18:33:22 UTC 2014
This is an automated email from the git hooks/post-receive script.
jaqm-guest pushed a commit to annotated tag upstream/2.7.1
in repository pkg-ossec.
commit 637666f0a10e160ffbd8c0da706ee24fa08de04e
Author: Jose Antonio Quevedo <joseantonio.quevedo at gmail.com>
Date: Thu Mar 6 19:07:57 2014 +0100
Imported Upstream version 2.7.1
---
._.hg_archival.txt | Bin 212 -> 0 bytes
._.hgignore | Bin 212 -> 0 bytes
._.hgtags | Bin 212 -> 0 bytes
._BUGS | Bin 212 -> 0 bytes
._CONFIG | Bin 212 -> 0 bytes
._CONTRIBUTORS | Bin 212 -> 0 bytes
._INSTALL | Bin 212 -> 0 bytes
._LICENSE | Bin 212 -> 0 bytes
._README | Bin 212 -> 0 bytes
._install.sh | Bin 212 -> 0 bytes
.hg_archival.txt | 6 +-
.hgignore | 1 +
.hgtags | 3 +
BUGS | 8 +-
CONFIG | 6 +-
CONTRIBUTORS | 20 +-
INSTALL | 4 +-
LICENSE | 2 +-
README | 4 +-
active-response/._disable-account.sh | Bin 212 -> 0 bytes
active-response/._firewall-drop.sh | Bin 212 -> 0 bytes
active-response/._host-deny.sh | Bin 212 -> 0 bytes
active-response/._ossec-tweeter.sh | Bin 212 -> 0 bytes
active-response/._restart-ossec.sh | Bin 212 -> 0 bytes
active-response/._route-null.sh | Bin 212 -> 0 bytes
active-response/firewall-drop.sh | 66 +-
active-response/firewalls/._ipfw.sh | Bin 212 -> 0 bytes
active-response/firewalls/._ipfw_mac.sh | Bin 212 -> 0 bytes
active-response/firewalls/._pf.sh | Bin 212 -> 0 bytes
active-response/ip-customblock.sh | 42 ++
active-response/win/._netsh.cmd | Bin 212 -> 0 bytes
active-response/win/._restart-ossec.cmd | Bin 212 -> 0 bytes
active-response/win/._route-null.cmd | Bin 212 -> 0 bytes
contrib/._active-list.pl | Bin 212 -> 0 bytes
contrib/._add_localfile.sh | Bin 212 -> 0 bytes
contrib/._compile_alerts.pl | Bin 212 -> 0 bytes
contrib/._compile_alerts.txt | Bin 212 -> 0 bytes
contrib/._config2xml | Bin 212 -> 0 bytes
contrib/._ossec-batch-manager.pl | Bin 212 -> 0 bytes
contrib/._ossec2mysql.conf | Bin 212 -> 0 bytes
contrib/._ossec2mysql.pl | Bin 212 -> 0 bytes
contrib/._ossec2mysql.sql | Bin 212 -> 0 bytes
contrib/._ossec2mysqld.pl | Bin 212 -> 0 bytes
contrib/._ossec2rss.php | Bin 212 -> 0 bytes
contrib/._ossec_report.txt | Bin 212 -> 0 bytes
contrib/._ossec_report_contrib.pl | Bin 212 -> 0 bytes
contrib/._ossecmysql.pm | Bin 212 -> 0 bytes
contrib/._ossectop.pl | Bin 212 -> 0 bytes
contrib/._util.sh | Bin 212 -> 0 bytes
contrib/logtesting/._dotests.sh | Bin 212 -> 0 bytes
contrib/logtesting/1/._log | Bin 212 -> 0 bytes
contrib/logtesting/1/._res | Bin 212 -> 0 bytes
contrib/logtesting/10/._log | Bin 212 -> 0 bytes
contrib/logtesting/10/._res | Bin 212 -> 0 bytes
contrib/logtesting/11/._log | Bin 212 -> 0 bytes
contrib/logtesting/11/._res | Bin 212 -> 0 bytes
contrib/logtesting/12/._log | Bin 212 -> 0 bytes
contrib/logtesting/12/._res | Bin 212 -> 0 bytes
contrib/logtesting/13/._log | Bin 212 -> 0 bytes
contrib/logtesting/13/._res | Bin 212 -> 0 bytes
contrib/logtesting/14/._log | Bin 212 -> 0 bytes
contrib/logtesting/14/._res | Bin 212 -> 0 bytes
contrib/logtesting/15/._log | Bin 212 -> 0 bytes
contrib/logtesting/15/._res | Bin 212 -> 0 bytes
contrib/logtesting/16/._log | Bin 212 -> 0 bytes
contrib/logtesting/16/._res | Bin 212 -> 0 bytes
contrib/logtesting/17/._log | Bin 212 -> 0 bytes
contrib/logtesting/17/._res | Bin 212 -> 0 bytes
contrib/logtesting/18/._log | Bin 212 -> 0 bytes
contrib/logtesting/18/._res | Bin 212 -> 0 bytes
contrib/logtesting/19/._log | Bin 212 -> 0 bytes
contrib/logtesting/19/._res | Bin 212 -> 0 bytes
contrib/logtesting/2/._log | Bin 212 -> 0 bytes
contrib/logtesting/2/._res | Bin 212 -> 0 bytes
contrib/logtesting/20/._log | Bin 212 -> 0 bytes
contrib/logtesting/20/._res | Bin 212 -> 0 bytes
contrib/logtesting/21/._log | Bin 212 -> 0 bytes
contrib/logtesting/21/._res | Bin 212 -> 0 bytes
contrib/logtesting/22/._log | Bin 212 -> 0 bytes
contrib/logtesting/22/._res | Bin 212 -> 0 bytes
contrib/logtesting/23/._log | Bin 212 -> 0 bytes
contrib/logtesting/23/._res | Bin 212 -> 0 bytes
contrib/logtesting/24/._log | Bin 212 -> 0 bytes
contrib/logtesting/24/._res | Bin 212 -> 0 bytes
contrib/logtesting/25/._log | Bin 212 -> 0 bytes
contrib/logtesting/25/._res | Bin 212 -> 0 bytes
contrib/logtesting/26/._log | Bin 212 -> 0 bytes
contrib/logtesting/26/._res | Bin 212 -> 0 bytes
contrib/logtesting/27/._log | Bin 212 -> 0 bytes
contrib/logtesting/27/._res | Bin 212 -> 0 bytes
contrib/logtesting/28/._log | Bin 212 -> 0 bytes
contrib/logtesting/28/._res | Bin 212 -> 0 bytes
contrib/logtesting/29/._log | Bin 212 -> 0 bytes
contrib/logtesting/29/._res | Bin 212 -> 0 bytes
contrib/logtesting/3/._log | Bin 212 -> 0 bytes
contrib/logtesting/3/._res | Bin 212 -> 0 bytes
contrib/logtesting/30/._log | Bin 212 -> 0 bytes
contrib/logtesting/30/._res | Bin 212 -> 0 bytes
contrib/logtesting/31/._log | Bin 212 -> 0 bytes
contrib/logtesting/31/._res | Bin 212 -> 0 bytes
contrib/logtesting/32/._log | Bin 212 -> 0 bytes
contrib/logtesting/32/._res | Bin 212 -> 0 bytes
contrib/logtesting/33/._log | Bin 212 -> 0 bytes
contrib/logtesting/33/._res | Bin 212 -> 0 bytes
contrib/logtesting/34/._log | Bin 212 -> 0 bytes
contrib/logtesting/34/._res | Bin 212 -> 0 bytes
contrib/logtesting/35/._log | Bin 212 -> 0 bytes
contrib/logtesting/35/._res | Bin 212 -> 0 bytes
contrib/logtesting/36/._log | Bin 212 -> 0 bytes
contrib/logtesting/36/._res | Bin 212 -> 0 bytes
contrib/logtesting/37/._log | Bin 212 -> 0 bytes
contrib/logtesting/37/._res | Bin 212 -> 0 bytes
contrib/logtesting/38/._log | Bin 212 -> 0 bytes
contrib/logtesting/38/._res | Bin 212 -> 0 bytes
contrib/logtesting/39/._log | Bin 212 -> 0 bytes
contrib/logtesting/39/._res | Bin 212 -> 0 bytes
contrib/logtesting/4/._log | Bin 212 -> 0 bytes
contrib/logtesting/4/._res | Bin 212 -> 0 bytes
contrib/logtesting/40/._log | Bin 212 -> 0 bytes
contrib/logtesting/40/._res | Bin 212 -> 0 bytes
contrib/logtesting/41/._log | Bin 212 -> 0 bytes
contrib/logtesting/41/._res | Bin 212 -> 0 bytes
contrib/logtesting/42/._log | Bin 212 -> 0 bytes
contrib/logtesting/42/._res | Bin 212 -> 0 bytes
contrib/logtesting/43/._log | Bin 212 -> 0 bytes
contrib/logtesting/43/._res | Bin 212 -> 0 bytes
contrib/logtesting/44/._log | Bin 212 -> 0 bytes
contrib/logtesting/44/._res | Bin 212 -> 0 bytes
contrib/logtesting/5/._log | Bin 212 -> 0 bytes
contrib/logtesting/5/._res | Bin 212 -> 0 bytes
contrib/logtesting/6/._log | Bin 212 -> 0 bytes
contrib/logtesting/6/._res | Bin 212 -> 0 bytes
contrib/logtesting/7/._log | Bin 212 -> 0 bytes
contrib/logtesting/7/._res | Bin 212 -> 0 bytes
contrib/logtesting/8/._log | Bin 212 -> 0 bytes
contrib/logtesting/8/._res | Bin 212 -> 0 bytes
contrib/logtesting/9/._log | Bin 212 -> 0 bytes
contrib/logtesting/9/._res | Bin 212 -> 0 bytes
contrib/ossec-batch-manager.pl | 40 +-
contrib/ossec-testing/._runtests.py | Bin 212 -> 0 bytes
contrib/ossec-testing/tests/._named.ini | Bin 212 -> 0 bytes
contrib/ossec2snorby/README | 120 ++++
contrib/ossec2snorby/ossec2snorby.pl | 716 +++++++++++++++++++++
contrib/ossec2snorby/ossec2snorby.sh | 78 +++
contrib/ossec2snorby/ossec2snorby_category.sql | 171 +++++
contrib/ossec2snorby/ossec2snorby_ubuntu.sh | 57 ++
contrib/specs/._getattr.pl | Bin 212 -> 0 bytes
contrib/specs/._remove_ossec | Bin 212 -> 0 bytes
contrib/specs/agent/._ossec-hids-agent.spec | Bin 212 -> 0 bytes
contrib/specs/agent/._preloaded-vars.conf | Bin 212 -> 0 bytes
contrib/specs/agent/ossec-hids-agent.spec | 2 +-
contrib/specs/local/._ossec-hids-local.spec | Bin 212 -> 0 bytes
contrib/specs/local/._preloaded-vars.conf | Bin 212 -> 0 bytes
contrib/specs/local/ossec-hids-local.spec | 2 +-
contrib/specs/server/._ossec-hids-server.spec | Bin 212 -> 0 bytes
contrib/specs/server/._preloaded-vars.conf | Bin 212 -> 0 bytes
contrib/specs/server/ossec-hids-server.spec | 2 +-
doc/._README.config | Bin 212 -> 0 bytes
doc/._active-response-internal.txt | Bin 212 -> 0 bytes
doc/._active-response.txt | Bin 212 -> 0 bytes
doc/._logs.txt | Bin 212 -> 0 bytes
doc/._manage_agents.txt | Bin 212 -> 0 bytes
doc/._manager.txt | Bin 212 -> 0 bytes
doc/._nmap.txt | Bin 212 -> 0 bytes
doc/._rootcheck.txt | Bin 212 -> 0 bytes
doc/._rule_ids.txt | Bin 212 -> 0 bytes
doc/._rules.txt | Bin 212 -> 0 bytes
doc/br/._INSTALL.br | Bin 212 -> 0 bytes
doc/br/._README.config | Bin 212 -> 0 bytes
doc/br/._TRANSLATION | Bin 212 -> 0 bytes
doc/br/._active-response-internal.txt | Bin 212 -> 0 bytes
doc/br/._active-response.txt | Bin 212 -> 0 bytes
doc/br/._logs.txt | Bin 212 -> 0 bytes
doc/br/._manager.txt | Bin 212 -> 0 bytes
doc/br/._rootcheck.txt | Bin 212 -> 0 bytes
doc/br/._rule_ids.txt | Bin 212 -> 0 bytes
doc/br/._rules.txt | Bin 212 -> 0 bytes
doc/pl/._INSTALL.pl | Bin 212 -> 0 bytes
doc/pl/._README.config | Bin 212 -> 0 bytes
doc/pl/._TRANSLATION | Bin 212 -> 0 bytes
doc/pl/._active-response-internal.txt | Bin 212 -> 0 bytes
doc/pl/._active-response.txt | Bin 212 -> 0 bytes
doc/pl/._logs.txt | Bin 212 -> 0 bytes
doc/pl/._manager.txt | Bin 212 -> 0 bytes
doc/pl/._rootcheck.txt | Bin 212 -> 0 bytes
doc/pl/._rule_ids.txt | Bin 212 -> 0 bytes
doc/pl/._rules.txt | Bin 212 -> 0 bytes
etc/._decoder.xml | Bin 212 -> 0 bytes
etc/._internal_options.conf | Bin 212 -> 0 bytes
etc/._ossec-agent.conf | Bin 212 -> 0 bytes
etc/._ossec-local.conf | Bin 212 -> 0 bytes
etc/._ossec-server.conf | Bin 212 -> 0 bytes
etc/._ossec.conf | Bin 212 -> 0 bytes
etc/._preloaded-vars.conf | Bin 212 -> 0 bytes
etc/decoder.xml | 161 +++--
etc/rules/._apache_rules.xml | Bin 212 -> 0 bytes
etc/rules/._arpwatch_rules.xml | Bin 212 -> 0 bytes
etc/rules/._asterisk_rules.xml | Bin 212 -> 0 bytes
etc/rules/._attack_rules.xml | Bin 212 -> 0 bytes
etc/rules/._bro-ids_rules.xml | Bin 212 -> 0 bytes
etc/rules/._cimserver_rules.xml | Bin 212 -> 0 bytes
etc/rules/._cisco-ios_rules.xml | Bin 212 -> 0 bytes
etc/rules/._clam_av_rules.xml | Bin 212 -> 0 bytes
etc/rules/._courier_rules.xml | Bin 212 -> 0 bytes
etc/rules/._dovecot_rules.xml | Bin 212 -> 0 bytes
etc/rules/._dropbear_rules.xml | Bin 212 -> 0 bytes
etc/rules/._firewall_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ftpd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._hordeimp_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ids_rules.xml | Bin 212 -> 0 bytes
etc/rules/._imapd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._local_rules.xml | Bin 212 -> 0 bytes
etc/rules/._mailscanner_rules.xml | Bin 212 -> 0 bytes
etc/rules/._mcafee_av_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ms-exchange_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ms-se_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ms_dhcp_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ms_ftpd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._msauth_rules.xml | Bin 212 -> 0 bytes
etc/rules/._mysql_rules.xml | Bin 212 -> 0 bytes
etc/rules/._named_rules.xml | Bin 212 -> 0 bytes
etc/rules/._netscreenfw_rules.xml | Bin 212 -> 0 bytes
etc/rules/._nginx_rules.xml | Bin 212 -> 0 bytes
etc/rules/._openbsd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._ossec_rules.xml | Bin 212 -> 0 bytes
etc/rules/._pam_rules.xml | Bin 212 -> 0 bytes
etc/rules/._php_rules.xml | Bin 212 -> 0 bytes
etc/rules/._pix_rules.xml | Bin 212 -> 0 bytes
etc/rules/._policy_rules.xml | Bin 212 -> 0 bytes
etc/rules/._postfix_rules.xml | Bin 212 -> 0 bytes
etc/rules/._postgresql_rules.xml | Bin 212 -> 0 bytes
etc/rules/._proftpd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._pure-ftpd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._racoon_rules.xml | Bin 212 -> 0 bytes
etc/rules/._roundcube_rules.xml | Bin 212 -> 0 bytes
etc/rules/._rules_config.xml | Bin 212 -> 0 bytes
etc/rules/._sendmail_rules.xml | Bin 212 -> 0 bytes
etc/rules/._smbd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._solaris_bsm_rules.xml | Bin 212 -> 0 bytes
etc/rules/._sonicwall_rules.xml | Bin 212 -> 0 bytes
etc/rules/._spamd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._squid_rules.xml | Bin 212 -> 0 bytes
etc/rules/._sshd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._symantec-av_rules.xml | Bin 212 -> 0 bytes
etc/rules/._symantec-ws_rules.xml | Bin 212 -> 0 bytes
etc/rules/._syslog_rules.xml | Bin 212 -> 0 bytes
etc/rules/._telnetd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._trend-osce_rules.xml | Bin 212 -> 0 bytes
etc/rules/._vmpop3d_rules.xml | Bin 212 -> 0 bytes
etc/rules/._vmware_rules.xml | Bin 212 -> 0 bytes
etc/rules/._vpn_concentrator_rules.xml | Bin 212 -> 0 bytes
etc/rules/._vpopmail_rules.xml | Bin 212 -> 0 bytes
etc/rules/._vsftpd_rules.xml | Bin 212 -> 0 bytes
etc/rules/._web_appsec_rules.xml | Bin 212 -> 0 bytes
etc/rules/._web_rules.xml | Bin 212 -> 0 bytes
etc/rules/._wordpress_rules.xml | Bin 212 -> 0 bytes
etc/rules/._zeus_rules.xml | Bin 212 -> 0 bytes
etc/rules/log-entries/._101 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1101 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1301_1302_1303 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1401 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1402 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1602 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1603 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1607 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1609 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1901 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1902 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1903 | Bin 212 -> 0 bytes
etc/rules/log-entries/._1905 | Bin 212 -> 0 bytes
etc/rules/log-entries/._201 | Bin 212 -> 0 bytes
etc/rules/log-entries/._202 | Bin 212 -> 0 bytes
etc/rules/log-entries/._204 | Bin 212 -> 0 bytes
etc/rules/log-entries/._2501 | Bin 212 -> 0 bytes
etc/rules/log-entries/._2601 | Bin 212 -> 0 bytes
etc/rules/log-entries/._301 | Bin 212 -> 0 bytes
etc/rules/log-entries/._401 | Bin 212 -> 0 bytes
etc/rules/log-entries/._403 | Bin 212 -> 0 bytes
etc/rules/log-entries/._408 | Bin 212 -> 0 bytes
etc/rules/log-entries/._409 | Bin 212 -> 0 bytes
etc/rules/log-entries/._access-control | Bin 212 -> 0 bytes
etc/rules/log-entries/._apache-error.logs | Bin 212 -> 0 bytes
etc/rules/log-entries/._cisco-ios-ids | Bin 212 -> 0 bytes
etc/rules/log-entries/._ciscoios | Bin 212 -> 0 bytes
etc/rules/log-entries/._ftpd | Bin 212 -> 0 bytes
etc/rules/log-entries/._iis6 | Bin 212 -> 0 bytes
etc/rules/log-entries/._imapd | Bin 212 -> 0 bytes
etc/rules/log-entries/._kernel | Bin 212 -> 0 bytes
etc/rules/log-entries/._mail-alerts | Bin 212 -> 0 bytes
etc/rules/log-entries/._mail-errors | Bin 212 -> 0 bytes
etc/rules/log-entries/._ns1 | Bin 212 -> 0 bytes
etc/rules/log-entries/._proftpd | Bin 212 -> 0 bytes
etc/rules/log-entries/._smbd | Bin 212 -> 0 bytes
etc/rules/log-entries/._spamd | Bin 212 -> 0 bytes
etc/rules/log-entries/._sshd | Bin 212 -> 0 bytes
etc/rules/log-entries/._symantecws | Bin 212 -> 0 bytes
etc/rules/log-entries/._telnetd | Bin 212 -> 0 bytes
etc/rules/log-entries/._unkown | Bin 212 -> 0 bytes
etc/rules/log-entries/._vpn.log | Bin 212 -> 0 bytes
etc/rules/log-entries/._vpopmail | Bin 212 -> 0 bytes
etc/rules/log-entries/._worms | Bin 212 -> 0 bytes
etc/rules/log-entries/._xferlog | Bin 212 -> 0 bytes
etc/rules/nginx_rules.xml | 6 +
etc/rules/openbsd_rules.xml | 4 +-
etc/rules/pure-ftpd_rules.xml | 23 +-
etc/rules/syslog_rules.xml | 32 +
.../translated/pure_ftpd/._pure-ftpd_rules_da.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_de.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_en.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_es.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_fr.xml | Bin 212 -> 0 bytes
.../pure_ftpd/._pure-ftpd_rules_fr_funny.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_it.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_nl.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_no.xml | Bin 212 -> 0 bytes
.../pure_ftpd/._pure-ftpd_rules_pt_br.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_ro.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_sk.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_sv.xml | Bin 212 -> 0 bytes
.../translated/pure_ftpd/._pure-ftpd_rules_tr.xml | Bin 212 -> 0 bytes
etc/rules/web_appsec_rules.xml | 65 +-
etc/rules/web_rules.xml | 47 +-
etc/templates/br/._language.txt | Bin 212 -> 0 bytes
etc/templates/br/._messages.txt | Bin 212 -> 0 bytes
etc/templates/br/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/br/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/br/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/br/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/br/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../br/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/br/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/cn/._language.txt | Bin 212 -> 0 bytes
etc/templates/cn/._messages.txt | Bin 212 -> 0 bytes
etc/templates/cn/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/cn/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/cn/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/cn/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/cn/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../cn/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/cn/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/config/._active-response.template | Bin 212 -> 0 bytes
etc/templates/config/._apache-logs.template | Bin 212 -> 0 bytes
etc/templates/config/._ar-disable-account.template | Bin 212 -> 0 bytes
etc/templates/config/._ar-firewall-drop.template | Bin 212 -> 0 bytes
etc/templates/config/._ar-host-deny.template | Bin 212 -> 0 bytes
etc/templates/config/._ar-routenull.template | Bin 212 -> 0 bytes
etc/templates/config/._pgsql-logs.template | Bin 212 -> 0 bytes
etc/templates/config/._rootcheck.template | Bin 212 -> 0 bytes
etc/templates/config/._rules.template | Bin 212 -> 0 bytes
etc/templates/config/._snort-logs.template | Bin 212 -> 0 bytes
etc/templates/config/._syscheck.template | Bin 212 -> 0 bytes
etc/templates/config/._syslog-logs.template | Bin 212 -> 0 bytes
etc/templates/de/._language.txt | Bin 212 -> 0 bytes
etc/templates/de/._messages.txt | Bin 212 -> 0 bytes
etc/templates/de/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/de/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/de/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/de/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/de/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../de/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/de/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/el/._language.txt | Bin 212 -> 0 bytes
etc/templates/el/._messages.txt | Bin 212 -> 0 bytes
etc/templates/el/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/el/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/el/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/el/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/el/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../el/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/el/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/en/._language.txt | Bin 212 -> 0 bytes
etc/templates/en/._messages.txt | Bin 212 -> 0 bytes
etc/templates/en/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/en/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/en/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/en/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/en/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../en/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/en/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/es/._language.txt | Bin 212 -> 0 bytes
etc/templates/es/._messages.txt | Bin 212 -> 0 bytes
etc/templates/es/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/es/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/es/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/es/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/es/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../es/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/es/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/fr/._language.txt | Bin 212 -> 0 bytes
etc/templates/fr/._messages.txt | Bin 212 -> 0 bytes
etc/templates/fr/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/fr/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/fr/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/fr/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/fr/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../fr/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/fr/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/hu/._language.txt | Bin 212 -> 0 bytes
etc/templates/hu/._messages.txt | Bin 212 -> 0 bytes
etc/templates/hu/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/hu/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/hu/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/hu/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/hu/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../hu/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/hu/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/it/._language.txt | Bin 212 -> 0 bytes
etc/templates/it/._messages.txt | Bin 212 -> 0 bytes
etc/templates/it/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/it/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/it/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/it/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/it/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../it/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/it/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/jp/._language.txt | Bin 212 -> 0 bytes
etc/templates/jp/._messages.txt | Bin 212 -> 0 bytes
etc/templates/jp/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/jp/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/jp/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/jp/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/jp/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../jp/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/jp/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/nl/._language.txt | Bin 212 -> 0 bytes
etc/templates/nl/._messages.txt | Bin 212 -> 0 bytes
etc/templates/nl/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/nl/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/nl/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/nl/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/nl/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../nl/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/nl/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/pl/._language.txt | Bin 212 -> 0 bytes
etc/templates/pl/._messages.txt | Bin 212 -> 0 bytes
etc/templates/pl/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/pl/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/pl/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/pl/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/pl/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../pl/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/pl/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/ru/._language.txt | Bin 212 -> 0 bytes
etc/templates/ru/._messages.txt | Bin 212 -> 0 bytes
etc/templates/ru/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/ru/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/ru/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/ru/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/ru/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../ru/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/ru/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/sr/._language.txt | Bin 212 -> 0 bytes
etc/templates/sr/._messages.txt | Bin 212 -> 0 bytes
etc/templates/sr/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/sr/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/sr/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/sr/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/sr/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../sr/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/sr/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
etc/templates/tr/._language.txt | Bin 212 -> 0 bytes
etc/templates/tr/._messages.txt | Bin 212 -> 0 bytes
etc/templates/tr/errors/._0x1-location.txt | Bin 212 -> 0 bytes
etc/templates/tr/errors/._0x2-beroot.txt | Bin 212 -> 0 bytes
etc/templates/tr/errors/._0x3-dependencies.txt | Bin 212 -> 0 bytes
etc/templates/tr/errors/._0x4-installtype.txt | Bin 212 -> 0 bytes
etc/templates/tr/errors/._0x5-build.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x101-initial.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x102-installhelp.txt | Bin 212 -> 0 bytes
.../tr/messages/._0x103-thanksforusing.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x104-client.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x105-noboot.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x106-logs.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x107-ar.txt | Bin 212 -> 0 bytes
etc/templates/tr/messages/._0x108-ar-enabled.txt | Bin 212 -> 0 bytes
install.sh | 4 +-
src/._Config.Make | Bin 212 -> 0 bytes
src/._InstallAgent.sh | Bin 212 -> 0 bytes
src/._InstallServer.sh | Bin 212 -> 0 bytes
src/._LOCATION | Bin 212 -> 0 bytes
src/._Makeall | Bin 212 -> 0 bytes
src/._Makefile | Bin 212 -> 0 bytes
src/._VERSION | Bin 212 -> 0 bytes
src/InstallAgent.sh | 23 +-
src/InstallServer.sh | 75 ++-
src/Makeall | 11 +-
src/Makefile | 10 +-
src/VERSION | 2 +-
src/addagent/._Makefile | Bin 212 -> 0 bytes
src/addagent/._b64.c | Bin 212 -> 0 bytes
src/addagent/._main.c | Bin 212 -> 0 bytes
src/addagent/._manage_agents.c | Bin 212 -> 0 bytes
src/addagent/._manage_agents.h | Bin 212 -> 0 bytes
src/addagent/._manage_keys.c | Bin 212 -> 0 bytes
src/addagent/._read_from_user.c | Bin 212 -> 0 bytes
src/addagent/._validate.c | Bin 212 -> 0 bytes
src/addagent/b64.c | 30 +-
src/addagent/main.c | 3 +-
src/addagent/read_from_user.c | 2 +-
src/agentlessd/._Makefile | Bin 212 -> 0 bytes
src/agentlessd/._README | Bin 212 -> 0 bytes
src/agentlessd/._agentlessd.c | Bin 212 -> 0 bytes
src/agentlessd/._agentlessd.h | Bin 212 -> 0 bytes
src/agentlessd/._main.c | Bin 212 -> 0 bytes
src/agentlessd/agentlessd.c | 114 ++--
src/agentlessd/main.c | 25 +-
src/agentlessd/scripts/._main.exp | Bin 212 -> 0 bytes
src/agentlessd/scripts/._register_host.sh | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh.exp | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_asa-fwsmconfig_diff | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_foundry_diff | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_generic_diff | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_integrity_check_bsd | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_integrity_check_linux | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_nopass.exp | Bin 212 -> 0 bytes
src/agentlessd/scripts/._ssh_pixconfig_diff | Bin 212 -> 0 bytes
src/agentlessd/scripts/._sshlogin.exp | Bin 212 -> 0 bytes
src/agentlessd/scripts/._su.exp | Bin 212 -> 0 bytes
src/agentlessd/scripts/ssh_asa-fwsmconfig_diff | 3 +-
src/agentlessd/scripts/ssh_pixconfig_diff | 2 +-
src/analysisd/._Makefile | Bin 212 -> 0 bytes
src/analysisd/._active-response.c | Bin 212 -> 0 bytes
src/analysisd/._active-response.h | Bin 212 -> 0 bytes
src/analysisd/._analysisd.c | Bin 212 -> 0 bytes
src/analysisd/._analysisd.h | Bin 212 -> 0 bytes
src/analysisd/._cleanevent.c | Bin 212 -> 0 bytes
src/analysisd/._config.c | Bin 212 -> 0 bytes
src/analysisd/._config.h | Bin 212 -> 0 bytes
src/analysisd/._dodiff.c | Bin 212 -> 0 bytes
src/analysisd/._eventinfo.c | Bin 212 -> 0 bytes
src/analysisd/._eventinfo.h | Bin 212 -> 0 bytes
src/analysisd/._eventinfo_list.c | Bin 212 -> 0 bytes
src/analysisd/._fts.c | Bin 212 -> 0 bytes
src/analysisd/._fts.h | Bin 212 -> 0 bytes
src/analysisd/._lists.c | Bin 212 -> 0 bytes
src/analysisd/._lists.h | Bin 212 -> 0 bytes
src/analysisd/._lists_list.c | Bin 212 -> 0 bytes
src/analysisd/._lists_make.c | Bin 212 -> 0 bytes
src/analysisd/._lists_make.h | Bin 212 -> 0 bytes
src/analysisd/._makelists.c | Bin 212 -> 0 bytes
src/analysisd/._makelists.h | Bin 212 -> 0 bytes
src/analysisd/._picviz.c | Bin 212 -> 0 bytes
src/analysisd/._picviz.h | Bin 212 -> 0 bytes
src/analysisd/._prelude.c | Bin 212 -> 0 bytes
src/analysisd/._prelude.h | Bin 212 -> 0 bytes
src/analysisd/._rules.c | Bin 212 -> 0 bytes
src/analysisd/._rules.h | Bin 212 -> 0 bytes
src/analysisd/._rules_list.c | Bin 212 -> 0 bytes
src/analysisd/._stats.c | Bin 212 -> 0 bytes
src/analysisd/._stats.h | Bin 212 -> 0 bytes
src/analysisd/._testrule.c | Bin 212 -> 0 bytes
src/analysisd/active-response.c | 4 +-
src/analysisd/active-response.h | 4 +-
src/analysisd/alerts/._Makefile | Bin 212 -> 0 bytes
src/analysisd/alerts/._alerts.h | Bin 212 -> 0 bytes
src/analysisd/alerts/._exec.c | Bin 212 -> 0 bytes
src/analysisd/alerts/._exec.h | Bin 212 -> 0 bytes
src/analysisd/alerts/._getloglocation.c | Bin 212 -> 0 bytes
src/analysisd/alerts/._getloglocation.h | Bin 212 -> 0 bytes
src/analysisd/alerts/._log.c | Bin 212 -> 0 bytes
src/analysisd/alerts/._log.h | Bin 212 -> 0 bytes
src/analysisd/alerts/._mail.c | Bin 212 -> 0 bytes
src/analysisd/alerts/alerts.h | 2 +-
src/analysisd/alerts/exec.c | 28 +-
src/analysisd/alerts/exec.h | 2 +-
src/analysisd/alerts/getloglocation.c | 46 +-
src/analysisd/alerts/getloglocation.h | 2 +-
src/analysisd/alerts/log.c | 184 +++++-
src/analysisd/alerts/log.h | 3 +-
src/analysisd/alerts/mail.c | 2 +-
src/analysisd/analysisd.c | 283 ++++----
src/analysisd/cdb/._Makefile | Bin 212 -> 0 bytes
src/analysisd/cdb/._cdb.c | Bin 212 -> 0 bytes
src/analysisd/cdb/._cdb.h | Bin 212 -> 0 bytes
src/analysisd/cdb/._cdb_hash.c | Bin 212 -> 0 bytes
src/analysisd/cdb/._cdb_make.c | Bin 212 -> 0 bytes
src/analysisd/cdb/._cdb_make.h | Bin 212 -> 0 bytes
src/analysisd/cdb/._uint32.h | Bin 212 -> 0 bytes
src/analysisd/cdb/._uint32_pack.c | Bin 212 -> 0 bytes
src/analysisd/cdb/._uint32_unpack.c | Bin 212 -> 0 bytes
src/analysisd/cleanevent.c | 168 ++---
src/analysisd/compiled_rules/._.function_list | Bin 212 -> 0 bytes
src/analysisd/compiled_rules/._Makefile | Bin 212 -> 0 bytes
src/analysisd/compiled_rules/._generic_samples.c | Bin 212 -> 0 bytes
src/analysisd/compiled_rules/._register_rule.sh | Bin 212 -> 0 bytes
src/analysisd/compiled_rules/generic_samples.c | 16 +-
src/analysisd/config.c | 9 +-
src/analysisd/config.h | 2 +-
src/analysisd/decoders/._Makefile | Bin 212 -> 0 bytes
src/analysisd/decoders/._decode-xml.c | Bin 212 -> 0 bytes
src/analysisd/decoders/._decoder.c | Bin 212 -> 0 bytes
src/analysisd/decoders/._decoder.h | Bin 212 -> 0 bytes
src/analysisd/decoders/._decoders_list.c | Bin 212 -> 0 bytes
src/analysisd/decoders/._hostinfo.c | Bin 212 -> 0 bytes
src/analysisd/decoders/._plugin_decoders.h | Bin 212 -> 0 bytes
src/analysisd/decoders/._rootcheck.c | Bin 212 -> 0 bytes
src/analysisd/decoders/._syscheck.c | Bin 212 -> 0 bytes
src/analysisd/decoders/decode-xml.c | 140 ++--
src/analysisd/decoders/decoder.c | 52 +-
src/analysisd/decoders/decoder.h | 12 +-
src/analysisd/decoders/decoders_list.c | 36 +-
src/analysisd/decoders/hostinfo.c | 32 +-
src/analysisd/decoders/plugin_decoders.h | 12 +-
src/analysisd/decoders/plugins/._Makefile | Bin 212 -> 0 bytes
.../decoders/plugins/._ossecalert_decoder.c | Bin 212 -> 0 bytes
src/analysisd/decoders/plugins/._pf_decoder.c | Bin 212 -> 0 bytes
.../decoders/plugins/._sonicwall_decoder.c | Bin 212 -> 0 bytes
.../decoders/plugins/._symantecws_decoder.c | Bin 212 -> 0 bytes
.../decoders/plugins/ossecalert_decoder.c | 28 +-
src/analysisd/decoders/plugins/pf_decoder.c | 54 +-
src/analysisd/decoders/plugins/sonicwall_decoder.c | 54 +-
.../decoders/plugins/symantecws_decoder.c | 34 +-
src/analysisd/decoders/rootcheck.c | 30 +-
src/analysisd/decoders/syscheck.c | 110 ++--
src/analysisd/dodiff.c | 16 +-
src/analysisd/eventinfo.c | 142 ++--
src/analysisd/eventinfo.h | 2 +-
src/analysisd/eventinfo_list.c | 26 +-
src/analysisd/fts.c | 66 +-
src/analysisd/lists.c | 4 +-
src/analysisd/lists_list.c | 116 +++-
src/analysisd/lists_make.c | 20 +-
src/analysisd/makelists.c | 16 +-
src/analysisd/picviz.c | 2 +-
src/analysisd/prelude.c | 108 ++--
src/analysisd/rules.c | 435 +++++++------
src/analysisd/rules.h | 22 +-
src/analysisd/rules_list.c | 78 +--
src/analysisd/stats.c | 86 +--
src/analysisd/testrule.c | 119 ++--
src/client-agent/._COPYRIGHT | Bin 212 -> 0 bytes
src/client-agent/._Makefile | Bin 212 -> 0 bytes
src/client-agent/._VERSION | Bin 212 -> 0 bytes
src/client-agent/._agentd.c | Bin 212 -> 0 bytes
src/client-agent/._agentd.h | Bin 212 -> 0 bytes
src/client-agent/._config.c | Bin 212 -> 0 bytes
src/client-agent/._event-forward.c | Bin 212 -> 0 bytes
src/client-agent/._intcheck_op.c | Bin 212 -> 0 bytes
src/client-agent/._main.c | Bin 212 -> 0 bytes
src/client-agent/._notify.c | Bin 212 -> 0 bytes
src/client-agent/._receiver-win.c | Bin 212 -> 0 bytes
src/client-agent/._receiver.c | Bin 212 -> 0 bytes
src/client-agent/._sendmsg.c | Bin 212 -> 0 bytes
src/client-agent/._start_agent.c | Bin 212 -> 0 bytes
src/client-agent/agentd.c | 50 +-
src/client-agent/agentd.h | 4 +-
src/client-agent/config.c | 2 +-
src/client-agent/intcheck_op.c | 4 +-
src/client-agent/main.c | 16 +-
src/client-agent/notify.c | 14 +-
src/client-agent/receiver-win.c | 58 +-
src/client-agent/receiver.c | 20 +-
src/client-agent/sendmsg.c | 2 +-
src/client-agent/start_agent.c | 48 +-
src/config/._Makefile | Bin 212 -> 0 bytes
src/config/._active-response.c | Bin 212 -> 0 bytes
src/config/._active-response.h | Bin 212 -> 0 bytes
src/config/._agentlessd-config.c | Bin 212 -> 0 bytes
src/config/._agentlessd-config.h | Bin 212 -> 0 bytes
src/config/._alerts-config.c | Bin 212 -> 0 bytes
src/config/._client-config.c | Bin 212 -> 0 bytes
src/config/._client-config.h | Bin 212 -> 0 bytes
src/config/._config.c | Bin 212 -> 0 bytes
src/config/._config.h | Bin 212 -> 0 bytes
src/config/._csyslogd-config.c | Bin 212 -> 0 bytes
src/config/._csyslogd-config.h | Bin 212 -> 0 bytes
src/config/._dbd-config.c | Bin 212 -> 0 bytes
src/config/._dbd-config.h | Bin 212 -> 0 bytes
src/config/._email-alerts-config.c | Bin 212 -> 0 bytes
src/config/._global-config.c | Bin 212 -> 0 bytes
src/config/._global-config.h | Bin 212 -> 0 bytes
src/config/._localfile-config.c | Bin 212 -> 0 bytes
src/config/._localfile-config.h | Bin 212 -> 0 bytes
src/config/._mail-config.h | Bin 212 -> 0 bytes
src/config/._remote-config.c | Bin 212 -> 0 bytes
src/config/._remote-config.h | Bin 212 -> 0 bytes
src/config/._reports-config.c | Bin 212 -> 0 bytes
src/config/._reports-config.h | Bin 212 -> 0 bytes
src/config/._rootcheck-config.c | Bin 212 -> 0 bytes
src/config/._rootcheck-config.h | Bin 212 -> 0 bytes
src/config/._rules-config.c | Bin 212 -> 0 bytes
src/config/._syscheck-config.c | Bin 212 -> 0 bytes
src/config/._syscheck-config.h | Bin 212 -> 0 bytes
src/config/active-response.c | 55 +-
src/config/active-response.h | 6 +-
src/config/agentlessd-config.c | 26 +-
src/config/agentlessd-config.h | 6 +-
src/config/alerts-config.c | 6 +-
src/config/client-config.c | 33 +-
src/config/client-config.h | 2 +
src/config/config.c | 38 +-
src/config/config.h | 4 +-
src/config/csyslogd-config.c | 20 +-
src/config/csyslogd-config.h | 2 +-
src/config/dbd-config.c | 4 +-
src/config/dbd-config.h | 4 +-
src/config/email-alerts-config.c | 52 +-
src/config/global-config.c | 65 +-
src/config/global-config.h | 18 +-
src/config/localfile-config.c | 58 +-
src/config/localfile-config.h | 14 +-
src/config/mail-config.h | 4 +-
src/config/remote-config.c | 24 +-
src/config/remote-config.h | 4 +-
src/config/reports-config.c | 14 +-
src/config/reports-config.h | 2 +-
src/config/rootcheck-config.c | 20 +-
src/config/rootcheck-config.h | 18 +-
src/config/rules-config.c | 30 +-
src/config/syscheck-config.c | 106 +--
src/config/syscheck-config.h | 12 +-
src/error_messages/._error_messages.h | Bin 212 -> 0 bytes
src/error_messages/error_messages.h | 16 +-
src/external/zlib-1.2.3/._COPYRIGHT | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._Makefile | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._README | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._adler32.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._algorithm.txt | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._compress.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._crc32.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._crc32.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._deflate.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._deflate.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._gzio.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._infback.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inffast.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inffast.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inffixed.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inflate.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inflate.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inftrees.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._inftrees.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._trees.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._trees.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._uncompr.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._zconf.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._zconf.in.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._zlib.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._zutil.c | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/._zutil.h | Bin 212 -> 0 bytes
src/external/zlib-1.2.3/gzio.c | 4 +-
src/headers/._agent_op.h | Bin 212 -> 0 bytes
src/headers/._ar.h | Bin 212 -> 0 bytes
src/headers/._debug_op.h | Bin 212 -> 0 bytes
src/headers/._defs.h | Bin 212 -> 0 bytes
src/headers/._dirtree_op.h | Bin 212 -> 0 bytes
src/headers/._file-queue.h | Bin 212 -> 0 bytes
src/headers/._file_op.h | Bin 212 -> 0 bytes
src/headers/._hash_op.h | Bin 212 -> 0 bytes
src/headers/._help.h | Bin 212 -> 0 bytes
src/headers/._list_op.h | Bin 212 -> 0 bytes
src/headers/._math_op.h | Bin 212 -> 0 bytes
src/headers/._mem_op.h | Bin 212 -> 0 bytes
src/headers/._mq_op.h | Bin 212 -> 0 bytes
src/headers/._os_err.h | Bin 212 -> 0 bytes
src/headers/._privsep_op.h | Bin 212 -> 0 bytes
src/headers/._pthreads_op.h | Bin 212 -> 0 bytes
src/headers/._rc.h | Bin 212 -> 0 bytes
src/headers/._read-agents.h | Bin 212 -> 0 bytes
src/headers/._read-alert.h | Bin 212 -> 0 bytes
src/headers/._regex_op.h | Bin 212 -> 0 bytes
src/headers/._report_op.h | Bin 212 -> 0 bytes
src/headers/._rules_op.h | Bin 212 -> 0 bytes
src/headers/._sec.h | Bin 212 -> 0 bytes
src/headers/._shared.h | Bin 212 -> 0 bytes
src/headers/._sig_op.h | Bin 212 -> 0 bytes
src/headers/._store_op.h | Bin 212 -> 0 bytes
src/headers/._string_op.h | Bin 212 -> 0 bytes
src/headers/._validate_op.h | Bin 212 -> 0 bytes
src/headers/._wait_op.h | Bin 212 -> 0 bytes
src/headers/agent_op.h | 2 +-
src/headers/custom_output_search.h | 77 +++
src/headers/debug_op.h | 2 +-
src/headers/defs.h | 36 +-
src/headers/dirtree_op.h | 8 +-
src/headers/file-queue.h | 4 +-
src/headers/hash_op.h | 12 +-
src/headers/list_op.h | 2 +-
src/headers/math_op.h | 2 +-
src/headers/os_err.h | 2 +-
src/headers/rc.h | 2 +-
src/headers/read-agents.h | 12 +-
src/headers/read-alert.h | 2 +-
src/headers/report_op.h | 10 +-
src/headers/rules_op.h | 18 +-
src/headers/sec.h | 12 +-
src/headers/shared.h | 11 +-
src/headers/store_op.h | 4 +-
src/headers/string_op.h | 4 +-
src/headers/validate_op.h | 14 +-
src/headers/wait_op.h | 2 +-
src/init/._darwin-addusers.pl | Bin 212 -> 0 bytes
src/init/._darwin-init.sh | Bin 212 -> 0 bytes
src/init/._functions.sh | Bin 212 -> 0 bytes
src/init/._fw-check.sh | Bin 212 -> 0 bytes
src/init/._init.sh | Bin 212 -> 0 bytes
src/init/._language.sh | Bin 212 -> 0 bytes
src/init/._ossec-client.sh | Bin 212 -> 0 bytes
src/init/._ossec-hids-aix.init | Bin 212 -> 0 bytes
src/init/._ossec-hids-debian.init | Bin 212 -> 0 bytes
src/init/._ossec-hids-gentoo.init | Bin 212 -> 0 bytes
src/init/._ossec-hids-rh.init | Bin 212 -> 0 bytes
src/init/._ossec-hids-solaris.init | Bin 212 -> 0 bytes
src/init/._ossec-hids-suse.init | Bin 212 -> 0 bytes
src/init/._ossec-hids.init | Bin 212 -> 0 bytes
src/init/._ossec-local.sh | Bin 212 -> 0 bytes
src/init/._ossec-server.sh | Bin 212 -> 0 bytes
src/init/._osx105-addusers.sh | Bin 212 -> 0 bytes
src/init/._shared.sh | Bin 212 -> 0 bytes
src/init/._update.sh | Bin 212 -> 0 bytes
src/init/ossec-client.sh | 3 +-
src/init/ossec-local.sh | 3 +-
src/init/ossec-server.sh | 3 +-
src/init/osx105-addusers.sh | 149 ++++-
src/init/update.sh | 13 +-
src/logcollector/._COPYRIGHT | Bin 212 -> 0 bytes
src/logcollector/._Makefile | Bin 212 -> 0 bytes
src/logcollector/._VERSION | Bin 212 -> 0 bytes
src/logcollector/._config.c | Bin 212 -> 0 bytes
src/logcollector/._logcollector.c | Bin 212 -> 0 bytes
src/logcollector/._logcollector.h | Bin 212 -> 0 bytes
src/logcollector/._main.c | Bin 212 -> 0 bytes
src/logcollector/._read_command.c | Bin 212 -> 0 bytes
src/logcollector/._read_djb_multilog.c | Bin 212 -> 0 bytes
src/logcollector/._read_fullcommand.c | Bin 212 -> 0 bytes
src/logcollector/._read_mssql_log.c | Bin 212 -> 0 bytes
src/logcollector/._read_multiline.c | Bin 212 -> 0 bytes
src/logcollector/._read_mysql_log.c | Bin 212 -> 0 bytes
src/logcollector/._read_nmapg.c | Bin 212 -> 0 bytes
src/logcollector/._read_ossecalert.c | Bin 212 -> 0 bytes
src/logcollector/._read_postgresql_log.c | Bin 212 -> 0 bytes
src/logcollector/._read_snortfull.c | Bin 212 -> 0 bytes
src/logcollector/._read_syslog.c | Bin 212 -> 0 bytes
src/logcollector/._read_win_el.c | Bin 212 -> 0 bytes
src/logcollector/config.c | 10 +-
src/logcollector/logcollector.c | 132 ++--
src/logcollector/main.c | 38 +-
src/logcollector/read_command.c | 16 +-
src/logcollector/read_djb_multilog.c | 44 +-
src/logcollector/read_fullcommand.c | 12 +-
src/logcollector/read_mssql_log.c | 48 +-
src/logcollector/read_multiline.c | 20 +-
src/logcollector/read_mysql_log.c | 48 +-
src/logcollector/read_nmapg.c | 80 +--
src/logcollector/read_ossecalert.c | 18 +-
src/logcollector/read_postgresql_log.c | 50 +-
src/logcollector/read_snortfull.c | 14 +-
src/logcollector/read_syslog.c | 18 +-
src/logcollector/read_win_el.c | 166 ++---
src/monitord/._Makefile | Bin 212 -> 0 bytes
src/monitord/._compress_log.c | Bin 212 -> 0 bytes
src/monitord/._generate_reports.c | Bin 212 -> 0 bytes
src/monitord/._main.c | Bin 212 -> 0 bytes
src/monitord/._manage_files.c | Bin 212 -> 0 bytes
src/monitord/._monitor_agents.c | Bin 212 -> 0 bytes
src/monitord/._monitord.c | Bin 212 -> 0 bytes
src/monitord/._monitord.h | Bin 212 -> 0 bytes
src/monitord/._report.c | Bin 212 -> 0 bytes
src/monitord/._sign_log.c | Bin 212 -> 0 bytes
src/monitord/compress_log.c | 18 +-
src/monitord/generate_reports.c | 4 +-
src/monitord/main.c | 23 +-
src/monitord/manage_files.c | 14 +-
src/monitord/monitor_agents.c | 8 +-
src/monitord/monitord.c | 20 +-
src/monitord/report.c | 29 +-
src/monitord/sign_log.c | 12 +-
src/os_auth/._Makefile | Bin 212 -> 0 bytes
src/os_auth/._auth.h | Bin 212 -> 0 bytes
src/os_auth/._main-client.c | Bin 212 -> 0 bytes
src/os_auth/._main-server.c | Bin 212 -> 0 bytes
src/os_auth/._ssl-test.c | Bin 212 -> 0 bytes
src/os_auth/._ssl.c | Bin 212 -> 0 bytes
src/os_auth/main-client.c | 56 +-
src/os_auth/main-server.c | 29 +-
src/os_auth/ssl-test.c | 8 +-
src/os_auth/ssl.c | 8 +-
src/os_crypto/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_enc.c | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_locl.h | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_op.c | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_op.h | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_pi.h | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._bf_skey.c | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._blowfish.h | Bin 212 -> 0 bytes
src/os_crypto/blowfish/._main.c | Bin 212 -> 0 bytes
src/os_crypto/blowfish/bf_enc.c | 12 +-
src/os_crypto/blowfish/bf_locl.h | 12 +-
src/os_crypto/blowfish/bf_op.c | 2 +-
src/os_crypto/blowfish/bf_op.h | 2 +-
src/os_crypto/blowfish/bf_pi.h | 524 +++++++--------
src/os_crypto/blowfish/bf_skey.c | 12 +-
src/os_crypto/blowfish/blowfish.h | 14 +-
src/os_crypto/blowfish/main.c | 4 +-
src/os_crypto/md5/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/md5/._main.c | Bin 212 -> 0 bytes
src/os_crypto/md5/._md5.c | Bin 212 -> 0 bytes
src/os_crypto/md5/._md5.h | Bin 212 -> 0 bytes
src/os_crypto/md5/._md5_op.c | Bin 212 -> 0 bytes
src/os_crypto/md5/._md5_op.h | Bin 212 -> 0 bytes
src/os_crypto/md5/main.c | 10 +-
src/os_crypto/md5/md5.c | 4 +-
src/os_crypto/md5/md5_op.c | 22 +-
src/os_crypto/md5_sha1/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/md5_sha1/._main.c | Bin 212 -> 0 bytes
src/os_crypto/md5_sha1/._md5_sha1_op.c | Bin 212 -> 0 bytes
src/os_crypto/md5_sha1/._md5_sha1_op.h | Bin 212 -> 0 bytes
src/os_crypto/md5_sha1/main.c | 8 +-
src/os_crypto/md5_sha1/md5_sha1_op.c | 4 +-
src/os_crypto/sha1/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/sha1/._main.c | Bin 212 -> 0 bytes
src/os_crypto/sha1/._md32_common.h | Bin 212 -> 0 bytes
src/os_crypto/sha1/._sha.h | Bin 212 -> 0 bytes
src/os_crypto/sha1/._sha1_op.c | Bin 212 -> 0 bytes
src/os_crypto/sha1/._sha1_op.h | Bin 212 -> 0 bytes
src/os_crypto/sha1/._sha_locl.h | Bin 212 -> 0 bytes
src/os_crypto/sha1/main.c | 4 +-
src/os_crypto/sha1/md32_common.h | 6 +-
src/os_crypto/sha1/sha.h | 12 +-
src/os_crypto/sha1/sha1_op.c | 20 +-
src/os_crypto/sha1/sha_locl.h | 24 +-
src/os_crypto/shared/._Makefile | Bin 212 -> 0 bytes
src/os_crypto/shared/._keys.c | Bin 212 -> 0 bytes
src/os_crypto/shared/._msgs.c | Bin 212 -> 0 bytes
src/os_crypto/shared/keys.c | 110 ++--
src/os_crypto/shared/msgs.c | 90 +--
src/os_csyslogd/._Makefile | Bin 212 -> 0 bytes
src/os_csyslogd/._alert.c | Bin 212 -> 0 bytes
src/os_csyslogd/._config.c | Bin 212 -> 0 bytes
src/os_csyslogd/._csyslogd.c | Bin 212 -> 0 bytes
src/os_csyslogd/._csyslogd.h | Bin 212 -> 0 bytes
src/os_csyslogd/._main.c | Bin 212 -> 0 bytes
src/os_csyslogd/alert.c | 14 +-
src/os_csyslogd/config.c | 10 +-
src/os_csyslogd/csyslogd.c | 56 +-
src/os_csyslogd/csyslogd.h | 1 +
src/os_csyslogd/main.c | 33 +-
src/os_dbd/._Makefile | Bin 212 -> 0 bytes
src/os_dbd/._README | Bin 212 -> 0 bytes
src/os_dbd/._alert.c | Bin 212 -> 0 bytes
src/os_dbd/._config.c | Bin 212 -> 0 bytes
src/os_dbd/._db_op.c | Bin 212 -> 0 bytes
src/os_dbd/._db_op.h | Bin 212 -> 0 bytes
src/os_dbd/._dbd.c | Bin 212 -> 0 bytes
src/os_dbd/._dbd.h | Bin 212 -> 0 bytes
src/os_dbd/._dbmake.sh | Bin 212 -> 0 bytes
src/os_dbd/._main.c | Bin 212 -> 0 bytes
src/os_dbd/._mysql.schema | Bin 212 -> 0 bytes
src/os_dbd/._postgresql.schema | Bin 212 -> 0 bytes
src/os_dbd/._rules.c | Bin 212 -> 0 bytes
src/os_dbd/._server.c | Bin 212 -> 0 bytes
src/os_dbd/Makefile | 2 +-
src/os_dbd/alert.c | 28 +-
src/os_dbd/config.c | 14 +-
src/os_dbd/db_op.c | 62 +-
src/os_dbd/db_op.h | 2 +-
src/os_dbd/dbd.c | 6 +-
src/os_dbd/dbd.h | 4 +-
src/os_dbd/main.c | 51 +-
src/os_dbd/rules.c | 38 +-
src/os_dbd/server.c | 12 +-
src/os_execd/._Makefile | Bin 212 -> 0 bytes
src/os_execd/._config.c | Bin 212 -> 0 bytes
src/os_execd/._exec.c | Bin 212 -> 0 bytes
src/os_execd/._execd.c | Bin 212 -> 0 bytes
src/os_execd/._execd.h | Bin 212 -> 0 bytes
src/os_execd/._win_execd.c | Bin 212 -> 0 bytes
src/os_execd/config.c | 16 +-
src/os_execd/exec.c | 38 +-
src/os_execd/execd.c | 91 +--
src/os_execd/execd.h | 2 +-
src/os_execd/win_execd.c | 38 +-
src/os_maild/._Makefile | Bin 212 -> 0 bytes
src/os_maild/._config.c | Bin 212 -> 0 bytes
src/os_maild/._mail_list.c | Bin 212 -> 0 bytes
src/os_maild/._mail_list.h | Bin 212 -> 0 bytes
src/os_maild/._maild.c | Bin 212 -> 0 bytes
src/os_maild/._maild.h | Bin 212 -> 0 bytes
src/os_maild/._os_maild_client.c | Bin 212 -> 0 bytes
src/os_maild/._sendcustomemail.c | Bin 212 -> 0 bytes
src/os_maild/._sendmail.c | Bin 212 -> 0 bytes
src/os_maild/config.c | 2 +-
src/os_maild/mail_list.c | 42 +-
src/os_maild/mail_list.h | 6 +-
src/os_maild/maild.c | 105 +--
src/os_maild/maild.h | 6 +-
src/os_maild/os_maild_client.c | 90 ++-
src/os_maild/sendcustomemail.c | 12 +-
src/os_maild/sendmail.c | 29 +-
src/os_net/._COPYRIGHT | Bin 212 -> 0 bytes
src/os_net/._Makefile | Bin 212 -> 0 bytes
src/os_net/._VERSION | Bin 212 -> 0 bytes
src/os_net/._os_err.h | Bin 212 -> 0 bytes
src/os_net/._os_net.c | Bin 212 -> 0 bytes
src/os_net/._os_net.h | Bin 212 -> 0 bytes
src/os_net/os_err.h | 2 +-
src/os_net/os_net.c | 78 +--
src/os_net/os_net.h | 12 +-
src/os_regex/._COPYRIGHT | Bin 212 -> 0 bytes
src/os_regex/._Makefile | Bin 212 -> 0 bytes
src/os_regex/._README | Bin 212 -> 0 bytes
src/os_regex/._VERSION | Bin 212 -> 0 bytes
src/os_regex/._os_match.c | Bin 212 -> 0 bytes
src/os_regex/._os_match_compile.c | Bin 212 -> 0 bytes
src/os_regex/._os_match_execute.c | Bin 212 -> 0 bytes
src/os_regex/._os_match_free_pattern.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex.h | Bin 212 -> 0 bytes
src/os_regex/._os_regex_compile.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_execute.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_free_pattern.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_free_substrings.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_internal.h | Bin 212 -> 0 bytes
src/os_regex/._os_regex_maps.h | Bin 212 -> 0 bytes
src/os_regex/._os_regex_match.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_str.c | Bin 212 -> 0 bytes
src/os_regex/._os_regex_strbreak.c | Bin 212 -> 0 bytes
src/os_regex/examples/._Makefile | Bin 212 -> 0 bytes
src/os_regex/examples/._match.c | Bin 212 -> 0 bytes
src/os_regex/examples/._regex.c | Bin 212 -> 0 bytes
src/os_regex/examples/._regex_str.c | Bin 212 -> 0 bytes
src/os_regex/examples/._run.sh | Bin 212 -> 0 bytes
src/os_regex/examples/._validate.pl | Bin 212 -> 0 bytes
src/os_regex/examples/match.c | 2 +-
src/os_regex/examples/regex.c | 2 +-
src/os_regex/examples/regex_str.c | 16 +-
src/os_regex/examples/tests/._false.regex | Bin 212 -> 0 bytes
src/os_regex/examples/tests/._false.tests | Bin 212 -> 0 bytes
src/os_regex/examples/tests/._str.regex | Bin 212 -> 0 bytes
src/os_regex/examples/tests/._true.regex | Bin 212 -> 0 bytes
src/os_regex/examples/tests/._true.tests | Bin 212 -> 0 bytes
src/os_regex/os_match.c | 6 +-
src/os_regex/os_match_compile.c | 48 +-
src/os_regex/os_match_execute.c | 28 +-
src/os_regex/os_match_free_pattern.c | 2 +-
src/os_regex/os_regex.c | 2 +-
src/os_regex/os_regex.h | 18 +-
src/os_regex/os_regex_compile.c | 68 +-
src/os_regex/os_regex_execute.c | 78 +--
src/os_regex/os_regex_free_pattern.c | 4 +-
src/os_regex/os_regex_internal.h | 20 +-
src/os_regex/os_regex_maps.h | 6 +-
src/os_regex/os_regex_match.c | 36 +-
src/os_regex/os_regex_str.c | 14 +-
src/os_regex/os_regex_strbreak.c | 8 +-
src/os_xml/._COPYRIGHT | Bin 212 -> 0 bytes
src/os_xml/._Makefile | Bin 212 -> 0 bytes
src/os_xml/._README | Bin 212 -> 0 bytes
src/os_xml/._VERSION | Bin 212 -> 0 bytes
src/os_xml/._os_xml.c | Bin 212 -> 0 bytes
src/os_xml/._os_xml.h | Bin 212 -> 0 bytes
src/os_xml/._os_xml_access.c | Bin 212 -> 0 bytes
src/os_xml/._os_xml_node_access.c | Bin 212 -> 0 bytes
src/os_xml/._os_xml_variables.c | Bin 212 -> 0 bytes
src/os_xml/._os_xml_writer.c | Bin 212 -> 0 bytes
src/os_xml/._os_xml_writer.h | Bin 212 -> 0 bytes
src/os_xml/examples/._mem_test.c | Bin 212 -> 0 bytes
src/os_xml/examples/._test.c | Bin 212 -> 0 bytes
src/os_xml/examples/._test.xml | Bin 212 -> 0 bytes
src/os_xml/examples/mem_test.c | 14 +-
src/os_xml/examples/test.c | 12 +-
src/os_xml/os_xml.c | 42 +-
src/os_xml/os_xml_access.c | 32 +-
src/os_xml/os_xml_node_access.c | 28 +-
src/os_xml/os_xml_variables.c | 92 +--
src/os_xml/os_xml_writer.c | 42 +-
src/os_xml/os_xml_writer.h | 2 +-
src/os_zlib/._Makefile | Bin 212 -> 0 bytes
src/os_zlib/._os_zlib.c | Bin 212 -> 0 bytes
src/os_zlib/._os_zlib.h | Bin 212 -> 0 bytes
src/os_zlib/._zlib-test.c | Bin 212 -> 0 bytes
src/os_zlib/os_zlib.c | 14 +-
src/os_zlib/os_zlib.h | 2 +-
src/os_zlib/zlib-test.c | 14 +-
src/remoted/._COPYRIGHT | Bin 212 -> 0 bytes
src/remoted/._Makefile | Bin 212 -> 0 bytes
src/remoted/._README | Bin 212 -> 0 bytes
src/remoted/._VERSION | Bin 212 -> 0 bytes
src/remoted/._ar-forward.c | Bin 212 -> 0 bytes
src/remoted/._config.c | Bin 212 -> 0 bytes
src/remoted/._main.c | Bin 212 -> 0 bytes
src/remoted/._manager.c | Bin 212 -> 0 bytes
src/remoted/._remoted.c | Bin 212 -> 0 bytes
src/remoted/._remoted.h | Bin 212 -> 0 bytes
src/remoted/._secure.c | Bin 212 -> 0 bytes
src/remoted/._sendmsg.c | Bin 212 -> 0 bytes
src/remoted/._syslog.c | Bin 212 -> 0 bytes
src/remoted/._syslogtcp.c | Bin 212 -> 0 bytes
src/remoted/ar-forward.c | 32 +-
src/remoted/config.c | 2 +-
src/remoted/main.c | 26 +-
src/remoted/manager.c | 102 +--
src/remoted/remoted.c | 28 +-
src/remoted/remoted.h | 2 +-
src/remoted/secure.c | 44 +-
src/remoted/sendmsg.c | 22 +-
src/remoted/syslog.c | 10 +-
src/remoted/syslogtcp.c | 24 +-
src/rootcheck/._Makefile | Bin 212 -> 0 bytes
src/rootcheck/._check_open_ports.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_dev.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_files.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_if.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_pids.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_policy.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_ports.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_readproc.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_sys.c | Bin 212 -> 0 bytes
src/rootcheck/._check_rc_trojans.c | Bin 212 -> 0 bytes
src/rootcheck/._common.c | Bin 212 -> 0 bytes
src/rootcheck/._common_rcl.c | Bin 212 -> 0 bytes
src/rootcheck/._config.c | Bin 212 -> 0 bytes
src/rootcheck/._os_string.c | Bin 212 -> 0 bytes
src/rootcheck/._rootcheck-config.c | Bin 212 -> 0 bytes
src/rootcheck/._rootcheck.c | Bin 212 -> 0 bytes
src/rootcheck/._rootcheck.conf | Bin 212 -> 0 bytes
src/rootcheck/._rootcheck.h | Bin 212 -> 0 bytes
src/rootcheck/._run_rk_check.c | Bin 212 -> 0 bytes
src/rootcheck/._unix-process.c | Bin 212 -> 0 bytes
src/rootcheck/._win-common.c | Bin 212 -> 0 bytes
src/rootcheck/._win-process.c | Bin 212 -> 0 bytes
src/rootcheck/check_open_ports.c | 20 +-
src/rootcheck/check_rc_dev.c | 52 +-
src/rootcheck/check_rc_files.c | 74 +--
src/rootcheck/check_rc_if.c | 24 +-
src/rootcheck/check_rc_pids.c | 100 +--
src/rootcheck/check_rc_policy.c | 18 +-
src/rootcheck/check_rc_ports.c | 28 +-
src/rootcheck/check_rc_readproc.c | 34 +-
src/rootcheck/check_rc_sys.c | 104 +--
src/rootcheck/check_rc_trojans.c | 28 +-
src/rootcheck/common.c | 139 ++--
src/rootcheck/common_rcl.c | 106 +--
src/rootcheck/config.c | 2 +-
src/rootcheck/db/._cis_debian_linux_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._cis_rhel5_linux_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._cis_rhel_linux_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._rootkit_files.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._rootkit_trojans.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._system_audit_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._win_applications_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._win_audit_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/db/._win_malware_rcl.txt | Bin 212 -> 0 bytes
src/rootcheck/os_string.c | 38 +-
src/rootcheck/rootcheck-config.c | 54 +-
src/rootcheck/rootcheck.c | 74 +--
src/rootcheck/rootcheck.h | 22 +-
src/rootcheck/run_rk_check.c | 98 +--
src/rootcheck/unix-process.c | 28 +-
src/rootcheck/util/._ads_dump.c | Bin 212 -> 0 bytes
src/rootcheck/util/ads_dump.c | 30 +-
src/rootcheck/win-common.c | 64 +-
src/rootcheck/win-process.c | 24 +-
src/shared/._Makefile | Bin 212 -> 0 bytes
src/shared/._agent_op.c | Bin 212 -> 0 bytes
src/shared/._debug_op.c | Bin 212 -> 0 bytes
src/shared/._dirtree_op.c | Bin 212 -> 0 bytes
src/shared/._file-queue.c | Bin 212 -> 0 bytes
src/shared/._file_op.c | Bin 212 -> 0 bytes
src/shared/._hash_op.c | Bin 212 -> 0 bytes
src/shared/._help.c | Bin 212 -> 0 bytes
src/shared/._list_op.c | Bin 212 -> 0 bytes
src/shared/._math_op.c | Bin 212 -> 0 bytes
src/shared/._mem_op.c | Bin 212 -> 0 bytes
src/shared/._mq_op.c | Bin 212 -> 0 bytes
src/shared/._privsep_op.c | Bin 212 -> 0 bytes
src/shared/._pthreads_op.c | Bin 212 -> 0 bytes
src/shared/._read-agents.c | Bin 212 -> 0 bytes
src/shared/._read-alert.c | Bin 212 -> 0 bytes
src/shared/._regex_op.c | Bin 212 -> 0 bytes
src/shared/._report_op.c | Bin 212 -> 0 bytes
src/shared/._rules_op.c | Bin 212 -> 0 bytes
src/shared/._sig_op.c | Bin 212 -> 0 bytes
src/shared/._store_op.c | Bin 212 -> 0 bytes
src/shared/._string_op.c | Bin 212 -> 0 bytes
src/shared/._validate_op.c | Bin 212 -> 0 bytes
src/shared/._wait_op.c | Bin 212 -> 0 bytes
src/shared/agent_op.c | 32 +-
src/shared/custom_output_search_replace.c | 201 ++++++
src/shared/debug_op.c | 16 +-
src/shared/dirtree_op.c | 38 +-
src/shared/file-queue.c | 36 +-
src/shared/file_op.c | 120 ++--
src/shared/hash_op.c | 34 +-
src/shared/list_op.c | 52 +-
src/shared/math_op.c | 6 +-
src/shared/mem_op.c | 8 +-
src/shared/mq_op.c | 24 +-
src/shared/privsep_op.c | 26 +-
src/shared/read-agents.c | 286 ++++----
src/shared/read-alert.c | 85 +--
src/shared/regex_op.c | 8 +-
src/shared/report_op.c | 154 ++---
src/shared/rules_op.c | 166 ++---
src/shared/sig_op.c | 6 +-
src/shared/store_op.c | 82 +--
src/shared/string_op.c | 35 +-
src/shared/tests/._Makefile | Bin 212 -> 0 bytes
src/shared/tests/._hash_test.c | Bin 212 -> 0 bytes
src/shared/tests/._ip_test.c | Bin 212 -> 0 bytes
src/shared/tests/._merge_test.c | Bin 212 -> 0 bytes
src/shared/tests/._prime_test.c | Bin 212 -> 0 bytes
src/shared/tests/hash_test.c | 6 +-
src/shared/tests/ip_test.c | 2 +-
src/shared/validate_op.c | 118 ++--
src/shared/wait_op.c | 10 +-
src/syscheckd/._Makefile | Bin 212 -> 0 bytes
src/syscheckd/._config.c | Bin 212 -> 0 bytes
src/syscheckd/._create_db.c | Bin 212 -> 0 bytes
src/syscheckd/._run_check.c | Bin 212 -> 0 bytes
src/syscheckd/._run_realtime.c | Bin 212 -> 0 bytes
src/syscheckd/._seechanges.c | Bin 212 -> 0 bytes
src/syscheckd/._syscheck-baseline.c | Bin 212 -> 0 bytes
src/syscheckd/._syscheck.c | Bin 212 -> 0 bytes
src/syscheckd/._syscheck.h | Bin 212 -> 0 bytes
src/syscheckd/._win-registry.c | Bin 212 -> 0 bytes
src/syscheckd/config.c | 4 +-
src/syscheckd/create_db.c | 117 ++--
src/syscheckd/run_check.c | 111 ++--
src/syscheckd/run_realtime.c | 32 +-
src/syscheckd/seechanges.c | 32 +-
src/syscheckd/syscheck-baseline.c | 34 +-
src/syscheckd/syscheck.c | 62 +-
src/syscheckd/syscheck.h | 8 +-
src/syscheckd/win-registry.c | 84 +--
src/sysinfo/._df.c | Bin 212 -> 0 bytes
src/sysinfo/._statfs.c | Bin 212 -> 0 bytes
src/sysinfo/._statfs.h | Bin 212 -> 0 bytes
src/sysinfo/statfs.c | 6 +-
src/util/._Makefile | Bin 212 -> 0 bytes
src/util/._agent_control.c | Bin 212 -> 0 bytes
src/util/._clear_stats.c | Bin 212 -> 0 bytes
src/util/._list_agents.c | Bin 212 -> 0 bytes
src/util/._ossec-regex.c | Bin 212 -> 0 bytes
src/util/._rootcheck_control.c | Bin 212 -> 0 bytes
src/util/._syscheck_control.c | Bin 212 -> 0 bytes
src/util/._syscheck_update.c | Bin 212 -> 0 bytes
src/util/._verify-agent-conf.c | Bin 212 -> 0 bytes
src/util/agent_control.c | 84 +--
src/util/clear_stats.c | 44 +-
src/util/list_agents.c | 22 +-
src/util/ossec-regex.c | 44 +-
src/util/rootcheck_control.c | 58 +-
src/util/syscheck_control.c | 66 +-
src/util/syscheck_update.c | 36 +-
src/util/verify-agent-conf.c | 10 +-
src/win32/._add-localfile.c | Bin 212 -> 0 bytes
src/win32/._doc.html | Bin 212 -> 0 bytes
src/win32/._extract-win-el.c | Bin 212 -> 0 bytes
src/win32/._favicon.ico | Bin 212 -> 0 bytes
src/win32/._favicon2.ico | Bin 212 -> 0 bytes
src/win32/._gen_win.cmd | Bin 212 -> 0 bytes
src/win32/._gen_win.sh | Bin 212 -> 0 bytes
src/win32/._help.txt | Bin 212 -> 0 bytes
src/win32/._icofile.rc | Bin 212 -> 0 bytes
src/win32/._iis-logs.bat | Bin 212 -> 0 bytes
src/win32/._make.bat | Bin 212 -> 0 bytes
src/win32/._make.sh | Bin 212 -> 0 bytes
src/win32/._os_win.h | Bin 212 -> 0 bytes
src/win32/._ossec-installer.nsi | Bin 212 -> 0 bytes
src/win32/._ossec-uninstall.ico | Bin 212 -> 0 bytes
src/win32/._ossec.conf | Bin 212 -> 0 bytes
src/win32/._read-registry.c | Bin 212 -> 0 bytes
src/win32/._service-start.c | Bin 212 -> 0 bytes
src/win32/._service-stop.c | Bin 212 -> 0 bytes
src/win32/._setup-iis.c | Bin 212 -> 0 bytes
src/win32/._setup-shared.c | Bin 212 -> 0 bytes
src/win32/._setup-shared.h | Bin 212 -> 0 bytes
src/win32/._setup-syscheck.c | Bin 212 -> 0 bytes
src/win32/._setup-win.c | Bin 212 -> 0 bytes
src/win32/._ui.nsi | Bin 212 -> 0 bytes
src/win32/._unix2dos.pl | Bin 212 -> 0 bytes
src/win32/._vista_sec.csv | Bin 212 -> 0 bytes
src/win32/._win-files.txt | Bin 212 -> 0 bytes
src/win32/._win_agent.c | Bin 212 -> 0 bytes
src/win32/._win_service.c | Bin 212 -> 0 bytes
src/win32/add-localfile.c | 34 +-
src/win32/extract-win-el.c | 82 +--
src/win32/help.txt | 6 +-
src/win32/os_win.h | 6 +-
src/win32/ossec-installer.nsi | 20 +-
src/win32/read-registry.c | 36 +-
src/win32/service-start.c | 4 +-
src/win32/service-stop.c | 4 +-
src/win32/setup-iis.c | 88 +--
src/win32/setup-shared.c | 4 +-
src/win32/setup-shared.h | 2 +-
src/win32/setup-syscheck.c | 4 +-
src/win32/setup-win.c | 14 +-
src/win32/ui.nsi | 8 +-
src/win32/ui/._common.c | Bin 212 -> 0 bytes
src/win32/ui/._favicon.ico | Bin 212 -> 0 bytes
src/win32/ui/._make.bat | Bin 212 -> 0 bytes
src/win32/ui/._make.sh | Bin 212 -> 0 bytes
src/win32/ui/._os_win32ui.c | Bin 212 -> 0 bytes
src/win32/ui/._os_win32ui.exe.manifest | Bin 212 -> 0 bytes
src/win32/ui/._os_win32ui.h | Bin 212 -> 0 bytes
src/win32/ui/._win32ui.rc | Bin 212 -> 0 bytes
src/win32/ui/common.c | 32 +-
src/win32/ui/os_win32ui.c | 88 +--
src/win32/ui/os_win32ui.h | 4 +-
src/win32/win_agent.c | 155 +++--
src/win32/win_service.c | 48 +-
1388 files changed, 8076 insertions(+), 5707 deletions(-)
diff --git a/._.hg_archival.txt b/._.hg_archival.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._.hg_archival.txt and /dev/null differ
diff --git a/._.hgignore b/._.hgignore
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._.hgignore and /dev/null differ
diff --git a/._.hgtags b/._.hgtags
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._.hgtags and /dev/null differ
diff --git a/._BUGS b/._BUGS
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._BUGS and /dev/null differ
diff --git a/._CONFIG b/._CONFIG
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._CONFIG and /dev/null differ
diff --git a/._CONTRIBUTORS b/._CONTRIBUTORS
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._CONTRIBUTORS and /dev/null differ
diff --git a/._INSTALL b/._INSTALL
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._INSTALL and /dev/null differ
diff --git a/._LICENSE b/._LICENSE
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._LICENSE and /dev/null differ
diff --git a/._README b/._README
deleted file mode 100644
index 48cbba1..0000000
Binary files a/._README and /dev/null differ
diff --git a/._install.sh b/._install.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/._install.sh and /dev/null differ
diff --git a/.hg_archival.txt b/.hg_archival.txt
index c696e38..ff73b9e 100644
--- a/.hg_archival.txt
+++ b/.hg_archival.txt
@@ -1,5 +1,5 @@
repo: b55c69ab0638427c3307fb169a767b950530ce4a
-node: c1d1982737cb58bbffc9721f82c0532323f36bba
+node: 634344ab2e7cfa785aa0cdeb71eecb61ca87b3ac
branch: default
-latesttag: v2.6.0 Final plus enhancements
-latesttagdistance: 107
+latesttag: v2.7
+latesttagdistance: 74
diff --git a/.hgignore b/.hgignore
index 4f821f1..1394769 100644
--- a/.hgignore
+++ b/.hgignore
@@ -5,6 +5,7 @@ syntax: glob
*.o
*.a
*.dSYM
+*.orig
.hgignore
# Auto generated build files
diff --git a/.hgtags b/.hgtags
index 02ea517..2a4136a 100644
--- a/.hgtags
+++ b/.hgtags
@@ -7,3 +7,6 @@
6f9682e3e1492532e48455e6ca65ca27151f1931 AgentConfigProfile-beta
7f7d3ed19f558c985931a9b2734a6d5fabc42ab3 MultpileProfileWithOverwriting
3c4f446bab8d58b93c99e14276ec599319e61401 v2.6.0 Final plus enhancements
+c1d1982737cb58bbffc9721f82c0532323f36bba v2.7-beta1
+39c20dca5873f178beb31168e79dcf654139e578 2.7-beta2
+10cc358d57a8cf57eb9c97c411cc2a118a3c14ac v2.7
diff --git a/BUGS b/BUGS
index adf841c..67244cb 100644
--- a/BUGS
+++ b/BUGS
@@ -1,10 +1,10 @@
-OSSEC v2.7-beta1
-Copyright (C) 2012 Trend Micro Inc.
+OSSEC v2.7.1
+Copyright (C) 2013 Trend Micro Inc.
** Reporting bugs **
-Bugs should be sent to the OSSEC mailling list
+Bugs should be sent to the OSSEC mailling list
(ossec-list at ossec.net). Please, make sure to include
the following information:
@@ -17,4 +17,4 @@ the following information:
If you prefer to contact us privately or if it is a security
-issue, send an e-mail to OSSEC Project ( ossecproject at gmail.com ).
+issue, send an e-mail to OSSEC Project ( ossec at trendmicro.com ).
diff --git a/CONFIG b/CONFIG
index b825170..18dbd1f 100644
--- a/CONFIG
+++ b/CONFIG
@@ -1,5 +1,5 @@
-OSSEC v2.7-beta1
-Copyright (C) 2012 Trend Micro Inc.
+OSSEC v2.7.1
+Copyright (C) 2013 Trend Micro Inc.
= Information about OSSEC =
@@ -16,4 +16,4 @@ See INSTALL
Just follow the steps from the install.sh script.
More information at
-http://www.ossec.net/en/manual.html
+http://www.ossec.net/doc/manual/index.html
diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index 3d2ae12..211226f 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -1,5 +1,5 @@
-OSSEC v2.7-beta1
-Copyright (C) 2012 Trend Micro Inc.
+OSSEC v2.7.1
+Copyright (C) 2013 Trend Micro Inc.
Many thanks to everyone who contributed and helped with
the ossec project. Below is the list of all the people
@@ -15,14 +15,21 @@ who helped us since our first release (0.1).
- Slava Semushin <php-coder at altlinux.org>
- Ahmet Ozturk <oahmet ( at ) metu.edu.tr>
- Scott R. Shinn
+ - George Kargiotakis
- Jason Stelzer
- - Stjepan
+ - Xavier Mertens
+ - Stjepan Gros
+ - Brad Lhotsky
- cmlara
+ - Christian Gottsche (cgzones)
- Dominic
- JB Cheng
+ - Cristobel Rosa ( at ) alienvault
+ - jp.zurbrugg
+ - bil_hays (at) unc edu
--Testing/Patches and other contributions.
+-Testing/Patches Rules and other contributions.
- Cédric Bleimling <cedri at dryades.org
- Dean Takemori <dtakemori at thdfsg.com>
- Sebastien Tricaud <toady at gscore.org>
@@ -51,6 +58,11 @@ who helped us since our first release (0.1).
- Danny Fullerton
- Jeremy Hanmer
- Pepe Sanz
+ - Kat Fitzgerald
+ - Regis Houssin
+ - carlopmart
+ - Ash Kumar
+ - Alexandro Silva
-Translations
diff --git a/INSTALL b/INSTALL
index 675e33b..c26efc9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,5 +1,5 @@
-OSSEC v2.7-beta1
-Copyright (C) 2012 Trend Micro Inc.
+OSSEC v2.7.1
+Copyright (C) 2013 Trend Micro Inc.
= Information about OSSEC =
diff --git a/LICENSE b/LICENSE
index 2652963..8975df2 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,5 @@
- Copyright (C) 2012 Trend Micro Inc. All rights reserved.
+ Copyright (C) 2003 - 2013 Trend Micro Inc. All rights reserved.
OSSEC HIDS is a free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
diff --git a/README b/README
index a8ef3d6..7c9b1b3 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
-OSSEC v2.7-beta1
-Copyright (C) 2012 Trend Micro Inc.
+OSSEC v2.7.1
+Copyright (C) 2013 Trend Micro Inc.
= Information about OSSEC =
diff --git a/active-response/._disable-account.sh b/active-response/._disable-account.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._disable-account.sh and /dev/null differ
diff --git a/active-response/._firewall-drop.sh b/active-response/._firewall-drop.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._firewall-drop.sh and /dev/null differ
diff --git a/active-response/._host-deny.sh b/active-response/._host-deny.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._host-deny.sh and /dev/null differ
diff --git a/active-response/._ossec-tweeter.sh b/active-response/._ossec-tweeter.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._ossec-tweeter.sh and /dev/null differ
diff --git a/active-response/._restart-ossec.sh b/active-response/._restart-ossec.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._restart-ossec.sh and /dev/null differ
diff --git a/active-response/._route-null.sh b/active-response/._route-null.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/._route-null.sh and /dev/null differ
diff --git a/active-response/firewall-drop.sh b/active-response/firewall-drop.sh
index bce6c6a..820d759 100755
--- a/active-response/firewall-drop.sh
+++ b/active-response/firewall-drop.sh
@@ -6,7 +6,8 @@
# Expect: srcip
# Author: Ahmet Ozturk (ipfilter and IPSec)
# Author: Daniel B. Cid (iptables)
-# Last modified: Feb 14, 2006
+# Author: cgzones
+# Last modified: Oct 04, 2012
UNAME=`uname`
ECHO="/bin/echo"
@@ -28,15 +29,19 @@ RULEID=""
ACTION=$1
USER=$2
IP=$3
+PWD=`pwd`
+LOCK="${PWD}/fw-drop"
+LOCK_PID="${PWD}/fw-drop/pid"
+
LOCAL=`dirname $0`;
cd $LOCAL
cd ../
-PWD=`pwd`
-LOCK="${PWD}/fw-drop"
-LOCK_PID="${PWD}/fw-drop/pid"
+filename=$(basename "$0")
-echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
+LOG_FILE="${PWD}/../logs/active-responses.log"
+
+echo "`date` $0 $1 $2 $3 $4 $5" >> ${LOG_FILE}
# Checking for an IP
@@ -48,9 +53,14 @@ fi
case "${IP}" in
*:* ) IPTABLES=$IP6TABLES;;
*.* ) IPTABLES=$IP4TABLES;;
- * ) echo "`date` Unable to run active response (invalid IP)." >> ${PWD}/../logs/active-responses.log && exit 1;;
+ * ) echo "`date` Unable to run active response (invalid IP: '${IP}')." >> ${LOG_FILE} && exit 1;;
esac
+# This number should be more than enough (even if a hundred
+# instances of this script is ran together). If you have
+# a really loaded env, you can increase it to 75 or 100.
+MAX_ITERATION="50"
+
# Lock function
lock()
{
@@ -69,30 +79,45 @@ lock()
C_PID=`cat ${LOCK_PID} 2>/dev/null`
if [ "x" = "x${S_PID}" ]; then
S_PID=${C_PID}
- fi
+ fi
# Breaking out of the loop after X attempts
if [ "x${C_PID}" = "x${S_PID}" ]; then
i=`expr $i + 1`;
fi
-
+
# Sleep 1 after 10/25 interactions
if [ "$i" = "10" -o "$i" = "25" ]; then
sleep 1;
fi
-
+
i=`expr $i + 1`;
-
+
# So i increments 2 by 2 if the pid does not change.
# If the pid keeps changing, we will increments one
# by one and fail after MAX_ITERACTION
+
if [ "$i" = "${MAX_ITERATION}" ]; then
- echo "`date` Unable to execute. Locked: $0" \
- >> ${PWD}/ossec-hids-responses.log
-
- # Unlocking and exiting
- unlock;
- exit 1;
+ kill="false"
+ for pid in `pgrep -f "${filename}"`; do
+ if [ "x${pid}" = "x${C_PID}" ]; then
+ # Unlocking and exiting
+ kill -9 ${C_PID}
+ echo "`date` Killed process ${C_PID} holding lock." >> ${LOG_FILE}
+ kill="true"
+ unlock;
+ i=0;
+ S_PID="";
+ break;
+ fi
+ done
+
+ if [ "x${kill}" = "xfalse" ]; then
+ echo "`date` Unable kill process ${C_PID} holding lock." >> ${LOG_FILE}
+ # Unlocking and exiting
+ unlock;
+ exit 1;
+ fi
fi
done
}
@@ -127,7 +152,8 @@ if [ "X${UNAME}" = "XLinux" ]; then
if [ ! -x ${IPTABLES} ]; then
IPTABLES="/usr"${IPTABLES}
if [ ! -x ${IPTABLES} ]; then
- exit 0;
+ echo "$0: can not find iptables"
+ exit 0;
fi
fi
@@ -135,14 +161,13 @@ if [ "X${UNAME}" = "XLinux" ]; then
COUNT=0;
lock;
while [ 1 ]; do
- echo ".."
${IPTABLES} ${ARG1}
RES=$?
if [ $RES = 0 ]; then
break;
else
COUNT=`expr $COUNT + 1`;
- echo "`date` Unable to run (iptables returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
+ echo "`date` Unable to run (iptables returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${LOG_FILE}
sleep $COUNT;
if [ $COUNT -gt 4 ]; then
@@ -151,6 +176,7 @@ if [ "X${UNAME}" = "XLinux" ]; then
fi
done
+ COUNT=0;
while [ 1 ]; do
${IPTABLES} ${ARG2}
RES=$?
@@ -158,7 +184,7 @@ if [ "X${UNAME}" = "XLinux" ]; then
break;
else
COUNT=`expr $COUNT + 1`;
- echo "`date` Unable to run (iptables returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
+ echo "`date` Unable to run (iptables returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${LOG_FILE}
sleep $COUNT;
if [ $COUNT -gt 4 ]; then
diff --git a/active-response/firewalls/._ipfw.sh b/active-response/firewalls/._ipfw.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/firewalls/._ipfw.sh and /dev/null differ
diff --git a/active-response/firewalls/._ipfw_mac.sh b/active-response/firewalls/._ipfw_mac.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/firewalls/._ipfw_mac.sh and /dev/null differ
diff --git a/active-response/firewalls/._pf.sh b/active-response/firewalls/._pf.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/active-response/firewalls/._pf.sh and /dev/null differ
diff --git a/active-response/ip-customblock.sh b/active-response/ip-customblock.sh
new file mode 100755
index 0000000..1210d50
--- /dev/null
+++ b/active-response/ip-customblock.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+# Custom OSSEC block / Easily modifiable for custom responses (touch a file, insert to db, etc).
+# Expect: srcip
+# Author: Daniel B. Cid
+# Last modified: Feb 16, 2013
+
+ACTION=$1
+USER=$2
+IP=$3
+
+LOCAL=`dirname $0`;
+cd $LOCAL
+cd ../
+PWD=`pwd`
+
+
+# Logging the call
+echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
+
+
+# IP Address must be provided
+if [ "x${IP}" = "x" ]; then
+ echo "$0: Missing argument <action> <user> (ip)"
+ exit 1;
+fi
+
+
+# Custom block (touching a file inside /ipblock/IP)
+if [ "x${ACTION}" = "xadd" ]; then
+ if [ ! -d /ipblock ]; then
+ mkdir /ipblock
+ fi
+ touch "/ipblock/${IP}"
+elif [ "x${ACTION}" = "xdelete" ]; then
+ rm -f "/ipblock/${IP}"
+
+# Invalid action
+else
+ echo "$0: invalid action: ${ACTION}"
+fi
+
+exit 1;
diff --git a/active-response/win/._netsh.cmd b/active-response/win/._netsh.cmd
deleted file mode 100644
index 48cbba1..0000000
Binary files a/active-response/win/._netsh.cmd and /dev/null differ
diff --git a/active-response/win/._restart-ossec.cmd b/active-response/win/._restart-ossec.cmd
deleted file mode 100644
index 48cbba1..0000000
Binary files a/active-response/win/._restart-ossec.cmd and /dev/null differ
diff --git a/active-response/win/._route-null.cmd b/active-response/win/._route-null.cmd
deleted file mode 100644
index 48cbba1..0000000
Binary files a/active-response/win/._route-null.cmd and /dev/null differ
diff --git a/contrib/._active-list.pl b/contrib/._active-list.pl
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/._active-list.pl and /dev/null differ
diff --git a/contrib/._add_localfile.sh b/contrib/._add_localfile.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._add_localfile.sh and /dev/null differ
diff --git a/contrib/._compile_alerts.pl b/contrib/._compile_alerts.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._compile_alerts.pl and /dev/null differ
diff --git a/contrib/._compile_alerts.txt b/contrib/._compile_alerts.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._compile_alerts.txt and /dev/null differ
diff --git a/contrib/._config2xml b/contrib/._config2xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._config2xml and /dev/null differ
diff --git a/contrib/._ossec-batch-manager.pl b/contrib/._ossec-batch-manager.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec-batch-manager.pl and /dev/null differ
diff --git a/contrib/._ossec2mysql.conf b/contrib/._ossec2mysql.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec2mysql.conf and /dev/null differ
diff --git a/contrib/._ossec2mysql.pl b/contrib/._ossec2mysql.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec2mysql.pl and /dev/null differ
diff --git a/contrib/._ossec2mysql.sql b/contrib/._ossec2mysql.sql
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec2mysql.sql and /dev/null differ
diff --git a/contrib/._ossec2mysqld.pl b/contrib/._ossec2mysqld.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec2mysqld.pl and /dev/null differ
diff --git a/contrib/._ossec2rss.php b/contrib/._ossec2rss.php
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/._ossec2rss.php and /dev/null differ
diff --git a/contrib/._ossec_report.txt b/contrib/._ossec_report.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec_report.txt and /dev/null differ
diff --git a/contrib/._ossec_report_contrib.pl b/contrib/._ossec_report_contrib.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossec_report_contrib.pl and /dev/null differ
diff --git a/contrib/._ossecmysql.pm b/contrib/._ossecmysql.pm
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossecmysql.pm and /dev/null differ
diff --git a/contrib/._ossectop.pl b/contrib/._ossectop.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._ossectop.pl and /dev/null differ
diff --git a/contrib/._util.sh b/contrib/._util.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/._util.sh and /dev/null differ
diff --git a/contrib/logtesting/._dotests.sh b/contrib/logtesting/._dotests.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/logtesting/._dotests.sh and /dev/null differ
diff --git a/contrib/logtesting/1/._log b/contrib/logtesting/1/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/1/._log and /dev/null differ
diff --git a/contrib/logtesting/1/._res b/contrib/logtesting/1/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/1/._res and /dev/null differ
diff --git a/contrib/logtesting/10/._log b/contrib/logtesting/10/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/10/._log and /dev/null differ
diff --git a/contrib/logtesting/10/._res b/contrib/logtesting/10/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/10/._res and /dev/null differ
diff --git a/contrib/logtesting/11/._log b/contrib/logtesting/11/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/11/._log and /dev/null differ
diff --git a/contrib/logtesting/11/._res b/contrib/logtesting/11/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/11/._res and /dev/null differ
diff --git a/contrib/logtesting/12/._log b/contrib/logtesting/12/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/12/._log and /dev/null differ
diff --git a/contrib/logtesting/12/._res b/contrib/logtesting/12/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/12/._res and /dev/null differ
diff --git a/contrib/logtesting/13/._log b/contrib/logtesting/13/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/13/._log and /dev/null differ
diff --git a/contrib/logtesting/13/._res b/contrib/logtesting/13/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/13/._res and /dev/null differ
diff --git a/contrib/logtesting/14/._log b/contrib/logtesting/14/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/14/._log and /dev/null differ
diff --git a/contrib/logtesting/14/._res b/contrib/logtesting/14/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/14/._res and /dev/null differ
diff --git a/contrib/logtesting/15/._log b/contrib/logtesting/15/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/15/._log and /dev/null differ
diff --git a/contrib/logtesting/15/._res b/contrib/logtesting/15/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/15/._res and /dev/null differ
diff --git a/contrib/logtesting/16/._log b/contrib/logtesting/16/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/16/._log and /dev/null differ
diff --git a/contrib/logtesting/16/._res b/contrib/logtesting/16/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/16/._res and /dev/null differ
diff --git a/contrib/logtesting/17/._log b/contrib/logtesting/17/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/17/._log and /dev/null differ
diff --git a/contrib/logtesting/17/._res b/contrib/logtesting/17/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/17/._res and /dev/null differ
diff --git a/contrib/logtesting/18/._log b/contrib/logtesting/18/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/18/._log and /dev/null differ
diff --git a/contrib/logtesting/18/._res b/contrib/logtesting/18/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/18/._res and /dev/null differ
diff --git a/contrib/logtesting/19/._log b/contrib/logtesting/19/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/19/._log and /dev/null differ
diff --git a/contrib/logtesting/19/._res b/contrib/logtesting/19/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/19/._res and /dev/null differ
diff --git a/contrib/logtesting/2/._log b/contrib/logtesting/2/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/2/._log and /dev/null differ
diff --git a/contrib/logtesting/2/._res b/contrib/logtesting/2/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/2/._res and /dev/null differ
diff --git a/contrib/logtesting/20/._log b/contrib/logtesting/20/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/20/._log and /dev/null differ
diff --git a/contrib/logtesting/20/._res b/contrib/logtesting/20/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/20/._res and /dev/null differ
diff --git a/contrib/logtesting/21/._log b/contrib/logtesting/21/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/21/._log and /dev/null differ
diff --git a/contrib/logtesting/21/._res b/contrib/logtesting/21/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/21/._res and /dev/null differ
diff --git a/contrib/logtesting/22/._log b/contrib/logtesting/22/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/22/._log and /dev/null differ
diff --git a/contrib/logtesting/22/._res b/contrib/logtesting/22/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/22/._res and /dev/null differ
diff --git a/contrib/logtesting/23/._log b/contrib/logtesting/23/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/23/._log and /dev/null differ
diff --git a/contrib/logtesting/23/._res b/contrib/logtesting/23/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/23/._res and /dev/null differ
diff --git a/contrib/logtesting/24/._log b/contrib/logtesting/24/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/24/._log and /dev/null differ
diff --git a/contrib/logtesting/24/._res b/contrib/logtesting/24/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/24/._res and /dev/null differ
diff --git a/contrib/logtesting/25/._log b/contrib/logtesting/25/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/25/._log and /dev/null differ
diff --git a/contrib/logtesting/25/._res b/contrib/logtesting/25/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/25/._res and /dev/null differ
diff --git a/contrib/logtesting/26/._log b/contrib/logtesting/26/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/26/._log and /dev/null differ
diff --git a/contrib/logtesting/26/._res b/contrib/logtesting/26/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/26/._res and /dev/null differ
diff --git a/contrib/logtesting/27/._log b/contrib/logtesting/27/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/27/._log and /dev/null differ
diff --git a/contrib/logtesting/27/._res b/contrib/logtesting/27/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/27/._res and /dev/null differ
diff --git a/contrib/logtesting/28/._log b/contrib/logtesting/28/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/28/._log and /dev/null differ
diff --git a/contrib/logtesting/28/._res b/contrib/logtesting/28/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/28/._res and /dev/null differ
diff --git a/contrib/logtesting/29/._log b/contrib/logtesting/29/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/29/._log and /dev/null differ
diff --git a/contrib/logtesting/29/._res b/contrib/logtesting/29/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/29/._res and /dev/null differ
diff --git a/contrib/logtesting/3/._log b/contrib/logtesting/3/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/3/._log and /dev/null differ
diff --git a/contrib/logtesting/3/._res b/contrib/logtesting/3/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/3/._res and /dev/null differ
diff --git a/contrib/logtesting/30/._log b/contrib/logtesting/30/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/30/._log and /dev/null differ
diff --git a/contrib/logtesting/30/._res b/contrib/logtesting/30/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/30/._res and /dev/null differ
diff --git a/contrib/logtesting/31/._log b/contrib/logtesting/31/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/31/._log and /dev/null differ
diff --git a/contrib/logtesting/31/._res b/contrib/logtesting/31/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/31/._res and /dev/null differ
diff --git a/contrib/logtesting/32/._log b/contrib/logtesting/32/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/32/._log and /dev/null differ
diff --git a/contrib/logtesting/32/._res b/contrib/logtesting/32/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/32/._res and /dev/null differ
diff --git a/contrib/logtesting/33/._log b/contrib/logtesting/33/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/33/._log and /dev/null differ
diff --git a/contrib/logtesting/33/._res b/contrib/logtesting/33/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/33/._res and /dev/null differ
diff --git a/contrib/logtesting/34/._log b/contrib/logtesting/34/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/34/._log and /dev/null differ
diff --git a/contrib/logtesting/34/._res b/contrib/logtesting/34/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/34/._res and /dev/null differ
diff --git a/contrib/logtesting/35/._log b/contrib/logtesting/35/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/35/._log and /dev/null differ
diff --git a/contrib/logtesting/35/._res b/contrib/logtesting/35/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/35/._res and /dev/null differ
diff --git a/contrib/logtesting/36/._log b/contrib/logtesting/36/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/36/._log and /dev/null differ
diff --git a/contrib/logtesting/36/._res b/contrib/logtesting/36/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/36/._res and /dev/null differ
diff --git a/contrib/logtesting/37/._log b/contrib/logtesting/37/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/37/._log and /dev/null differ
diff --git a/contrib/logtesting/37/._res b/contrib/logtesting/37/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/37/._res and /dev/null differ
diff --git a/contrib/logtesting/38/._log b/contrib/logtesting/38/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/38/._log and /dev/null differ
diff --git a/contrib/logtesting/38/._res b/contrib/logtesting/38/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/38/._res and /dev/null differ
diff --git a/contrib/logtesting/39/._log b/contrib/logtesting/39/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/39/._log and /dev/null differ
diff --git a/contrib/logtesting/39/._res b/contrib/logtesting/39/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/39/._res and /dev/null differ
diff --git a/contrib/logtesting/4/._log b/contrib/logtesting/4/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/4/._log and /dev/null differ
diff --git a/contrib/logtesting/4/._res b/contrib/logtesting/4/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/4/._res and /dev/null differ
diff --git a/contrib/logtesting/40/._log b/contrib/logtesting/40/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/40/._log and /dev/null differ
diff --git a/contrib/logtesting/40/._res b/contrib/logtesting/40/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/40/._res and /dev/null differ
diff --git a/contrib/logtesting/41/._log b/contrib/logtesting/41/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/41/._log and /dev/null differ
diff --git a/contrib/logtesting/41/._res b/contrib/logtesting/41/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/41/._res and /dev/null differ
diff --git a/contrib/logtesting/42/._log b/contrib/logtesting/42/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/42/._log and /dev/null differ
diff --git a/contrib/logtesting/42/._res b/contrib/logtesting/42/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/42/._res and /dev/null differ
diff --git a/contrib/logtesting/43/._log b/contrib/logtesting/43/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/43/._log and /dev/null differ
diff --git a/contrib/logtesting/43/._res b/contrib/logtesting/43/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/43/._res and /dev/null differ
diff --git a/contrib/logtesting/44/._log b/contrib/logtesting/44/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/44/._log and /dev/null differ
diff --git a/contrib/logtesting/44/._res b/contrib/logtesting/44/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/44/._res and /dev/null differ
diff --git a/contrib/logtesting/5/._log b/contrib/logtesting/5/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/5/._log and /dev/null differ
diff --git a/contrib/logtesting/5/._res b/contrib/logtesting/5/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/5/._res and /dev/null differ
diff --git a/contrib/logtesting/6/._log b/contrib/logtesting/6/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/6/._log and /dev/null differ
diff --git a/contrib/logtesting/6/._res b/contrib/logtesting/6/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/6/._res and /dev/null differ
diff --git a/contrib/logtesting/7/._log b/contrib/logtesting/7/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/7/._log and /dev/null differ
diff --git a/contrib/logtesting/7/._res b/contrib/logtesting/7/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/7/._res and /dev/null differ
diff --git a/contrib/logtesting/8/._log b/contrib/logtesting/8/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/8/._log and /dev/null differ
diff --git a/contrib/logtesting/8/._res b/contrib/logtesting/8/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/8/._res and /dev/null differ
diff --git a/contrib/logtesting/9/._log b/contrib/logtesting/9/._log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/9/._log and /dev/null differ
diff --git a/contrib/logtesting/9/._res b/contrib/logtesting/9/._res
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/logtesting/9/._res and /dev/null differ
diff --git a/contrib/ossec-batch-manager.pl b/contrib/ossec-batch-manager.pl
index bcc28d8..b1b07df 100755
--- a/contrib/ossec-batch-manager.pl
+++ b/contrib/ossec-batch-manager.pl
@@ -12,6 +12,23 @@
# # #
##########################################################
# Modified by Tim Meader (Timothy.A.Meader at nasa.gov)
+# on 2013/07/01
+#
+# - corrected a MAJOR logic error in the remove
+# function. The comparison was being done across the
+# entire line of the agent keys file, so both IPs
+# and the SSH keys at the end could be matched against
+# the 'agent ID' wanting to be removed. Changed the
+# match to only compare the first column of the file
+# - added an error output message to the remove
+# function if it's fed an 'agent ID' that doesn't
+# exist
+# - the script now also removes the corresponding
+# associated agent rid files after a successful remove
+# operation, or gives an error on failure
+#
+##########################################################
+# Modified by Tim Meader (Timothy.A.Meader at nasa.gov)
# on 2010/12/08
#
# - fixed two errors that were popping up during add or
@@ -28,7 +45,7 @@
# - modified "extract_keys" func to accept either ID,
# name, or IP address as the argument after the
# "-e" operator. Output of key extraction now
-# includes the name and IP address by default in the
+# include the name and IP address by default in the
# format: "name,IP extracted_key"
#
#########################################################
@@ -49,6 +66,7 @@ use Digest::MD5 qw(md5_hex);
use Getopt::Long;
use constant AUTH_KEY_FILE => "/var/ossec/etc/client.keys";
+use constant RIDS_PATH => "/var/ossec/queue/rids/";
my ($key, $add, $remove, @extracts, $import, $listagents);
my ($agentid, $agentname, $ipaddress);
@@ -100,7 +118,7 @@ elsif ($add) {
close(FH);
if (@used_agent_ids) {
- @used_agent_ids = sort { $a <=> $b } @used_agent_ids;
+ @used_agent_ids = sort(@used_agent_ids);
$agentid = sprintf("%03d", $used_agent_ids[-1] + 1);
}
}
@@ -300,13 +318,27 @@ sub remove_agent {
else {
die "Error writing ".AUTH_KEY_FILE.": $!\n";
}
+
+ my $key_found = 0;
+
foreach my $line (@agent_array) {
- if ($line !~ $removeid) {
+ my @split_line = split(/\s/,$line);
+
+ if ($split_line[0] ne $removeid) {
print FHRW "$line";
}
+ else {
+ my $rids_file = RIDS_PATH.$removeid;
+ $key_found = 1;
+ unlink $rids_file or warn "Could not remove rids file for Agent ID \'".$removeid."\'!\n";
+ }
}
close(FHRW);
- exit 0;
+
+ if (!$key_found) {
+ die "Agent ID \'".$removeid."\' not found! Nothing removed.\n";
+ }
+ exit(0);
}
sub check_if_exists {
diff --git a/contrib/ossec-testing/._runtests.py b/contrib/ossec-testing/._runtests.py
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/ossec-testing/._runtests.py and /dev/null differ
diff --git a/contrib/ossec-testing/tests/._named.ini b/contrib/ossec-testing/tests/._named.ini
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/ossec-testing/tests/._named.ini and /dev/null differ
diff --git a/contrib/ossec2snorby/README b/contrib/ossec2snorby/README
new file mode 100644
index 0000000..6a0764a
--- /dev/null
+++ b/contrib/ossec2snorby/README
@@ -0,0 +1,120 @@
+File attachments:
+1- Init scripts for linux distributions:
+ a. ossec2snorby.sh = Generic
+ b. ossec2snorby_ubuntu.sh = Ubuntu init script (training wheels ! :D)
+2- ossec2snorby.pl = script
+3- ossec2snorby_category.sql = needed for script, explained below.
+4- NOT INCLUDED, ossec2snorby.pl still feeds off "ossecmysql.pm" which is already included in OSSEC/contrib. No modifications were made to the file.
+
+
+===============================================================================
+
+
+About this script:
+
+ ossec2snorby.pl comes from the original ossec2mysql.pl script, slight modifications were made to adapt it to snorby's requirements and
+as such, thanks must go to the original Author and Co-Author. I would also like to note that this is the first perl script I've made and so it might require tweaking
+based on the environment it will be used in.
+
+Lastly, as any other contributions made to a community, responsibility lies on the person that uses this script and so please run numerous tests
+on a lab before pushing this to your production environment as you will have to tweak it based on your needs.
+
+
+----------------
+DEPENDENCIES:
+
+1- Ossec2snorby.pl depends on the table called "Category" which contains a relation between OSSEC's categories and Snorts signature classes.
+
+ import ossec2snorby_category.sql to your Snorby DB.
+
+ Follow the steps on this site if you do not know how to do this ( admin privileges are required towards the Snorby DB):
+ http://dev.mysql.com/doc/refman/5.0/en/batch-commands.html
+
+2- Follow the installation steps noted on ossec2snorby.pl ( view with your favorite text editor)
+
+
+3-Consider adding the following to your local decoders in OSSEC.
+ This will extract the SRCIP from the ossec events related to "Agent disconnected". Without this you'll get
+ "0.0.0.1" or "127.0.0.1" as source IP for these events.
+
+ <decoder name="ossec-agent2">
+ <parent>ossec</parent>
+ <type>ossec</type>
+ <prematch offset="after_parent">^Agent disconnected:</prematch>
+ <regex offset="after_prematch">^ '\S+(\d+.\d+.\d+.\d+)'</regex>
+ <order>srcip</order>
+ </decoder>
+
+
+
+NOTES:
+
+1- Using ossec2snorby.pl to dump many alerts at once (over 10k+ or 30k+ events) might crash Snorby's workers resulting in
+ No events being displayed on the dashboard. Events will still be displayed on the "events" section, but no statistics will be shown.
+
+ Possible fix? Clearing out the snorby daily stats might fix things:
+
+ Execute the following on your shell:
+ mysql -u root -p
+ <type password>
+
+ Execute: use snorby;
+ Execute: truncate table caches;
+ Execute: exit
+
+ On the portal, go to Administration followed by Worker & Job Queue.
+ Search for "--- !ruby/struct:Snorby::Jobs::DailyCacheJob " by clicking on the job handler buttons. Once you find the DailyCacheJob handler click on the associated trash can button.
+ Now you'll see a new button below Administration called "Worker Options". click there followed by "Start Daily Cache Job"
+ Wait 10 minutes and then check your dashboard again.
+
+ If this does not work then you'll have to head over to Snorby's Google group and seek assistance.
+
+
+2- Snorby expects that srcip and dstip be populated by a numeric value greater than "0" otherwise the GUI output will be incorrect. Note that if an entry is added in the DB table "iphdr" for an event where srcip\dstip are NOT populated then its default value will be "0".
+
+2.A- An IP address value of "0.0.0.1" will be shown when the field could not be populated, either for source or destination IP. This will happen if an event had no recognizable SRC\DST IP.
+ Note that Snorby should populate "N\A" on the GUI for IPs stated as "0", but it does not...
+ Note that "127.0.0.1" will be used for events generated on the OSSEC Server(localhost).
+ Note that the same IP address will appear in SRC and DST fields if the event was generated by the same host from where the event was sent from unless this host is the OSSEC server.
+
+4- Events will be categorized as "unknown" when a relation between OSSEC's category could not be matched against Snorby's sig class names. This match is completed using the "category" table. Please keep in mind that only the LAST OSSEC category is used for the match. Its not optimal but its all I could think of.
+
+ EXAMPLE:
+ In this example, only "authentication_success" will be used, which when looked up on the category table, returns a sig_class_id of "11" which in turn snorby interprets as "successful-user"
+
+ example:
+ ** Alert 1359725403.1533356: - pam,syslog,authentication_success,
+ 2013 Feb 01 09:30:03 (theHost) 192.168.1.1->/var/log/secure
+ Rule: 5501 (level 12) -> 'Login session opened.'
+ Feb 1 08:30:01 esx001 crond[19884]: pam_unix(crond:session): session opened for user root by (uid=0)
+
+
+5- ossec2snorby.pl depends on DNS resolutions unlike ossec2mysql.pl which allows us to choose whether or not to resolve a host; ossec2snorby.pl will try to resolve computer names(NetBIOS\Flatnames) by appending the domain suffix to them and querying your DNS servers. This only happens if OSSEC could not decode a SRC IP or if an IP address could not be decoded from the log by ossec2snorby.pl. Failure to resolve a host will force ossec2snorby to populate SRCIP as "0.0.0.1" or "127.0.0.1" d [...]
+
+=================================================
+Examples on how to use ossec2snorby.pl:
+
+1 - Process a single file:
+gzip -dc <OSSEC HOME>/var/ossec/logs/alerts/2013/Mar/ossec-alerts-07.log.gz | /usr/local/bin/ossec2snorby/ossec2snorby.pl --conf /etc/ossec2snorby.conf --interface manualfeed
+
+2- Process a bunch of files ( CAREFUL!, too many DB inserts at once might cause problems with Snorby's workers):
+gzip -dc <OSSEC HOME>/var/ossec/logs/alerts/2013/Mar/ossec-alerts-*.log.gz | /usr/local/bin/ossec2snorby/ossec2snorby.pl --conf /etc/ossec2snorby.conf --interface manualfeed
+
+3- Something isn't right and you'd like to debug?
+gzip -dc <OSSEC HOME>/var/ossec/logs/alerts/2013/Mar/ossec-alerts-07.log.gz | /usr/local/bin/ossec2snorby/ossec2snorby.pl -v --conf /etc/ossec2snorby.conf --interface manualfeed > debug.log
+
+Now check out debug.log for details on each event.
+
+4- Run ossec2snorby.pl as a daemon:
+/usr/local/bin/ossec2snorby/ossec2snorby.pl --conf /etc/ossec2snorby.conf -d
+
+Confirm everything is running:
+ps auwx |grep ossec2snorby
+lsof |grep alerts:
+tail 2478 root 3r REG 252,0 1394774 2760144 /var/ossec/logs/alerts/alerts.log
+
+Notice how it says "tail" has the file open, careful not to confuse the results with any other tail you might have running on alerts.log...
+
+==================
+Thats it ... I tried my best at making the script as stable as possible, any suggestions, opinions or critics are more than welcome. I hope this helps anyone trying to get Snorby to play nice with OSSEC.
+
diff --git a/contrib/ossec2snorby/ossec2snorby.pl b/contrib/ossec2snorby/ossec2snorby.pl
new file mode 100644
index 0000000..ea3936f
--- /dev/null
+++ b/contrib/ossec2snorby/ossec2snorby.pl
@@ -0,0 +1,716 @@
+#!/usr/bin/perl -w
+use Socket;
+use POSIX 'setsid';
+use strict;
+use ossecmysql;
+# ---------------------------------------------------------------------------
+# Author: Meir Michanie (meirm at riunx.com)
+# Co-Author: J.A.Senger (jorge at br10.com.br)
+# $Id$
+# ---------------------------------------------------------------------------
+# http://www.riunx.com/
+# ---------------------------------------------------------------------------
+#
+# ---------------------------------------------------------------------------
+# About this script
+# ---------------------------------------------------------------------------
+#
+# "Ossec to Snorby" records the OSSEC HIDS alert logs in MySQL database.
+# It can run as a daemon (ossec2snorby.pl), recording in real-time the logs in database or
+# as a simple script (ossec2snorby.pl).
+#
+# ---------------------------------------------------------------------------
+# Snorby support by Jean-Pierre Zurbrugg (jp.zurbrugg at live.com)
+# ---------------------------------------------------------------------------
+# The original script by the Author and Co-author was taken as a template and
+# modified to work with Snorby (http://snorby.org) which uses a Snort DB schema.
+# Credit must go to the author\Co-author for the initial template.
+#
+########################### WARNING ###############################
+# My modifications are by far stable and worthy of a production environment
+# WHITHOUT INICIAL TWEAKING. Please setup your labs and make sure everything
+# works properly before using this script on a production environment.
+########################### WARNING ###############################
+#
+#
+# Changelog:
+# * Extra validations were added to make sure srcip\dstip do not remain with
+# a default value of "0" which causes GUI parsing errors if left unhandled.
+# * Validation against '$hostname'; if localhost then srcip="127.0.0.1"
+# * Snorby expects IP related data to be published on its "iphdr" table.
+# * Snorby expects OSSEC's logs to be converted to HEX and wordwrapped.
+# * Modified the scripts "Daemon" mode; it now uses "tail -Fn 0 <file>"
+#
+# ---------------------------------------------------------------------------
+# Prerequisites
+# ---------------------------------------------------------------------------
+#
+# MySQL Server
+# Perl DBD::mysql module
+# Perl DBI module
+#
+# Snorby prerequesites:
+# import ossec2snorby_category.sql from contrib directory
+# Populate "domain" in /etc/ossec2snorby.conf
+#
+# ---------------------------------------------------------------------------
+# Installation steps
+# ---------------------------------------------------------------------------
+#
+# 1) Create a user to access the database initially created by Snorby;
+# 2) Copy ossec2snorby.conf to /etc/ossec2snorby.conf with 0600 permissions
+# 3) Edit /etc/ossec2snorby.conf according to your needs:
+# dbhost=localhost
+# database=snorby
+# debug=5
+# dbport=3306
+# dbpasswd=mypassword
+# dbuser=ossecuser
+# daemonize=0
+# resolve=1
+# domain=mydomain.local
+#
+# NOTE: It is recommended to keep "resolve" as "1" and populate "domain" with
+# your actual domain. Not doing so will restrict the script and force it
+# to populate IPs as "0.0.0.1" for events whose SRC or DST IP are unknown.
+#
+# ---------------------------------------------------------------------------
+# License
+# ---------------------------------------------------------------------------
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# ---------------------------------------------------------------------------
+# About OSSEC HIDS
+# ---------------------------------------------------------------------------
+#
+# OSSEC HIDS is an Open Source Host-based Intrusion Detection System.
+# It performs log analysis and correlation, integrity checking,
+# rootkit detection, time-based alerting and active response.
+# http://www.ossec.net
+#
+# ---------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------
+# Parameters
+# ---------------------------------------------------------------------------
+my $VERSION="0.4";
+$SIG{TERM} = sub { &gracefulend('TERM')};
+$SIG{INT} = sub { &gracefulend('INT')};
+
+# If no ARGV are given then present &help().
+&help() unless @ARGV;
+
+my ($RUNASDAEMON)=0;
+my ($DAEMONLOGFILE)='/var/log/ossec2snorby.log';
+my ($DAEMONLOGERRORFILE) = '/var/log/ossec2snorby.err';
+# Declare OSSEC's log path and filename format.
+my $LOG='/var/ossec/logs/alerts/alerts.log'; # we need to tail this file instead of the old.
+ # With this we can survive file rotations while
+ # running in daemon mode.
+
+my ($LOGGER)='ossec2snorby';
+my($OCT) = '(?:25[012345]|2[0-4]\d|1?\d\d?)';
+my($IP) = $OCT . '\.' . $OCT . '\.' . $OCT . '\.' . $OCT;
+my $dump=0;
+my ($hids_id,$hids,$hids_interface,$last_cid)=(undef, 'localhost', 'ossec',0);
+my ($tempvar,$VERBOSE)=(0,0);
+
+my %conf;
+$conf{dbhost}='localhost';
+$conf{database}='snort';
+$conf{debug}=5;
+$conf{dbport}='3306';
+$conf{dbpasswd}='password';
+$conf{dbuser}='user';
+$conf{daemonize}=0;
+$conf{sensor}='sensor';
+$conf{hids_interface}='ossec';
+$conf{resolve}=1;
+$conf{domain}='';
+
+# OSSEC's default class_ID
+# We will categorize events as "unknown" if a match could not be found...
+my $sig_class_id=2; # We will try to fetch the correct class_id later.
+
+my($sig_class_name,$taillog);
+# ---------------------------------------------------------------------------
+# Arguments parsing
+# ---------------------------------------------------------------------------
+while (@ARGV){
+ $_= shift @ARGV;
+ if (m/^-d$|^--daemon$/){
+ $conf{daemonize}=1;
+ }elsif ( m/^-h$|^--help$/){
+ &help();
+ }elsif ( m/^-n$|^--noname$/){
+ $conf{'resolve'}=0;
+ }elsif ( m/^-v$|^--verbose$/){
+ $VERBOSE=1;
+ }elsif ( m/^--interface$/){
+ $conf{hids_interface}= shift @ARGV if @ARGV; # ossec-rt/ossec-feed
+ }elsif ( m/^--sensor$/){
+ $conf{sensor}= shift @ARGV if @ARGV; # monitor
+ }elsif ( m/^--conf$/){
+ $conf{conf}= shift @ARGV if @ARGV; # localhost
+ &loadconf(\%conf);
+ }elsif ( m/^--dbhost$/){
+ $conf{dbhost}= shift @ARGV if @ARGV; # localhost
+ }elsif ( m/^--dbport$/){
+ $conf{dbport}= shift @ARGV if @ARGV; # localhost
+ }elsif ( m/^--dbname$/){
+ $conf{database}= shift @ARGV if @ARGV; # snort
+ }elsif ( m/^--dbuser$/){
+ $conf{dbuser}= shift @ARGV if @ARGV; # root
+ }elsif ( m/^--dbpass$/){
+ $conf{dbpasswd}= shift @ARGV if @ARGV; # monitor
+ }
+
+}
+if ($conf{dbpasswd}=~ m/^--stdin$/){
+ print "dbpassword:";
+ $conf{dbpasswd}=<>;
+ chomp $conf{dbpasswd};
+}
+$hids=$conf{sensor} if exists($conf{sensor});
+$hids_interface=$conf{hids_interface} if exists($conf{hids_interface});
+
+# START IN DAEMON MODE ?
+&daemonize() if $conf{daemonize};
+
+my $dbi= ossecmysql->new(%conf) || die ("Could not connect to $conf{dbhost}:$conf{dbport}:$conf{database} as $conf{dbpasswd}\n");
+
+####
+# SQL vars;
+my ($query,$numrows,$row_ref);
+
+####
+#get sensor id
+$query= 'select sid,last_cid from sensor where hostname=? and interface=?';
+$numrows= $dbi->execute($query,$hids,$hids_interface);
+if (1==$numrows){
+ $row_ref=$dbi->{sth}->fetchrow_hashref;
+ $hids_id=$row_ref->{sid};
+ $last_cid=$row_ref->{last_cid};
+}else{
+ $query="INSERT INTO sensor ( sid , hostname , interface , filter , detail , encoding , last_cid )
+VALUES (
+NULL , ?, ? , NULL , ? , ?, ?
+)";
+ $numrows= $dbi->execute($query,$hids,$hids_interface,1,2,0);
+ $hids_id=$dbi->lastid();
+}
+$dbi->{sth}->finish;
+&forceprintlog ("SENSOR:$hids; feed:$hids_interface; id:$hids_id; last cid:$last_cid");
+
+my $newrecord=0;
+my %stats;
+my %resolv;
+my ($timestamp,$sec,$mail,$date,$alerthost,$alerthostip,$datasource,$rule,$level,$description,
+ $srcip,$dstip,$user,$text,$filtered,$osseclevel)=();
+my $lasttimestamp=0;
+my $delta=0;
+
+&taillog($last_cid,$LOG);
+################################################################
+sub forceprintlog(){
+ $tempvar=$VERBOSE;
+ $VERBOSE=1;
+ &printlog (@_);
+ $VERBOSE=$tempvar;
+}
+
+sub taillog {
+ my ($last_cid,$LOG)=@_;
+ while (<>) {
+ if (m/^$/){
+ # we reached a newline, finish up with current record.
+ $newrecord=1;
+ next unless $timestamp;
+ $alerthostip=$alerthost if $alerthost=~ m/^$IP$/;
+
+ # Populate DST IP
+ if ($alerthostip){
+ $dstip=$alerthostip;
+ $resolv{$alerthost}=$dstip;
+
+ }else{
+ if (exists $resolv{$alerthost}){
+ $dstip=$resolv{$alerthost};
+ }else{
+ if ($conf{'resolve'}){
+ if ($alerthost =~m/(\d+\.\d+\.\d+\.\d+)/ ){
+ $dstip=$1;
+ }else{
+ # the "host" command doesn't work with Flatname\NetBIOS names.
+ # The server's hostname is almost always a flatname and OSSEC
+ # doesn't return an IP for alerts generated from localhost.
+ # Ex. 2013 Jan 24 15:51:36 ubuntu->/var/log/auth.log
+ my $x = `cat /etc/hostname`; # get Host's hostname
+ chomp $x; # remove extra lines, if any.
+ if ($x eq $alerthost) { # Validate if $alerthost is us, localhost.
+ $dstip='127.0.0.1'; # Snorby does not allow empty\"0" as IP value.
+ }else{
+ my $fetch=&host2ip($alerthost);
+
+ if (defined $fetch){
+ $dstip=$fetch;
+ }else{
+ $dstip=$srcip;
+ }
+ }
+ }
+ }
+ $resolv{$alerthost}=$dstip;
+ }
+ }
+
+ #Populate SRC IP (requires dstip to be populated)
+ if (! defined $srcip) {
+ if (defined $dstip) {
+ #Feb 6 15:18:21 1.1.1.1 %ASA-3-313001: Denied ICMP type=3, code=3 from 111.111.1.1 on interface OUTSIDE
+ $filtered =~ s/$dstip//; # filter out known dstip from log output.
+ $srcip=$1 if $filtered=~ m/\s($IP)\s/; # Search all text for an IP address.
+ # This could easily bug out with logs that contains
+ # version numbering such as mysql 1.3.4.5.
+ }
+ # Windows logs include "User Name" in their log output. Some companies name their employees's PCs after its users which is
+ # resolvable via DNS.
+ # Windows logs may state a computer name as "User Name". Lets strip out the "$" from the computer name...
+ if (defined $user and ! defined $srcip) {
+ my $u=$user;
+ $u=~ s/\$//; # remove "$" from computer names.
+
+ my $fetch=&host2ip($u);
+ $srcip=$fetch if (defined $fetch);
+ }
+ if (! defined $srcip or $srcip eq '') {
+ # NO recognizable IPs or User Names were found on log output,
+ # this suggests the log was generated by dstip.
+ $srcip=$dstip;
+ }
+ }
+ #
+ $last_cid= &prepair2basedata(
+ $hids_id,
+ $last_cid,
+ $timestamp,
+ $sec,
+ $mail,
+ $date,
+ $alerthost,
+ $datasource,
+ $rule,
+ $level,
+ $description,
+ $srcip,
+ $dstip,
+ $user,
+ $text
+ );
+ ($timestamp,$sec,$mail,$date,$alerthost,$alerthostip,$datasource,$rule,$level,$description,
+ $srcip,$dstip,$user,$text)=();
+ next ;
+ }
+ if (m/^\*\* Alert ([0-9]+).([0-9]+):(.*)$/){
+ $timestamp=$1;
+ if ( $timestamp == $lasttimestamp){
+ $delta++;
+ }else{
+ $delta=0;
+ $lasttimestamp=$timestamp;
+ }
+ $sec=$2;
+ $mail=$3;
+ $mail=$mail ? $mail : 'nomail';
+#2006 Aug 29 17:19:52 firewall -> /var/log/messages
+#2006 Aug 30 11:52:14 192.168.0.45->/var/log/secure
+#2006 Sep 12 11:12:16 92382-Snort1 -> 172.16.176.132
+ }elsif ( m/^([0-9]+\s\w+\s[0-9]+\s[0-9]+:[0-9]+:[0-9]+)\s+(\S+)\s*->(.*)$/){
+ $date=$1;
+ $alerthost=$2;
+ $datasource=$3;
+ if ($datasource=~ m/(\d+\.\d+\.\d+\.\d+)/){
+ $alerthost=$1;
+ $datasource="remoted";
+ }
+#2006 Aug 29 17:33:31 (recepcao) 10.0.3.154 -> syscheck
+ }elsif ( m/^([0-9]+\s\w+\s[0-9]+\s[0-9]+:[0-9]+:[0-9]+)\s+\((.*?)\)\s+(\S+)\s*->(.*)$/){
+ $date=$1;
+ $alerthost=$2;
+ $alerthostip=$3;
+ $datasource=$4;
+ }elsif ( m/^([0-9]+\s\w+\s[0-9]+\s[0-9]+:[0-9]+:[0-9]+)\s(.*?)$/){
+ $date=$1;
+ $alerthost='localhost';
+ $datasource=$2;
+ }elsif ( m/Rule: ([0-9]+) \(level ([0-9]+)\) -> \'(.*)\'$/ ){
+ $rule=$1;
+ $level=$2;
+ $osseclevel=$level; # Keep copy of OSSEC level as it will later be converted to snort level.
+ $description= $3;
+ }elsif ( m/src\s?ip:/i){
+ if ( m/($IP)/){
+ $srcip=$1;
+ }else{
+ $srcip='1'; # Snorby doesn't like srcip\dstip = 0\null.
+ }
+ }elsif ( m/User: (.*)$/){
+ $user=$1;
+ }elsif ( m/(.*)$/){
+ my $x=$1;
+
+ # Get IP from User Name + DNS query.
+ if (! defined $user){
+ if ( m/User\s?Name:\s?(\S+)\s/i){
+ my $u=$1;
+ $user="$u";
+ }
+ }
+ $x =~ s/(.$)/$1\r\n/; # lets multiline this string for cleaner output once $payload wordwraps it.
+ $text .=$x;
+
+ # This variable will be used to populate srcip once we reach the end of the current log entry.
+ $filtered=$text;
+ }
+ } # End of while read line
+}
+
+sub ossec_aton(){
+ my ($ip)=@_;
+ if ($ip=~ m/(\d+)\.(\d+)\.(\d+)\.(\d+)/){
+ my $num= ($1 * 256 ** 3) + ($2 * 256 ** 2)+ ($3 * 256 ** 1)+ ($4);
+
+ return "$num";
+ }else{
+ return "1"; # Snorby has a bug where it wont ouput "N\A" on the IP columns if srcip\dstip = 0\null
+ }
+
+}
+
+sub prepair2basedata(){
+ my (
+ $hids_id,
+ $last_cid,
+ $timestamp,
+ $sec,
+ $mail,
+ $date,
+ $alerthost,
+ $datasource,
+ $rule,
+ $level,
+ $description,
+ $srcip,
+ $dstip,
+ $user,
+ $text
+ )=@_;
+ my ($payload,$count,$query,$row_ref,$sig_id);
+
+
+###
+# Get sig_class_id
+#
+# Note: the original script stated sig_class_id as "1" by default which in BASE might be ok but for
+# snorby it maps to a category of "not-suspicious" which is not efficient when stats are ran based on
+# event categories alone...
+#
+# Furthermore, OSSEC allows a rule to have multiple categories assigned to it which snorby was not prepared to handle GUI
+# wize. (The event details contains a small section where the category value can be shown, this section is too small
+# to show OSSEC's sometimes long category results such as :
+# syslog,sshd,invalid_login,authentication_failed,)
+#
+# We will use the last category shown only...This isn't the correct approach but my programing skills prevent me
+# from providing a better solution.
+
+ # ex: - syslog,sshd,invalid_login,authentication_failed,
+ if ($mail=~ m/\.*\,?(\w+\_?\w+)\,?$/){ # $mail contains the rule's categories. No clue why its named $mail...
+ $sig_class_name=$1;
+ &printlog ("SIG_CLASS_NAME: $sig_class_name \n");
+ $query = "SELECT sig_class_id FROM category WHERE cat_name=?";
+ $dbi->execute($query,$sig_class_name);
+ $count=$dbi->{sth}->rows;
+ if ($count){
+ $row_ref=$dbi->{sth}->fetchrow_hashref;
+ $sig_class_id=$row_ref->{sig_class_id};
+ &printlog ("SIG_CLASS_ID: $sig_class_id");
+ }else{
+ &printlog ("SIG_CLASS_ID NOT FOUND. USING DEFAULT SIG.");
+ $sig_class_id=2;
+ }
+ }else{
+ &printlog ("COULD NOT GET A RULE CATEGORY. USING DEFAULT SIG.");
+ $sig_class_id=2;
+ }
+
+###
+#
+# Get/Set signature id
+
+ # Convert OSSEC Severity to Snort Severity.
+ # Dont modify this after having live data on Snorby as it will create duplicated
+ # sig_names.
+ $level=4 if ($level <= 4); # Informational only.
+ $level=3 if ($level == 5); # User generated errors \ low severity.
+ $level=2 if (($level >= 6) && ($level <=11)); # Low to mid severity attacks.
+ $level=1 if ($level >= 12); # High importance events \ Successfull attacks \ all our bases belong to them!
+
+ $query = "SELECT sig_id FROM signature where sig_name=? and sig_class_id=? and sig_priority=? and sig_rev=? and sig_sid=? and sig_gid is NULL";
+ $dbi->execute($query,$description,$sig_class_id,$level,0,$rule);
+ $count=$dbi->{sth}->rows;
+ if ($count){
+ $row_ref=$dbi->{sth}->fetchrow_hashref;
+ $sig_id=$row_ref->{sig_id};
+ &printlog ("REUSING SIGNATURE\n");
+ }else{
+ $query="INSERT INTO signature ( sig_id , sig_name , sig_class_id , sig_priority , sig_rev , sig_sid , sig_gid )
+VALUES (
+NULL ,?, ? , ? , ? , ?, NULL
+)";
+ $dbi->execute($query,$description,$sig_class_id,$level,0,$rule);
+ $sig_id = $dbi->lastid();
+ }
+ $dbi->{sth}->finish;
+ &printlog ("SIGNATURE: $sig_id\n");
+
+
+ ############################
+ ############################
+ #DEBUG
+ # &printlog ("filtered: $filtered \n");
+ # &printlog ("SRC IP: $srcip \n");
+ # &printlog ("DST IP: $dstip \n");
+ # &printlog ("mail: $mail \n");
+ # &printlog ("sig_class_name: $sig_class_name");
+ # &printlog ("date: $date \n");
+ # &printlog ("alerthost: $alerthost \n");
+ # &printlog ("rule: $rule \n");
+ # &printlog ("level: $level \n");
+ # &printlog ("OSSEC level: $osseclevel \n");
+ # &printlog ("USER: $user \n");
+ # &printlog ("text: $text \n");
+ # &printlog ("sec?: $sec \n");
+ # &printlog ("datasource: $datasource \n");
+ # &printlog ("description: $description \n");
+ # exit 1;
+ ############################
+
+
+#######
+#
+# Set event
+ $query="INSERT INTO event ( sid , cid , signature , timestamp )
+VALUES (
+? , ? , ? ,?
+)";
+ $last_cid++;
+ $dbi->execute($query,$hids_id,$last_cid,$sig_id,&fixdate2base($date));
+
+ &printlog ("EVENT: ($query,$hids_id,$last_cid,$sig_id,&fixdate2base($date)\n");
+ $dbi->{sth}->finish;
+#########
+#
+# Set iphdr
+
+ # And yet again,Snorby doesn't like empty IP fields; Validate if srcip or dstip are empty.
+ $srcip = "1" if !defined $srcip; # leaving the fields srcip / dstip with a value = 0
+ $dstip = "1" if !defined $dstip; # causes output to get messed up on the GUI.
+
+ $query=" INSERT INTO iphdr ( sid , cid , ip_src , ip_dst , ip_ver , ip_hlen , ip_tos , ip_len , ip_id , ip_flags , ip_off , ip_ttl , ip_proto , ip_csum )
+VALUES (
+? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?
+) ";
+ $dbi->execute($query,$hids_id,$last_cid,&ossec_aton($srcip),&ossec_aton($dstip),4,5,0,20,0,0,0,0,0,0);
+ &printlog ("iphdr: ($query,$hids_id,$last_cid,&ossec_aton($srcip),&ossec_aton($dstip),4,5,0,undef,undef,undef,undef,undef,undef,undef)\n");
+ $dbi->{sth}->finish;
+
+#########
+#
+#
+# Set data
+ $payload = "$date ($alerthost) $dstip->$datasource\r\nRule: $rule (OSSEC level $osseclevel) -> $description\r\n$text";
+ $payload =~ s/(.{1,109}\S|\S+)\s+/$1\r\n/mg; # Snorby does not wordwrap the payload, lets wrap the first 109 non-whitespace chars.
+ $payload = unpack("H*",$payload); # Convert to HEX
+
+ $query=" INSERT INTO data ( sid , cid , data_payload )
+VALUES (
+?,?,?)";
+ $dbi->execute($query,$hids_id,$last_cid,$payload);
+ &printlog ("DATA: ($query,$hids_id,$last_cid,$payload)\n");
+ $dbi->{sth}->finish;
+##########
+#
+ $query="UPDATE sensor SET last_cid=? where sid=? limit 1";
+ $numrows= $dbi->execute($query,$last_cid,$hids_id);
+
+ $dbi->{sth}->finish;
+ return $last_cid;
+} # end sub
+
+sub host2ip {
+ # This sub requires argument 0 to be a named host. We also need to know
+ # the domain to which we belong to in order to append it to the host if
+ # its a flatname host.
+ my $host=$_[0];
+ my $domain=$conf{domain} if exists($conf{domain});
+ my $CMD;
+
+ # Validate if we were fed a flatnamed host or a FQDN.
+ if ($host =~ m/.*\..+/){
+ # FQDN
+ $CMD=`host $host 2>/dev/null | grep 'has address' `;
+ if ($CMD =~m/(\d+\.\d+\.\d+\.\d+)/ ){
+ return($1);
+ }else{
+ return undef; # return False.
+ }
+
+ }else{
+ # FLATNAME
+ if (! defined $domain or $domain eq ''){
+ &printlog ('[WARNING]: domain value was not populated on ossec2snorby.conf." .
+ " DNS resolutions cannot be completed for NetBIOS\Flatname hosts.');
+ return undef;
+ }
+
+ # There is an extra "." after $domain, this is to ensure linux
+ # does not append "localdomain" at the end of the host.
+ $CMD=`host $host.$domain. 2>/dev/null | grep 'has address' `;
+ if ($CMD =~m/(\d+\.\d+\.\d+\.\d+)/ ){
+ return($1);
+ }else{
+ return undef; # return False.
+ }
+ }
+}
+
+sub fixdate2base(){
+ my ($date)=@_;
+ $date=~ s/ Jan /-01-/;
+ $date=~ s/ Feb /-02-/;
+ $date=~ s/ Mar /-03-/;
+ $date=~ s/ Apr /-04-/;
+ $date=~ s/ May /-05-/;
+ $date=~ s/ Jun /-06-/;
+ $date=~ s/ Jul /-07-/;
+ $date=~ s/ Aug /-08-/;
+ $date=~ s/ Sep /-09-/;
+ $date=~ s/ Oct /-10-/;
+ $date=~ s/ Nov /-11-/;
+ $date=~ s/ Dec /-12-/;
+ $date=~ s/\s$//g;
+ return $date;
+}
+sub version(){
+ print "OSSEC report tool $VERSION\n";
+ print "Licensed under GPL\n";
+ print "Contributor Meir Michanie\n";
+}
+
+sub help(){
+ &version();
+ print "This tool helps you import into base the alerts generated by ossec."
+ . " More info in the doc directory .\n";
+ print "Usage:\n";
+ print "$0 [-h|--help] # This text you read now\n";
+ print "Options:\n";
+ print "\t--dbhost <hostname>\n";
+ print "\t--dbname <database>\n";
+ print "\t--dbport <[0-9]+>\n";
+ print "\t--dbpass <dbpasswd>\n";
+ print "\t--dbuser <dbuser>\n";
+ print "\t-d|--daemonize\n";
+ print "\t-n|--noname\n";
+ print "\t-v|--verbose\n";
+ print "\t--conf <ossec2based-config>\n";
+ print "\t--sensor <sensor-name>\n";
+ print "\t--interface <ifname>\n";
+
+ exit 0;
+}
+
+
+sub daemonize {
+ my $running = kill 0, `cat /var/run/ossec2base2.pid`;
+ if ($running){
+ print "OSSEC2SNORBY is already running...\n";
+ exit 1;
+ }
+
+ chdir '/' or die "Can't chdir to /: $!";
+
+ open STDOUT, ">>$DAEMONLOGFILE"
+ or die "Can't write to $DAEMONLOGFILE: $!";
+
+ # I may be mistaken but the original script didn't seem to actually
+ # tail the logs. It would run until it hit EOF and then exit script.
+ $taillog= open STDIN,"-|", "/usr/bin/tail", "-Fn 0", "$LOG";
+ if ($taillog){
+ &forceprintlog ("Daemon started TAIL PID: $taillog");
+ &forceprintlog ("NOW MONITORING: $LOG");
+ }else{
+ &forceprintlog ("Could not start daemon on $LOG: $!");
+ exit 1;
+ }
+
+ defined(my $pid = fork) or die "Can't fork: $!";
+ if ($pid){
+ open (PIDFILE , ">/var/run/ossec2snorby.pid") ;
+ print PIDFILE "$pid\n";
+ close (PIDFILE);
+ exit 0;
+ }
+ setsid or die "Can't start a new session: $!";
+ open STDERR, ">>$DAEMONLOGERRORFILE" or die "Can't write to $DAEMONLOGERRORFILE: $!";
+}
+
+sub gracefulend(){
+ my ($signal)=@_;
+ &forceprintlog ("Terminating upon signal $signal");
+ &forceprintlog ("Daemon halted");
+ # This might be paranoid or simply useless but better safe than sorry.
+ close STDOUT or die "WARNING: Closing STDOUT failed.";
+ close STDERR or die "WARNING: Closing STDERR failed.";
+ kill 3, $taillog or die "WARNING: Closing $taillog failed.";
+ close STDIN or die "WARNING: Closing STDIN failed.";
+ exit 0;
+}
+
+sub printlog(){
+ return unless $VERBOSE;
+ my (@lines)=@_;
+ foreach my $line(@lines){
+ chomp $line;
+ my ($date)=scalar localtime;
+ $date=~ s/^\S+\s+(\S+.*\s[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}).*$/$1/;
+ print "$date $LOGGER: $line\n";
+ }
+ }
+
+
+sub loadconf(){
+ my ($hash_ref)=@_;
+ my $conf=$hash_ref->{conf};
+ unless (-f $conf) { &printlog ("ERROR: I can't find config file $conf"); exit 1;}
+ unless (open ( CONF , "$conf")){ &printlog ("ERROR: I can't open file $conf");exit 1;}
+ while (<CONF>){
+ next if m/^$|^#/;
+ if ( m/^(\S+)\s?=\s?(.*?)$/) {
+ $hash_ref->{$1} = $2;
+ }
+ }
+ close CONF;
+}
diff --git a/contrib/ossec2snorby/ossec2snorby.sh b/contrib/ossec2snorby/ossec2snorby.sh
new file mode 100644
index 0000000..8ead14d
--- /dev/null
+++ b/contrib/ossec2snorby/ossec2snorby.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+#
+# Init file for ossec2snorby.pl
+#
+#
+# chkconfig: 2345 40 60
+# description: ossec2snorby is an output processor for ossec.
+#
+# processname: ossec2snorby
+# config: /etc/ossec2snorby.conf
+# pidfile: /var/run/ossec2snorby.pid
+
+[ -x /usr/local/bin/ossec2snorby/ossec2snorby.pl ] || { echo " [ERROR]: ossec2snorby.pl non existant or not executable..."; exit 1; }
+[ -r /etc/ossec2snorby.conf ] || { echo " [ERROR]: ossec2snorby.conf was not found..."; exit 1; }
+[ -r /usr/local/bin/ossec2snorby/ossecmysql.pm ] || { echo " [ERROR]: ossecmysql was not found..."; exit 1; }
+
+### Default variables
+SYSCONFIG="/etc/ossec2snorby.conf"
+
+### Read configuration
+[ -r "$SYSCONFIG" ] && . "$SYSCONFIG"
+
+RETVAL=0
+prog="ossec2snorby.pl"
+homedir="/usr/local/bin/ossec2snorby"
+desc="Ossec Output Processor"
+
+start() {
+ echo -n $"Starting $desc ($prog): "
+
+ PIDFILE="/var/run/ossec2snorby.pid"
+ OPTS="--conf $SYSCONFIG -d"
+ $homedir/$prog $OPTS
+
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch /var/lock/$prog
+ return $RETVAL
+}
+
+stop() {
+ echo -n $"Shutting down $desc ($prog): "
+ kill -n 3 $homedir/$prog
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/$prog
+ return $RETVAL
+}
+
+restart() {
+ stop
+ start
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/$prog ] && restart
+ RETVAL=$?
+ ;;
+ status)
+ status $prog
+ RETVAL=$?
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|status}"
+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/contrib/ossec2snorby/ossec2snorby_category.sql b/contrib/ossec2snorby/ossec2snorby_category.sql
new file mode 100644
index 0000000..cf29f6d
--- /dev/null
+++ b/contrib/ossec2snorby/ossec2snorby_category.sql
@@ -0,0 +1,171 @@
+/*
+Navicat MySQL Data Transfer
+
+Source Server : generic-localhost
+Source Server Version : 50167
+Source Host : localhost:3306
+Source Database : snorby
+
+Target Server Type : MYSQL
+Target Server Version : 50167
+File Encoding : 65001
+
+Date: 2013-01-28 16:35:59
+*/
+
+SET FOREIGN_KEY_CHECKS=0;
+-- ----------------------------
+-- Table structure for `category`
+-- ----------------------------
+DROP TABLE IF EXISTS `category`;
+CREATE TABLE `category` (
+ `cat_id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+ `sig_class_id` smallint(5) NOT NULL,
+ `cat_name` varchar(32) NOT NULL,
+ PRIMARY KEY (`cat_id`),
+ UNIQUE KEY `cat_name` (`cat_name`),
+ KEY `cat_name_2` (`cat_name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Records of category
+-- ----------------------------
+INSERT INTO `category` VALUES ('1', '1', 'syslog');
+INSERT INTO `category` VALUES ('2', '29', 'firewall');
+INSERT INTO `category` VALUES ('3', '29', 'ids');
+INSERT INTO `category` VALUES ('4', '1', 'web-log');
+INSERT INTO `category` VALUES ('5', '1', 'squid');
+INSERT INTO `category` VALUES ('6', '1', 'windows');
+INSERT INTO `category` VALUES ('7', '1', 'ossec');
+INSERT INTO `category` VALUES ('8', '9', 'pam');
+INSERT INTO `category` VALUES ('9', '11', 'authentication_success');
+INSERT INTO `category` VALUES ('10', '18', 'authentication_failed');
+INSERT INTO `category` VALUES ('11', '18', 'invalid_login');
+INSERT INTO `category` VALUES ('12', '18', 'authentication_failures');
+INSERT INTO `category` VALUES ('13', '1', 'sshd');
+INSERT INTO `category` VALUES ('14', '4', 'recon');
+INSERT INTO `category` VALUES ('15', '28', 'exploit_attempt');
+INSERT INTO `category` VALUES ('16', '1', 'telnetd');
+INSERT INTO `category` VALUES ('17', '3', 'errors');
+INSERT INTO `category` VALUES ('18', '29', 'low_diskspace');
+INSERT INTO `category` VALUES ('19', '29', 'service_availability');
+INSERT INTO `category` VALUES ('20', '29', 'nfs');
+INSERT INTO `category` VALUES ('21', '29', 'xinetd');
+INSERT INTO `category` VALUES ('22', '29', 'access_control');
+INSERT INTO `category` VALUES ('23', '18', 'access_denied');
+INSERT INTO `category` VALUES ('24', '22', 'connection_attempt');
+INSERT INTO `category` VALUES ('25', '1', 'mail');
+INSERT INTO `category` VALUES ('26', '1', 'smartd');
+INSERT INTO `category` VALUES ('27', '1', 'linuxkernel');
+INSERT INTO `category` VALUES ('28', '1', 'promisc');
+INSERT INTO `category` VALUES ('29', '1', 'system_shutdown');
+INSERT INTO `category` VALUES ('30', '1', 'cron');
+INSERT INTO `category` VALUES ('31', '19', 'su');
+INSERT INTO `category` VALUES ('32', '1', 'tripwire');
+INSERT INTO `category` VALUES ('33', '1', 'adduser');
+INSERT INTO `category` VALUES ('34', '19', 'sudo');
+INSERT INTO `category` VALUES ('35', '29', 'pptp');
+INSERT INTO `category` VALUES ('36', '1', 'fts');
+INSERT INTO `category` VALUES ('37', '1', 'dpkg');
+INSERT INTO `category` VALUES ('38', '1', 'config_changed');
+INSERT INTO `category` VALUES ('39', '1', 'yum');
+INSERT INTO `category` VALUES ('40', '29', 'arpwatch');
+INSERT INTO `category` VALUES ('41', '29', 'new_host');
+INSERT INTO `category` VALUES ('42', '30', 'ip_spoof');
+INSERT INTO `category` VALUES ('43', '1', 'symantec');
+INSERT INTO `category` VALUES ('44', '17', 'virus');
+INSERT INTO `category` VALUES ('45', '29', 'pix');
+INSERT INTO `category` VALUES ('46', '1', 'account_changed');
+INSERT INTO `category` VALUES ('47', '3', 'system_error');
+INSERT INTO `category` VALUES ('48', '1', 'named');
+INSERT INTO `category` VALUES ('49', '10', 'invalid_access');
+INSERT INTO `category` VALUES ('50', '3', 'client_misconfig');
+INSERT INTO `category` VALUES ('51', '29', 'smbd');
+INSERT INTO `category` VALUES ('52', '29', 'vsftpd');
+INSERT INTO `category` VALUES ('53', '29', 'pure-ftpd');
+INSERT INTO `category` VALUES ('54', '29', 'proftpd');
+INSERT INTO `category` VALUES ('55', '29', 'msftp');
+INSERT INTO `category` VALUES ('56', '29', 'ftpd');
+INSERT INTO `category` VALUES ('57', '29', 'hordeimp');
+INSERT INTO `category` VALUES ('58', '29', 'roundcube');
+INSERT INTO `category` VALUES ('59', '1', 'wordpress');
+INSERT INTO `category` VALUES ('60', '29', 'cimserver');
+INSERT INTO `category` VALUES ('61', '29', 'vpopmail');
+INSERT INTO `category` VALUES ('62', '29', 'vm-pop3d');
+INSERT INTO `category` VALUES ('63', '29', 'courier');
+INSERT INTO `category` VALUES ('64', '29', 'web');
+INSERT INTO `category` VALUES ('65', '1', 'accesslog');
+INSERT INTO `category` VALUES ('66', '28', 'attack');
+INSERT INTO `category` VALUES ('67', '30', 'sql_injection');
+INSERT INTO `category` VALUES ('68', '27', 'web_scan');
+INSERT INTO `category` VALUES ('69', '29', 'appsec');
+INSERT INTO `category` VALUES ('70', '29', 'apache');
+INSERT INTO `category` VALUES ('71', '22', 'automatic_attack');
+INSERT INTO `category` VALUES ('72', '22', 'unknown_resource');
+INSERT INTO `category` VALUES ('73', '3', 'invalid_request');
+INSERT INTO `category` VALUES ('74', '1', 'mysql_log');
+INSERT INTO `category` VALUES ('75', '1', 'postgresql_log');
+INSERT INTO `category` VALUES ('76', '29', 'firewall_drop');
+INSERT INTO `category` VALUES ('77', '23', 'multiple_drops');
+INSERT INTO `category` VALUES ('78', '29', 'cisco_ios');
+INSERT INTO `category` VALUES ('79', '29', 'netscreenfw');
+INSERT INTO `category` VALUES ('80', '29', 'sonicwall');
+INSERT INTO `category` VALUES ('81', '1', 'postfix');
+INSERT INTO `category` VALUES ('82', '32', 'spam');
+INSERT INTO `category` VALUES ('83', '32', 'multiple_spam');
+INSERT INTO `category` VALUES ('84', '29', 'sendmail');
+INSERT INTO `category` VALUES ('85', '29', 'smf-sav');
+INSERT INTO `category` VALUES ('86', '29', 'imapd');
+INSERT INTO `category` VALUES ('87', '29', 'mailscanner');
+INSERT INTO `category` VALUES ('88', '29', 'dovecot');
+INSERT INTO `category` VALUES ('89', '29', 'ms');
+INSERT INTO `category` VALUES ('90', '29', 'exchange');
+INSERT INTO `category` VALUES ('91', '29', 'racoon');
+INSERT INTO `category` VALUES ('92', '29', 'cisco_vpn');
+INSERT INTO `category` VALUES ('93', '29', 'spamd');
+INSERT INTO `category` VALUES ('94', '10', 'win_authentication_failed');
+INSERT INTO `category` VALUES ('95', '1', 'policy_changed');
+INSERT INTO `category` VALUES ('96', '1', 'group_changed');
+INSERT INTO `category` VALUES ('97', '1', 'win_group_changed');
+INSERT INTO `category` VALUES ('98', '1', 'logs_cleared');
+INSERT INTO `category` VALUES ('99', '1', 'login_denied');
+INSERT INTO `category` VALUES ('100', '1', 'time_changed');
+INSERT INTO `category` VALUES ('101', '1', 'group_created');
+INSERT INTO `category` VALUES ('102', '1', 'win_group_created');
+INSERT INTO `category` VALUES ('103', '2', 'group_deleted');
+INSERT INTO `category` VALUES ('104', '2', 'win_group_deleted');
+INSERT INTO `category` VALUES ('105', '30', 'attacks');
+INSERT INTO `category` VALUES ('106', '1', 'mcafee');
+INSERT INTO `category` VALUES ('107', '1', 'trend_micro');
+INSERT INTO `category` VALUES ('108', '1', 'ocse');
+INSERT INTO `category` VALUES ('109', '1', 'ocsevirus');
+INSERT INTO `category` VALUES ('110', '1', 'mse');
+INSERT INTO `category` VALUES ('111', '30', 'zeus');
+INSERT INTO `category` VALUES ('112', '1', 'solaris_bsm');
+INSERT INTO `category` VALUES ('113', '1', 'vmware');
+INSERT INTO `category` VALUES ('114', '29', 'dhcp');
+INSERT INTO `category` VALUES ('115', '1', 'service_start');
+INSERT INTO `category` VALUES ('116', '29', 'dhcp_lease_action');
+INSERT INTO `category` VALUES ('117', '29', 'dhcp_dns_maintenance');
+INSERT INTO `category` VALUES ('118', '29', 'dhcp_maintenance');
+INSERT INTO `category` VALUES ('119', '30', 'dhcp_rogue_server');
+INSERT INTO `category` VALUES ('120', '29', 'dhcp_ipv6');
+INSERT INTO `category` VALUES ('121', '29', 'asterisk');
+INSERT INTO `category` VALUES ('122', '1', 'rootcheck');
+INSERT INTO `category` VALUES ('123', '1', 'syscheck');
+INSERT INTO `category` VALUES ('124', '1', 'process_monitor');
+INSERT INTO `category` VALUES ('125', '1', 'agentless');
+INSERT INTO `category` VALUES ('126', '1', 'hostinfo');
+INSERT INTO `category` VALUES ('127', '1', 'active_response');
+INSERT INTO `category` VALUES ('128', '13', 'elevation_of_privilege');
+INSERT INTO `category` VALUES ('129', '1', 'local');
+INSERT INTO `category` VALUES ('130', '1', 'openbsd');
+INSERT INTO `category` VALUES ('131', '1', 'openbsdgroupdel');
+INSERT INTO `category` VALUES ('132', '1', 'clamd');
+INSERT INTO `category` VALUES ('133', '1', 'freshclam');
+INSERT INTO `category` VALUES ('134', '1', 'bro');
+INSERT INTO `category` VALUES ('135', '30', 'dropbear');
+INSERT INTO `category` VALUES ('136', '30', 'dropbearauthentication_failed');
+INSERT INTO `category` VALUES ('137', '4', 'dropbearauthentication_failures');
+INSERT INTO `category` VALUES ('138', '4', 'dropbearrecon');
+INSERT INTO `category` VALUES ('139', '5', 'dropbearauthentication_success');
diff --git a/contrib/ossec2snorby/ossec2snorby_ubuntu.sh b/contrib/ossec2snorby/ossec2snorby_ubuntu.sh
new file mode 100644
index 0000000..9fbc9b2
--- /dev/null
+++ b/contrib/ossec2snorby/ossec2snorby_ubuntu.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Init file for ossec2snorby.pl
+#
+#
+# chkconfig: 2345 40 60
+# description: ossec2snorby is an output processor for ossec.
+#
+# processname: ossec2snorby
+# config: /etc/ossec2snorby.conf
+# pidfile: /var/run/ossec2snorby.pid
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/local/bin/ossec2snorby/ossec2snorby.pl
+PERLPATH=`which perl` || { echo " [ERROR]:perl not found."; exit 1; }
+NAME="ossec2snorby.pl"
+DESC="Ossec2Snorby Output Processor"
+PIDFILE="/var/run/ossec2snorby.pid"
+CONFIGFILE="/etc/ossec2snorby.conf"
+OPTS="--conf $CONFIGFILE -d"
+
+[ -x $DAEMON ] || { echo " [ERROR]: ossec2snorby.pl non existant or not executable..."; exit 1; }
+[ -r $CONFIGFILE ] || { echo " [ERROR]: ossec2snorby.conf was not found..."; exit 1; }
+[ -r /usr/local/bin/ossec2snorby/ossecmysql.pm ] || { echo " [ERROR]: ossecmysql was not found..."; exit 1; }
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --background --start --exec $DAEMON -- $OPTS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile $PIDFILE
+ rm -f $PIDFILE
+ echo "$NAME."
+ ;;
+ restart)
+ echo -n "Restarting $DESC: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile $PIDFILE
+ rm -f $PIDFILE
+ sleep 2
+ start-stop-daemon --start --background --start --exec $DAEMON -- $OPTS
+ echo "$NAME."
+ ;;
+ status) # NOT WORKING !!!
+ status_of_proc -p "$PIDFILE" "$PERLPATH" "perl && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: $0 { start | restart | stop }" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
\ No newline at end of file
diff --git a/contrib/specs/._getattr.pl b/contrib/specs/._getattr.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/specs/._getattr.pl and /dev/null differ
diff --git a/contrib/specs/._remove_ossec b/contrib/specs/._remove_ossec
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/specs/._remove_ossec and /dev/null differ
diff --git a/contrib/specs/agent/._ossec-hids-agent.spec b/contrib/specs/agent/._ossec-hids-agent.spec
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/specs/agent/._ossec-hids-agent.spec and /dev/null differ
diff --git a/contrib/specs/agent/._preloaded-vars.conf b/contrib/specs/agent/._preloaded-vars.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/specs/agent/._preloaded-vars.conf and /dev/null differ
diff --git a/contrib/specs/agent/ossec-hids-agent.spec b/contrib/specs/agent/ossec-hids-agent.spec
index c959b58..09d5b79 100644
--- a/contrib/specs/agent/ossec-hids-agent.spec
+++ b/contrib/specs/agent/ossec-hids-agent.spec
@@ -17,7 +17,7 @@ Summary: Open Source Host-based Intrusion Detection System (Server)
Name: ossec-hids-agent-FC7
Version: 1.3
Release: 1
-License: GPLv3
+License: GPLv2
Group: Applications/Security
URL: http://www.ossec.net
Packager: Michael Williams (maverick at maverick.org)
diff --git a/contrib/specs/local/._ossec-hids-local.spec b/contrib/specs/local/._ossec-hids-local.spec
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/specs/local/._ossec-hids-local.spec and /dev/null differ
diff --git a/contrib/specs/local/._preloaded-vars.conf b/contrib/specs/local/._preloaded-vars.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/specs/local/._preloaded-vars.conf and /dev/null differ
diff --git a/contrib/specs/local/ossec-hids-local.spec b/contrib/specs/local/ossec-hids-local.spec
index 63373c6..7068b66 100644
--- a/contrib/specs/local/ossec-hids-local.spec
+++ b/contrib/specs/local/ossec-hids-local.spec
@@ -17,7 +17,7 @@ Summary: Open Source Host-based Intrusion Detection System (Server)
Name: ossec-hids-local-FC7
Version: 1.3
Release: 1
-License: GPLv3
+License: GPLv2
Group: Applications/Security
URL: http://www.ossec.net
Packager: Michael Williams (maverick at maverick.org)
diff --git a/contrib/specs/server/._ossec-hids-server.spec b/contrib/specs/server/._ossec-hids-server.spec
deleted file mode 100644
index 48cbba1..0000000
Binary files a/contrib/specs/server/._ossec-hids-server.spec and /dev/null differ
diff --git a/contrib/specs/server/._preloaded-vars.conf b/contrib/specs/server/._preloaded-vars.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/contrib/specs/server/._preloaded-vars.conf and /dev/null differ
diff --git a/contrib/specs/server/ossec-hids-server.spec b/contrib/specs/server/ossec-hids-server.spec
index 9fa7170..8e70b59 100644
--- a/contrib/specs/server/ossec-hids-server.spec
+++ b/contrib/specs/server/ossec-hids-server.spec
@@ -17,7 +17,7 @@ Summary: Open Source Host-based Intrusion Detection System (Server)
Name: ossec-hids-server-FC7
Version: 1.3
Release: 1
-License: GPLv3
+License: GPLv2
Group: Applications/Security
URL: http://www.ossec.net
Packager: Michael Williams (maverick at maverick.org)
diff --git a/doc/._README.config b/doc/._README.config
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._README.config and /dev/null differ
diff --git a/doc/._active-response-internal.txt b/doc/._active-response-internal.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._active-response-internal.txt and /dev/null differ
diff --git a/doc/._active-response.txt b/doc/._active-response.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._active-response.txt and /dev/null differ
diff --git a/doc/._logs.txt b/doc/._logs.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._logs.txt and /dev/null differ
diff --git a/doc/._manage_agents.txt b/doc/._manage_agents.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._manage_agents.txt and /dev/null differ
diff --git a/doc/._manager.txt b/doc/._manager.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._manager.txt and /dev/null differ
diff --git a/doc/._nmap.txt b/doc/._nmap.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._nmap.txt and /dev/null differ
diff --git a/doc/._rootcheck.txt b/doc/._rootcheck.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._rootcheck.txt and /dev/null differ
diff --git a/doc/._rule_ids.txt b/doc/._rule_ids.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._rule_ids.txt and /dev/null differ
diff --git a/doc/._rules.txt b/doc/._rules.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/._rules.txt and /dev/null differ
diff --git a/doc/br/._INSTALL.br b/doc/br/._INSTALL.br
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._INSTALL.br and /dev/null differ
diff --git a/doc/br/._README.config b/doc/br/._README.config
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._README.config and /dev/null differ
diff --git a/doc/br/._TRANSLATION b/doc/br/._TRANSLATION
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._TRANSLATION and /dev/null differ
diff --git a/doc/br/._active-response-internal.txt b/doc/br/._active-response-internal.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._active-response-internal.txt and /dev/null differ
diff --git a/doc/br/._active-response.txt b/doc/br/._active-response.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._active-response.txt and /dev/null differ
diff --git a/doc/br/._logs.txt b/doc/br/._logs.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._logs.txt and /dev/null differ
diff --git a/doc/br/._manager.txt b/doc/br/._manager.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._manager.txt and /dev/null differ
diff --git a/doc/br/._rootcheck.txt b/doc/br/._rootcheck.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._rootcheck.txt and /dev/null differ
diff --git a/doc/br/._rule_ids.txt b/doc/br/._rule_ids.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._rule_ids.txt and /dev/null differ
diff --git a/doc/br/._rules.txt b/doc/br/._rules.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/br/._rules.txt and /dev/null differ
diff --git a/doc/pl/._INSTALL.pl b/doc/pl/._INSTALL.pl
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._INSTALL.pl and /dev/null differ
diff --git a/doc/pl/._README.config b/doc/pl/._README.config
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._README.config and /dev/null differ
diff --git a/doc/pl/._TRANSLATION b/doc/pl/._TRANSLATION
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._TRANSLATION and /dev/null differ
diff --git a/doc/pl/._active-response-internal.txt b/doc/pl/._active-response-internal.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._active-response-internal.txt and /dev/null differ
diff --git a/doc/pl/._active-response.txt b/doc/pl/._active-response.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._active-response.txt and /dev/null differ
diff --git a/doc/pl/._logs.txt b/doc/pl/._logs.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._logs.txt and /dev/null differ
diff --git a/doc/pl/._manager.txt b/doc/pl/._manager.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._manager.txt and /dev/null differ
diff --git a/doc/pl/._rootcheck.txt b/doc/pl/._rootcheck.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._rootcheck.txt and /dev/null differ
diff --git a/doc/pl/._rule_ids.txt b/doc/pl/._rule_ids.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._rule_ids.txt and /dev/null differ
diff --git a/doc/pl/._rules.txt b/doc/pl/._rules.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/doc/pl/._rules.txt and /dev/null differ
diff --git a/etc/._decoder.xml b/etc/._decoder.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._decoder.xml and /dev/null differ
diff --git a/etc/._internal_options.conf b/etc/._internal_options.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._internal_options.conf and /dev/null differ
diff --git a/etc/._ossec-agent.conf b/etc/._ossec-agent.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._ossec-agent.conf and /dev/null differ
diff --git a/etc/._ossec-local.conf b/etc/._ossec-local.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._ossec-local.conf and /dev/null differ
diff --git a/etc/._ossec-server.conf b/etc/._ossec-server.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._ossec-server.conf and /dev/null differ
diff --git a/etc/._ossec.conf b/etc/._ossec.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._ossec.conf and /dev/null differ
diff --git a/etc/._preloaded-vars.conf b/etc/._preloaded-vars.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/._preloaded-vars.conf and /dev/null differ
diff --git a/etc/decoder.xml b/etc/decoder.xml
index 669508e..566f8f9 100755
--- a/etc/decoder.xml
+++ b/etc/decoder.xml
@@ -464,7 +464,7 @@
<decoder name="proftpd-ip">
<parent>proftpd</parent>
- <regex>^\S+ \(\S+[(\S+)]\)</regex>
+ <regex>^\S+ \(\S+[(\S+)]\)|^\S+ \(\S+[::ffff:(\S+)]\)</regex>
<order>srcip</order>
</decoder>
@@ -498,6 +498,19 @@
<order>user,srcip</order>
</decoder>
+<!-- Pure-FTPd transfer log decoder
+ - Examples from ossec-list:
+ - example.com - user1 [11/Mar/2013:12:10:23 -0000] "PUT /ftpdrive/user1/FinalBackup.zip" 200 25268220
+ - example.com - user1 [11/Mar/2013:12:24:57 -0000] "GET /ftpdrive/user1/FinalBackup.zip" 200 25268220
+ -->
+
+<decoder name="pure-transfer">
+ <prematch>^\S+ - \S+ [\d\d/\S\S\S/\d\d\d\d:\d\d:\d\d:\d\d -\d\d\d\d] </prematch>
+ <regex>^(\S+) - (\S+) [\d\d/\S\S\S/\d\d\d\d:\d\d:\d\d:\d\d -\d\d\d\d] "(\S+) (\.+) (\d+) \d+$</regex>
+ <order>extra_data,dstuser,action,url,status</order>
+</decoder>
+
+
<!-- vsftpd decoder.
@@ -703,7 +716,7 @@
- Nov 24 18:18:28 gandalf pop3d: LOGIN FAILED, ip=[::ffff:1.2.3.4]
-->
<decoder name="courier">
- <program_name>^pop3d|^courierpop3login|^imaplogin</program_name>
+ <program_name>^pop3d|^courierpop3login|^imaplogin|^courier-pop3|^courier-imap</program_name>
</decoder>
<decoder name="courier-login">
@@ -715,7 +728,7 @@
<decoder name="courier-generic">
<parent>courier</parent>
- <regex>, ip=[(\S+\d)]$</regex>
+ <regex>, ip=[(\S+\d)]$|, ip=[::ffff:(\S+\d)]$</regex>
<order>srcip</order>
</decoder>
@@ -1849,9 +1862,9 @@ Sat May 7 03:27:57 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh del
-->
<decoder name="ar_log">
- <prematch>^Mon|^Tue|^Wed|^Thu|^Fri|^Sat|^Sun \S+\s+\d+ \d\d:\d\d:\d\d \S+ \d+ /\.+/active-response</prematch>
- <regex offset="after_prematch">/bin/(\S+) (\S+) - (\S+) (\d+.\d+) (\d+)</regex>
- <order>action, status, srcip, id, extra_data</order>
+ <prematch>^\w\w\w \w+\s+\d+ \d\d:\d\d:\d\d \w+ \d+ /\S+/active-response</prematch>
+ <regex offset="after_prematch">/bin/(\S+) (\S+) - (\S+) (\d+.\d+) (\d+)</regex>
+ <order>action, status, srcip, id, extra_data</order>
</decoder>
<!-- Zeus decoder.
@@ -2366,67 +2379,95 @@ type=PATH msg=audit(1273924468.947:179534): item=0 name=(null) inode=424783 dev=
</decoder>
<!-- SELinux -->
- <decoder name="auditd-selinux">
- <parent>auditd</parent>
- <prematch offset="after_parent">^AVC </prematch>
- <regex offset="after_parent">^(AVC) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): avc: (\S+) { \.+ } for pid=\d+ comm="(\S+)" path="\S+" dev=\S+ ino=\d+ scontext=\S+ tcontext=\S+ tclass=\S+$</regex>
- <order>action,id,status,extra_data</order>
- </decoder>
+<decoder name="auditd-selinux">
+ <parent>auditd</parent>
+ <prematch offset="after_parent">^AVC </prematch>
+ <regex offset="after_parent">^(AVC) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): avc: (\S+) { \.+ } for pid=\d+ comm="(\S+)" path="\S+" dev=\S+ ino=\d+ scontext=\S+ tcontext=\S+ tclass=\S+$</regex>
+ <order>action,id,status,extra_data</order>
+</decoder>
<!-- syscall -->
- <decoder name="auditd-syscall">
- <parent>auditd</parent>
- <prematch offset="after_parent">^SYSCALL </prematch>
- <regex offset="after_parent">^(SYSCALL) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): arch=\w+ syscall=\d+ success=(\S+) exit=\S+ a0=\w+ a1=\w+ a2=\w+ a3=\w+ items=\d+ ppid=\d+ pid=\d+ auid=\d+ uid=\d+ gid=\d+ euid=\d+ suid=\d+ fsuid=\d+ egid=\d+ sgid=\d+ fsgid=\d+ tty=\S+ ses=\d+ comm="\S+" exe="(\.+)"</regex>
- <order>action,id,status,extra_data</order>
- </decoder>
+<decoder name="auditd-syscall">
+ <parent>auditd</parent>
+ <prematch offset="after_parent">^SYSCALL </prematch>
+ <regex offset="after_parent">^(SYSCALL) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): arch=\w+ syscall=\d+ success=(\S+) exit=\S+ a0=\w+ a1=\w+ a2=\w+ a3=\w+ items=\d+ ppid=\d+ pid=\d+ auid=\d+ uid=\d+ gid=\d+ euid=\d+ suid=\d+ fsuid=\d+ egid=\d+ sgid=\d+ fsgid=\d+ tty=\S+ ses=\d+ comm="\S+" exe="(\.+)"</regex>
+ <order>action,id,status,extra_data</order>
+</decoder>
<!-- config -->
- <decoder name="auditd-config">
- <parent>auditd</parent>
- <prematch offset="after_parent">^CONFIG_CHANGE </prematch>
- <regex offset="after_parent">^(CONFIG_CHANGE) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): auid=\d+ ses=\d+ op="\.+" path="(\.+)" key="\S+" list=\d+ res=\d+$</regex>
- <order>action,id,extra_data</order>
- </decoder>
+<decoder name="auditd-config">
+ <parent>auditd</parent>
+ <prematch offset="after_parent">^CONFIG_CHANGE </prematch>
+ <regex offset="after_parent">^(CONFIG_CHANGE) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): auid=\d+ ses=\d+ op="\.+" path="(\.+)" key="\S+" list=\d+ res=\d+$</regex>
+ <order>action,id,extra_data</order>
+</decoder>
<!-- path (will only decode if name is not null)-->
- <decoder name="auditd-path">
- <parent>auditd</parent>
- <prematch offset="after_parent">^PATH </prematch>
- <regex offset="after_parent">^(PATH) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): item=\d+ name="(\.+)" inode=\d+ dev=\S+ mode=\d+ ouid=\d+ ogid=\d+ rdev=\S+</regex>
- <order>action,id,extra_data</order>
- </decoder>
+<decoder name="auditd-path">
+ <parent>auditd</parent>
+ <prematch offset="after_parent">^PATH </prematch>
+ <regex offset="after_parent">^(PATH) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): item=\d+ name="(\.+)" inode=\d+ dev=\S+ mode=\d+ ouid=\d+ ogid=\d+ rdev=\S+</regex>
+ <order>action,id,extra_data</order>
+</decoder>
<!-- user-related -->
- <decoder name="auditd-user">
- <parent>auditd</parent>
- <regex offset="after_parent">^(USER_\S+) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): user pid=\d+ uid=\d+ auid=\d+|</regex>
- <regex>^(CRED_\S+) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): user pid=\d+ uid=\d+ auid=\d+</regex>
- <order>action,id</order>
- </decoder>
-
- <decoder name="auditd-user">
- <parent>auditd</parent>
- <regex offset="after_regex"> acct="(\.+)" : exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+$</regex>
- <order>user,extra_data,srcip</order>
- </decoder>
-
- <decoder name="auditd-user">
- <parent>auditd</parent>
- <regex offset="after_regex"> ses=\d+ subj=\S+ msg='\.+ acct="(\.+)" exe="(\.+)" hostname=\S+ addr=(\S+) terminal=\S+ res=(\S+)$</regex>
- <order>user,extra_data,srcip,status</order>
- </decoder>
-
- <decoder name="auditd-user">
- <parent>auditd</parent>
- <regex offset="after_regex"> subj=\S+ msg='\.+ acct="(\.+)" \p*\s*exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+ res=(\S+)\)'$</regex>
- <order>user,extra_data,srcip,status</order>
- </decoder>
-
- <decoder name="auditd-user">
- <parent>auditd</parent>
- <regex offset="after_regex"> subj=\S+ msg='\.+ exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+ res=(\S+)\)'$</regex>
- <order>extra_data,srcip,status</order>
- </decoder>
+<decoder name="auditd-user">
+ <parent>auditd</parent>
+ <regex offset="after_parent">^(USER_\S+) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): user pid=\d+ uid=\d+ auid=\d+|</regex>
+ <regex>^(CRED_\S+) msg=audit\(\d\d\d\d\d\d\d\d\d\d.\d\d\d:(\d+)\): user pid=\d+ uid=\d+ auid=\d+</regex>
+ <order>action,id</order>
+</decoder>
+
+<decoder name="auditd-user">
+ <parent>auditd</parent>
+ <regex offset="after_regex"> acct="(\.+)" : exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+$</regex>
+ <order>user,extra_data,srcip</order>
+</decoder>
+
+<decoder name="auditd-user">
+ <parent>auditd</parent>
+ <regex offset="after_regex"> ses=\d+ subj=\S+ msg='\.+ acct="(\.+)" exe="(\.+)" hostname=\S+ addr=(\S+) terminal=\S+ res=(\S+)$</regex>
+ <order>user,extra_data,srcip,status</order>
+</decoder>
+
+<decoder name="auditd-user">
+ <parent>auditd</parent>
+ <regex offset="after_regex"> subj=\S+ msg='\.+ acct="(\.+)" \p*\s*exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+ res=(\S+)\)'$</regex>
+ <order>user,extra_data,srcip,status</order>
+</decoder>
+
+<decoder name="auditd-user">
+ <parent>auditd</parent>
+ <regex offset="after_regex"> subj=\S+ msg='\.+ exe="(\.+)" \(hostname=\S+, addr=(\S+), terminal=\S+ res=(\S+)\)'$</regex>
+ <order>extra_data,srcip,status</order>
+</decoder>
+
+<!--
+mptscsih \ mptbase decoder
+
+Description: module for SCSI controllers.
+
+Examples:
+[ 5008.286061] mptscsih: ioc0: task abort: FAILED (rv=2003) (sc=ffff88007a8a9f00)
+
+[ 6498.769248] mptbase: ioc0: RAID STATUS CHANGE for PhysDisk 1 id=8
+[ 6498.769252] mptbase: ioc0: PhysDisk is now failed, out of sync
+
+[ 6498.775783] mptbase: ioc0: RAID STATUS CHANGE for VolumeID 0
+[ 6498.775788] mptbase: ioc0: volume is now degraded, enabled
+-->
+<decoder name="mptscsih-1">
+ <parent>iptables</parent>
+ <prematch>^[\s\d+.\d+] mptscsih: </prematch>
+ <regex>^[\s\d+.\d+] (\w+): (\w+): task abort: (\w+)</regex>
+ <order>id,data,status</order>
+</decoder>
+
+<decoder name="mptbase-1">
+ <parent>iptables</parent>
+ <prematch>^[\s\d+.\d+] mptbase: </prematch>
+ <regex>^[\s\d+.\d+] (\w+): (\w+):\s+\w+ is now (\w+)\p\s(\D+)$</regex>
+ <order>id,data,action,status</order>
+</decoder>
<!-- EOF -->
diff --git a/etc/rules/._apache_rules.xml b/etc/rules/._apache_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._apache_rules.xml and /dev/null differ
diff --git a/etc/rules/._arpwatch_rules.xml b/etc/rules/._arpwatch_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._arpwatch_rules.xml and /dev/null differ
diff --git a/etc/rules/._asterisk_rules.xml b/etc/rules/._asterisk_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._asterisk_rules.xml and /dev/null differ
diff --git a/etc/rules/._attack_rules.xml b/etc/rules/._attack_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._attack_rules.xml and /dev/null differ
diff --git a/etc/rules/._bro-ids_rules.xml b/etc/rules/._bro-ids_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._bro-ids_rules.xml and /dev/null differ
diff --git a/etc/rules/._cimserver_rules.xml b/etc/rules/._cimserver_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._cimserver_rules.xml and /dev/null differ
diff --git a/etc/rules/._cisco-ios_rules.xml b/etc/rules/._cisco-ios_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._cisco-ios_rules.xml and /dev/null differ
diff --git a/etc/rules/._clam_av_rules.xml b/etc/rules/._clam_av_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._clam_av_rules.xml and /dev/null differ
diff --git a/etc/rules/._courier_rules.xml b/etc/rules/._courier_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._courier_rules.xml and /dev/null differ
diff --git a/etc/rules/._dovecot_rules.xml b/etc/rules/._dovecot_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._dovecot_rules.xml and /dev/null differ
diff --git a/etc/rules/._dropbear_rules.xml b/etc/rules/._dropbear_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._dropbear_rules.xml and /dev/null differ
diff --git a/etc/rules/._firewall_rules.xml b/etc/rules/._firewall_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._firewall_rules.xml and /dev/null differ
diff --git a/etc/rules/._ftpd_rules.xml b/etc/rules/._ftpd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ftpd_rules.xml and /dev/null differ
diff --git a/etc/rules/._hordeimp_rules.xml b/etc/rules/._hordeimp_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._hordeimp_rules.xml and /dev/null differ
diff --git a/etc/rules/._ids_rules.xml b/etc/rules/._ids_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ids_rules.xml and /dev/null differ
diff --git a/etc/rules/._imapd_rules.xml b/etc/rules/._imapd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._imapd_rules.xml and /dev/null differ
diff --git a/etc/rules/._local_rules.xml b/etc/rules/._local_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._local_rules.xml and /dev/null differ
diff --git a/etc/rules/._mailscanner_rules.xml b/etc/rules/._mailscanner_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._mailscanner_rules.xml and /dev/null differ
diff --git a/etc/rules/._mcafee_av_rules.xml b/etc/rules/._mcafee_av_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._mcafee_av_rules.xml and /dev/null differ
diff --git a/etc/rules/._ms-exchange_rules.xml b/etc/rules/._ms-exchange_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ms-exchange_rules.xml and /dev/null differ
diff --git a/etc/rules/._ms-se_rules.xml b/etc/rules/._ms-se_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ms-se_rules.xml and /dev/null differ
diff --git a/etc/rules/._ms_dhcp_rules.xml b/etc/rules/._ms_dhcp_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._ms_dhcp_rules.xml and /dev/null differ
diff --git a/etc/rules/._ms_ftpd_rules.xml b/etc/rules/._ms_ftpd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ms_ftpd_rules.xml and /dev/null differ
diff --git a/etc/rules/._msauth_rules.xml b/etc/rules/._msauth_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._msauth_rules.xml and /dev/null differ
diff --git a/etc/rules/._mysql_rules.xml b/etc/rules/._mysql_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._mysql_rules.xml and /dev/null differ
diff --git a/etc/rules/._named_rules.xml b/etc/rules/._named_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._named_rules.xml and /dev/null differ
diff --git a/etc/rules/._netscreenfw_rules.xml b/etc/rules/._netscreenfw_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._netscreenfw_rules.xml and /dev/null differ
diff --git a/etc/rules/._nginx_rules.xml b/etc/rules/._nginx_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._nginx_rules.xml and /dev/null differ
diff --git a/etc/rules/._openbsd_rules.xml b/etc/rules/._openbsd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._openbsd_rules.xml and /dev/null differ
diff --git a/etc/rules/._ossec_rules.xml b/etc/rules/._ossec_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._ossec_rules.xml and /dev/null differ
diff --git a/etc/rules/._pam_rules.xml b/etc/rules/._pam_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._pam_rules.xml and /dev/null differ
diff --git a/etc/rules/._php_rules.xml b/etc/rules/._php_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._php_rules.xml and /dev/null differ
diff --git a/etc/rules/._pix_rules.xml b/etc/rules/._pix_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._pix_rules.xml and /dev/null differ
diff --git a/etc/rules/._policy_rules.xml b/etc/rules/._policy_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._policy_rules.xml and /dev/null differ
diff --git a/etc/rules/._postfix_rules.xml b/etc/rules/._postfix_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._postfix_rules.xml and /dev/null differ
diff --git a/etc/rules/._postgresql_rules.xml b/etc/rules/._postgresql_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._postgresql_rules.xml and /dev/null differ
diff --git a/etc/rules/._proftpd_rules.xml b/etc/rules/._proftpd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._proftpd_rules.xml and /dev/null differ
diff --git a/etc/rules/._pure-ftpd_rules.xml b/etc/rules/._pure-ftpd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._pure-ftpd_rules.xml and /dev/null differ
diff --git a/etc/rules/._racoon_rules.xml b/etc/rules/._racoon_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._racoon_rules.xml and /dev/null differ
diff --git a/etc/rules/._roundcube_rules.xml b/etc/rules/._roundcube_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._roundcube_rules.xml and /dev/null differ
diff --git a/etc/rules/._rules_config.xml b/etc/rules/._rules_config.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._rules_config.xml and /dev/null differ
diff --git a/etc/rules/._sendmail_rules.xml b/etc/rules/._sendmail_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._sendmail_rules.xml and /dev/null differ
diff --git a/etc/rules/._smbd_rules.xml b/etc/rules/._smbd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._smbd_rules.xml and /dev/null differ
diff --git a/etc/rules/._solaris_bsm_rules.xml b/etc/rules/._solaris_bsm_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._solaris_bsm_rules.xml and /dev/null differ
diff --git a/etc/rules/._sonicwall_rules.xml b/etc/rules/._sonicwall_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._sonicwall_rules.xml and /dev/null differ
diff --git a/etc/rules/._spamd_rules.xml b/etc/rules/._spamd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._spamd_rules.xml and /dev/null differ
diff --git a/etc/rules/._squid_rules.xml b/etc/rules/._squid_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._squid_rules.xml and /dev/null differ
diff --git a/etc/rules/._sshd_rules.xml b/etc/rules/._sshd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._sshd_rules.xml and /dev/null differ
diff --git a/etc/rules/._symantec-av_rules.xml b/etc/rules/._symantec-av_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._symantec-av_rules.xml and /dev/null differ
diff --git a/etc/rules/._symantec-ws_rules.xml b/etc/rules/._symantec-ws_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._symantec-ws_rules.xml and /dev/null differ
diff --git a/etc/rules/._syslog_rules.xml b/etc/rules/._syslog_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._syslog_rules.xml and /dev/null differ
diff --git a/etc/rules/._telnetd_rules.xml b/etc/rules/._telnetd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._telnetd_rules.xml and /dev/null differ
diff --git a/etc/rules/._trend-osce_rules.xml b/etc/rules/._trend-osce_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._trend-osce_rules.xml and /dev/null differ
diff --git a/etc/rules/._vmpop3d_rules.xml b/etc/rules/._vmpop3d_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._vmpop3d_rules.xml and /dev/null differ
diff --git a/etc/rules/._vmware_rules.xml b/etc/rules/._vmware_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._vmware_rules.xml and /dev/null differ
diff --git a/etc/rules/._vpn_concentrator_rules.xml b/etc/rules/._vpn_concentrator_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._vpn_concentrator_rules.xml and /dev/null differ
diff --git a/etc/rules/._vpopmail_rules.xml b/etc/rules/._vpopmail_rules.xml
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/._vpopmail_rules.xml and /dev/null differ
diff --git a/etc/rules/._vsftpd_rules.xml b/etc/rules/._vsftpd_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._vsftpd_rules.xml and /dev/null differ
diff --git a/etc/rules/._web_appsec_rules.xml b/etc/rules/._web_appsec_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._web_appsec_rules.xml and /dev/null differ
diff --git a/etc/rules/._web_rules.xml b/etc/rules/._web_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._web_rules.xml and /dev/null differ
diff --git a/etc/rules/._wordpress_rules.xml b/etc/rules/._wordpress_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._wordpress_rules.xml and /dev/null differ
diff --git a/etc/rules/._zeus_rules.xml b/etc/rules/._zeus_rules.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/._zeus_rules.xml and /dev/null differ
diff --git a/etc/rules/log-entries/._101 b/etc/rules/log-entries/._101
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._101 and /dev/null differ
diff --git a/etc/rules/log-entries/._1101 b/etc/rules/log-entries/._1101
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1101 and /dev/null differ
diff --git a/etc/rules/log-entries/._1301_1302_1303 b/etc/rules/log-entries/._1301_1302_1303
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1301_1302_1303 and /dev/null differ
diff --git a/etc/rules/log-entries/._1401 b/etc/rules/log-entries/._1401
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1401 and /dev/null differ
diff --git a/etc/rules/log-entries/._1402 b/etc/rules/log-entries/._1402
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1402 and /dev/null differ
diff --git a/etc/rules/log-entries/._1602 b/etc/rules/log-entries/._1602
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1602 and /dev/null differ
diff --git a/etc/rules/log-entries/._1603 b/etc/rules/log-entries/._1603
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1603 and /dev/null differ
diff --git a/etc/rules/log-entries/._1607 b/etc/rules/log-entries/._1607
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1607 and /dev/null differ
diff --git a/etc/rules/log-entries/._1609 b/etc/rules/log-entries/._1609
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1609 and /dev/null differ
diff --git a/etc/rules/log-entries/._1901 b/etc/rules/log-entries/._1901
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1901 and /dev/null differ
diff --git a/etc/rules/log-entries/._1902 b/etc/rules/log-entries/._1902
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1902 and /dev/null differ
diff --git a/etc/rules/log-entries/._1903 b/etc/rules/log-entries/._1903
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1903 and /dev/null differ
diff --git a/etc/rules/log-entries/._1905 b/etc/rules/log-entries/._1905
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._1905 and /dev/null differ
diff --git a/etc/rules/log-entries/._201 b/etc/rules/log-entries/._201
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._201 and /dev/null differ
diff --git a/etc/rules/log-entries/._202 b/etc/rules/log-entries/._202
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._202 and /dev/null differ
diff --git a/etc/rules/log-entries/._204 b/etc/rules/log-entries/._204
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._204 and /dev/null differ
diff --git a/etc/rules/log-entries/._2501 b/etc/rules/log-entries/._2501
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._2501 and /dev/null differ
diff --git a/etc/rules/log-entries/._2601 b/etc/rules/log-entries/._2601
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._2601 and /dev/null differ
diff --git a/etc/rules/log-entries/._301 b/etc/rules/log-entries/._301
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._301 and /dev/null differ
diff --git a/etc/rules/log-entries/._401 b/etc/rules/log-entries/._401
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._401 and /dev/null differ
diff --git a/etc/rules/log-entries/._403 b/etc/rules/log-entries/._403
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._403 and /dev/null differ
diff --git a/etc/rules/log-entries/._408 b/etc/rules/log-entries/._408
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._408 and /dev/null differ
diff --git a/etc/rules/log-entries/._409 b/etc/rules/log-entries/._409
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._409 and /dev/null differ
diff --git a/etc/rules/log-entries/._access-control b/etc/rules/log-entries/._access-control
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._access-control and /dev/null differ
diff --git a/etc/rules/log-entries/._apache-error.logs b/etc/rules/log-entries/._apache-error.logs
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._apache-error.logs and /dev/null differ
diff --git a/etc/rules/log-entries/._cisco-ios-ids b/etc/rules/log-entries/._cisco-ios-ids
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._cisco-ios-ids and /dev/null differ
diff --git a/etc/rules/log-entries/._ciscoios b/etc/rules/log-entries/._ciscoios
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._ciscoios and /dev/null differ
diff --git a/etc/rules/log-entries/._ftpd b/etc/rules/log-entries/._ftpd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._ftpd and /dev/null differ
diff --git a/etc/rules/log-entries/._iis6 b/etc/rules/log-entries/._iis6
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._iis6 and /dev/null differ
diff --git a/etc/rules/log-entries/._imapd b/etc/rules/log-entries/._imapd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._imapd and /dev/null differ
diff --git a/etc/rules/log-entries/._kernel b/etc/rules/log-entries/._kernel
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._kernel and /dev/null differ
diff --git a/etc/rules/log-entries/._mail-alerts b/etc/rules/log-entries/._mail-alerts
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._mail-alerts and /dev/null differ
diff --git a/etc/rules/log-entries/._mail-errors b/etc/rules/log-entries/._mail-errors
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._mail-errors and /dev/null differ
diff --git a/etc/rules/log-entries/._ns1 b/etc/rules/log-entries/._ns1
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._ns1 and /dev/null differ
diff --git a/etc/rules/log-entries/._proftpd b/etc/rules/log-entries/._proftpd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._proftpd and /dev/null differ
diff --git a/etc/rules/log-entries/._smbd b/etc/rules/log-entries/._smbd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._smbd and /dev/null differ
diff --git a/etc/rules/log-entries/._spamd b/etc/rules/log-entries/._spamd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._spamd and /dev/null differ
diff --git a/etc/rules/log-entries/._sshd b/etc/rules/log-entries/._sshd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._sshd and /dev/null differ
diff --git a/etc/rules/log-entries/._symantecws b/etc/rules/log-entries/._symantecws
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._symantecws and /dev/null differ
diff --git a/etc/rules/log-entries/._telnetd b/etc/rules/log-entries/._telnetd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._telnetd and /dev/null differ
diff --git a/etc/rules/log-entries/._unkown b/etc/rules/log-entries/._unkown
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._unkown and /dev/null differ
diff --git a/etc/rules/log-entries/._vpn.log b/etc/rules/log-entries/._vpn.log
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._vpn.log and /dev/null differ
diff --git a/etc/rules/log-entries/._vpopmail b/etc/rules/log-entries/._vpopmail
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._vpopmail and /dev/null differ
diff --git a/etc/rules/log-entries/._worms b/etc/rules/log-entries/._worms
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._worms and /dev/null differ
diff --git a/etc/rules/log-entries/._xferlog b/etc/rules/log-entries/._xferlog
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/log-entries/._xferlog and /dev/null differ
diff --git a/etc/rules/nginx_rules.xml b/etc/rules/nginx_rules.xml
index d51615d..855a605 100755
--- a/etc/rules/nginx_rules.xml
+++ b/etc/rules/nginx_rules.xml
@@ -70,6 +70,12 @@
<group>authentication_failures,</group>
</rule>
+ <rule id="31317" level="0">
+ <if_sid>31303</if_sid>
+ <match>failed (2: No such file or directory</match>
+ <description>Common cache error when files were removed.</description>
+ </rule>
+
<rule id="31320" level="10">
<if_sid>31303</if_sid>
<match>failed (63: File name too long)</match>
diff --git a/etc/rules/openbsd_rules.xml b/etc/rules/openbsd_rules.xml
index d2f458d..171b7a0 100755
--- a/etc/rules/openbsd_rules.xml
+++ b/etc/rules/openbsd_rules.xml
@@ -185,13 +185,13 @@
<description>Duplicate IPv6 address.</description>
</rule>
- <rule id="51528" level="0">
+ <rule id="51529" level="0">
<decoded_as>bsd_kernel</decoded_as>
<match>failed loadfirmware of file</match>
<description>Could not load a firmware.</description>
</rule>
- <rule id="51529" level="0">
+ <rule id="51530" level="0">
<program_name>^hotplugd</program_name>
<match>Permission denied$</match>
<description>hotplugd could not open a file.</description>
diff --git a/etc/rules/pure-ftpd_rules.xml b/etc/rules/pure-ftpd_rules.xml
index 38c3246..8d9e1ff 100755
--- a/etc/rules/pure-ftpd_rules.xml
+++ b/etc/rules/pure-ftpd_rules.xml
@@ -59,10 +59,31 @@
</rule>
<rule id="11309" level="3">
- <match>[INFO] \S+ is now logged in</match>
+ <if_sid>11300</if_sid>
+ <match>[INFO] \S+ is now logged in| is now logged in</match>
<description>FTP Authentication success.</description>
<group>authentication_success,</group>
</rule>
+
+ <rule id="11310" level="0">
+ <decoded_as>pure-transfer</decoded_as>
+ <description>Rule grouping for pure ftpd transfers.</description>
+ </rule>
+
+ <rule id="11311" level="0">
+ <if_sid>11310</if_sid>
+ <action>PUT</action>
+ <description>File added to ftpd.</description>
+ </rule>
+
+ <rule id="11312" level="0">
+ <if_sid>11310</if_sid>
+ <action>GET</action>
+ <description>File retrieved from ftpd.</description>
+ </rule>
+
+
+
</group> <!-- SYSLOG,PURE-FTPD -->
diff --git a/etc/rules/syslog_rules.xml b/etc/rules/syslog_rules.xml
index 80a00ee..a385e43 100755
--- a/etc/rules/syslog_rules.xml
+++ b/etc/rules/syslog_rules.xml
@@ -617,6 +617,38 @@
<group>config_changed,</group>
<description>Yum package deleted.</description>
</rule>
+
+ <!-- SCSI CONTROLLER -->
+ <rule id="2935" level="0" noalert="1">
+ <if_sid>5100</if_sid>
+ <id>mptscsih</id>
+ <description>Grouping for the mptscrih rules.</description>
+ </rule>
+
+ <rule id="2936" level="0" noalert="1">
+ <if_sid>5100</if_sid>
+ <id>mptbase</id>
+ <description>Grouping for the mptbase rules.</description>
+ </rule>
+
+ <rule id="2937" level="12">
+ <if_sid>2935</if_sid>
+ <status>FAILED</status>
+ <description>Posible Disk failure. SCSI controller error.</description>
+ </rule>
+
+ <rule id="2938" level="12">
+ <if_sid>2936</if_sid>
+ <action>failed</action>
+ <description>SCSI RAID ARRAY ERROR, drive failed.</description>
+ </rule>
+
+ <rule id="2939" level="12">
+ <if_sid>2936</if_sid>
+ <action>degraded</action>
+ <description>SCSI RAID is now in a degraded status.</description>
+ </rule>
+
</group>
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_da.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_da.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_da.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_de.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_de.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_de.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_en.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_en.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_en.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_es.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_es.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_es.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr_funny.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr_funny.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_fr_funny.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_it.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_it.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_it.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_nl.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_nl.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_nl.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_no.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_no.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_no.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_pt_br.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_pt_br.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_pt_br.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_ro.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_ro.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_ro.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sk.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sk.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sk.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sv.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sv.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_sv.xml and /dev/null differ
diff --git a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_tr.xml b/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_tr.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/rules/translated/pure_ftpd/._pure-ftpd_rules_tr.xml and /dev/null differ
diff --git a/etc/rules/web_appsec_rules.xml b/etc/rules/web_appsec_rules.xml
index e3d9aaa..3f405c0 100755
--- a/etc/rules/web_appsec_rules.xml
+++ b/etc/rules/web_appsec_rules.xml
@@ -56,7 +56,7 @@
<rule id="31504" level="6">
<if_sid>31100</if_sid>
<url>login.php</url>
- <regex> "GET /\S+/admin/file_manager.php/login.php</regex>
+ <regex>/admin/\w+.php/login.php</regex>
<description>osCommerce file manager login.php bypass attempt.</description>
</rule>
@@ -88,23 +88,23 @@
<!-- BAD/Annoying user agents -->
<rule id="31508" level="6">
<if_sid>31100</if_sid>
- <match> "ZmEu"| "libwww-perl/</match>
+ <match> "ZmEu"| "libwww-perl/|"the beast"|"Morfeus|"ZmEu|"Nikto|"w3af.sourceforge.net|MJ12bot/v</match>
<description>Blacklisted user agent (known malicious user agent).</description>
</rule>
<!-- WordPress wp-login.php brute force -->
<rule id="31509" level="3">
<if_sid>31108</if_sid>
- <url>wp-login.php</url>
- <regex>] "POST \S+wp-login.php</regex>
- <description>WordPress login attempt.</description>
+ <url>wp-login.php|/administrator</url>
+ <regex>] "POST \S+wp-login.php| "POST /administrator</regex>
+ <description>CMS (WordPress or Joomla) login attempt.</description>
</rule>
<!-- If we see frequent wp-login POST's, it is likely a bot. -->
- <rule id="31510" level="6" frequency="4" timeframe="120" ignore="30">
+ <rule id="31510" level="8" frequency="6" timeframe="30">
<if_matched_sid>31509</if_matched_sid>
<same_source_ip />
- <description>WordPress wp-login.php brute force attempt.</description>
+ <description>CMS (WordPress or Joomla) brute force attempt.</description>
</rule>
<!-- Nothing wrong with wget per se, but it misses a lot of links
@@ -122,7 +122,7 @@
<if_sid>31100</if_sid>
<url>uploadify.php</url>
<regex> "GET /\S+/uploadify.php?src=http://\S+.php</regex>
- <description>TimThumb vulnerability exploit attempt.</description>
+ <description>Uploadify vulnerability exploit attempt.</description>
</rule>
<!-- BBS delete.php skin_path.
@@ -134,19 +134,58 @@
<description>BBS delete.php exploit attempt.</description>
</rule>
- <!-- Anomaly rules - Used on common web attacks -->
- <rule id="31550" level="6">
+ <!-- Simple shell.php command execution
+ -->
+ <rule id="31514" level="6">
<if_sid>31100</if_sid>
- <url>%00</url>
- <regex> "GET /\S+.php?\S+%00</regex>
- <description>Anomaly URL query (attempting to pass null termination).</description>
+ <url>shell.php</url>
+ <regex> "GET \S+/shell.php?cmd=</regex>
+ <description>Simple shell.php command execution.</description>
</rule>
+ <!-- PHPMyAdmin scans
+ -->
+ <rule id="31515" level="6">
+ <if_sid>31100</if_sid>
+ <url>phpMyAdmin/scripts/setup.php</url>
+ <description>PHPMyAdmin scans (looking for setup.php).</description>
+ </rule>
+ <!-- Suspicious URL's access
+ -->
+ <rule id="31516" level="6">
+ <if_sid>31100</if_sid>
+ <url>.swp$|.bak$|/.htaccess|/server-status|/.ssh|/.history</url>
+ <description>Suspicious URL access.</description>
+ </rule>
+ <!-- Checking POST requests - Too many in a small type = likely a bot -->
+ <rule id="31530" level="3">
+ <if_sid>31100</if_sid>
+ <match>] "POST </match>
+ <options>no_log</options>
+ <description>POST request received.</description>
+ </rule>
+ <rule id="31531" level="0">
+ <if_sid>31530</if_sid>
+ <url>/wp-admin/|/administrator/|/admin/</url>
+ <description>Ignoring often post requests inside /wp-admin and /admin.</description>
+ </rule>
+ <rule id="31533" level="10" timeframe="20" frequency="6">
+ <if_matched_sid>31530</if_matched_sid>
+ <same_source_ip />
+ <description>High amount of POST requests in a small period of time (likely bot).</description>
+ </rule>
+ <!-- Anomaly rules - Used on common web attacks -->
+ <rule id="31550" level="6">
+ <if_sid>31100</if_sid>
+ <url>%00</url>
+ <regex> "GET /\S+.php?\S+%00</regex>
+ <description>Anomaly URL query (attempting to pass null termination).</description>
+ </rule>
</group>
diff --git a/etc/rules/web_rules.xml b/etc/rules/web_rules.xml
index b35d899..bba91f4 100755
--- a/etc/rules/web_rules.xml
+++ b/etc/rules/web_rules.xml
@@ -1,4 +1,4 @@
-<!-- @(#) $Id: ./etc/rules/web_rules.xml, 2012/05/08 dcid Exp $
+<!-- @(#) $Id: ./etc/rules/web_rules.xml, 2013/02/28 dcid Exp $
-
- Official Web access rules for OSSEC.
@@ -36,14 +36,14 @@
<rule id="31102" level="0">
<if_sid>31101</if_sid>
- <url>.jpg$|.gif$|favicon.ico$|.png$|robots.txt$|.css$|.js$</url>
+ <url>.jpg$|.gif$|favicon.ico$|.png$|robots.txt$|.css$|.js$|.jpeg$</url>
<compiled_rule>is_simple_http_request</compiled_rule>
<description>Ignored extensions on 400 error codes.</description>
</rule>
<rule id="31103" level="6">
<if_sid>31100</if_sid>
- <url>='|select%20|select+|insert%20|%20from%20|%20where%20|union%20|</url>
+ <url>=select%20|select+|insert%20|%20from%20|%20where%20|union%20|</url>
<url>union+|where+|null,null|xp_cmdshell</url>
<description>SQL injection attempt.</description>
<group>attack,sql_injection,</group>
@@ -54,10 +54,10 @@
<!-- Attempt to do directory transversal, simple sql injections,
- or access to the etc or bin directory (unix). -->
- <url>%027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|..|</url>
- <url>cmd.exe|root.exe|_mem_bin|msadc|/winnt/|</url>
+ <url>%027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|</url>
+ <url>cmd.exe|root.exe|_mem_bin|msadc|/winnt/|/boot.ini|</url>
<url>/x90/|default.ida|/sumthin|nsiislog.dll|chmod%|wget%|cd%20|</url>
- <url>cat%20|exec%20|rm%20</url>
+ <url>exec%20|../..//|%5C../%5C|././././|2e%2e%5c%2e|\x5C\x5C</url>
<description>Common web attack.</description>
<group>attack,</group>
</rule>
@@ -86,7 +86,7 @@
<rule id="31109" level="6">
<if_sid>31100</if_sid>
- <url>+as+varchar(8000)</url>
+ <url>+as+varchar</url>
<regex>%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)</regex>
<description>MSSQL Injection attempt (/ur.php, urchin.js)</description>
<group>attack,</group>
@@ -102,13 +102,14 @@
<description>Ignored URLs for the web attacks</description>
</rule>
- <rule id="31115" level="13" maxsize="5900">
+ <rule id="31115" level="13" maxsize="7900">
<if_sid>31100</if_sid>
<description>URL too long. Higher than allowed on most </description>
<description>browsers. Possible attack.</description>
<group>invalid_access,</group>
</rule>
+
<!-- 500 error codes, server error
- http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
-->
@@ -147,8 +148,15 @@
<description>Ignoring google/msn/yahoo bots.</description>
</rule>
+ <!-- Ignoring nginx 499's -->
+ <rule id="31141" level="0">
+ <if_sid>31101</if_sid>
+ <id>^499</id>
+ <description>Ignored 499's on nginx.</description>
+ </rule>
+
- <rule id="31151" level="10" frequency="10" timeframe="120">
+ <rule id="31151" level="10" frequency="12" timeframe="90">
<if_matched_sid>31101</if_matched_sid>
<same_source_ip />
<description>Multiple web server 400 error codes </description>
@@ -179,24 +187,39 @@
<group>attack,</group>
</rule>
- <rule id="31161" level="10" frequency="8" timeframe="120">
+ <rule id="31161" level="10" frequency="12" timeframe="120">
<if_matched_sid>31121</if_matched_sid>
<same_source_ip />
<description>Multiple web server 501 error code (Not Implemented).</description>
<group>web_scan,recon,</group>
</rule>
- <rule id="31162" level="10" frequency="5" timeframe="120">
+ <rule id="31162" level="10" frequency="12" timeframe="120">
<if_matched_sid>31122</if_matched_sid>
<same_source_ip />
<description>Multiple web server 500 error code (Internal Error).</description>
<group>system_error,</group>
</rule>
- <rule id="31163" level="10" frequency="8" timeframe="120">
+ <rule id="31163" level="10" frequency="12" timeframe="120">
<if_matched_sid>31123</if_matched_sid>
<same_source_ip />
<description>Multiple web server 503 error code (Service unavailable).</description>
<group>web_scan,recon,</group>
</rule>
+
+ <rule id="31164" level="6">
+ <if_sid>31100</if_sid>
+ <url>=%27|select%2B|insert%2B|%2Bfrom%2B|%2Bwhere%2B|%2Bunion%2B</url>
+ <description>SQL injection attempt.</description>
+ <group>attack,sqlinjection,</group>
+ </rule>
+
+ <rule id="31165" level="6">
+ <if_sid>31100</if_sid>
+ <url>%EF%BC%87|%EF%BC%87|%EF%BC%87|%2531|%u0053%u0045</url>
+ <description>SQL injection attempt.</description>
+ <group>attack,sqlinjection,</group>
+ </rule>
+
</group> <!-- Web access log -->
diff --git a/etc/templates/br/._language.txt b/etc/templates/br/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/._language.txt and /dev/null differ
diff --git a/etc/templates/br/._messages.txt b/etc/templates/br/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/._messages.txt and /dev/null differ
diff --git a/etc/templates/br/errors/._0x1-location.txt b/etc/templates/br/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/br/errors/._0x2-beroot.txt b/etc/templates/br/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/br/errors/._0x3-dependencies.txt b/etc/templates/br/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/br/errors/._0x4-installtype.txt b/etc/templates/br/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/br/errors/._0x5-build.txt b/etc/templates/br/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x101-initial.txt b/etc/templates/br/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x102-installhelp.txt b/etc/templates/br/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x103-thanksforusing.txt b/etc/templates/br/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x104-client.txt b/etc/templates/br/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x105-noboot.txt b/etc/templates/br/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x106-logs.txt b/etc/templates/br/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x107-ar.txt b/etc/templates/br/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/br/messages/._0x108-ar-enabled.txt b/etc/templates/br/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/br/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/cn/._language.txt b/etc/templates/cn/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/._language.txt and /dev/null differ
diff --git a/etc/templates/cn/._messages.txt b/etc/templates/cn/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/._messages.txt and /dev/null differ
diff --git a/etc/templates/cn/errors/._0x1-location.txt b/etc/templates/cn/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/cn/errors/._0x2-beroot.txt b/etc/templates/cn/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/cn/errors/._0x3-dependencies.txt b/etc/templates/cn/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/cn/errors/._0x4-installtype.txt b/etc/templates/cn/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/cn/errors/._0x5-build.txt b/etc/templates/cn/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x101-initial.txt b/etc/templates/cn/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x102-installhelp.txt b/etc/templates/cn/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x103-thanksforusing.txt b/etc/templates/cn/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x104-client.txt b/etc/templates/cn/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x105-noboot.txt b/etc/templates/cn/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x106-logs.txt b/etc/templates/cn/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x107-ar.txt b/etc/templates/cn/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/cn/messages/._0x108-ar-enabled.txt b/etc/templates/cn/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/cn/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/config/._active-response.template b/etc/templates/config/._active-response.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._active-response.template and /dev/null differ
diff --git a/etc/templates/config/._apache-logs.template b/etc/templates/config/._apache-logs.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._apache-logs.template and /dev/null differ
diff --git a/etc/templates/config/._ar-disable-account.template b/etc/templates/config/._ar-disable-account.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._ar-disable-account.template and /dev/null differ
diff --git a/etc/templates/config/._ar-firewall-drop.template b/etc/templates/config/._ar-firewall-drop.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._ar-firewall-drop.template and /dev/null differ
diff --git a/etc/templates/config/._ar-host-deny.template b/etc/templates/config/._ar-host-deny.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._ar-host-deny.template and /dev/null differ
diff --git a/etc/templates/config/._ar-routenull.template b/etc/templates/config/._ar-routenull.template
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/templates/config/._ar-routenull.template and /dev/null differ
diff --git a/etc/templates/config/._pgsql-logs.template b/etc/templates/config/._pgsql-logs.template
deleted file mode 100644
index 48cbba1..0000000
Binary files a/etc/templates/config/._pgsql-logs.template and /dev/null differ
diff --git a/etc/templates/config/._rootcheck.template b/etc/templates/config/._rootcheck.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._rootcheck.template and /dev/null differ
diff --git a/etc/templates/config/._rules.template b/etc/templates/config/._rules.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._rules.template and /dev/null differ
diff --git a/etc/templates/config/._snort-logs.template b/etc/templates/config/._snort-logs.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._snort-logs.template and /dev/null differ
diff --git a/etc/templates/config/._syscheck.template b/etc/templates/config/._syscheck.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._syscheck.template and /dev/null differ
diff --git a/etc/templates/config/._syslog-logs.template b/etc/templates/config/._syslog-logs.template
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/config/._syslog-logs.template and /dev/null differ
diff --git a/etc/templates/de/._language.txt b/etc/templates/de/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/._language.txt and /dev/null differ
diff --git a/etc/templates/de/._messages.txt b/etc/templates/de/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/._messages.txt and /dev/null differ
diff --git a/etc/templates/de/errors/._0x1-location.txt b/etc/templates/de/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/de/errors/._0x2-beroot.txt b/etc/templates/de/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/de/errors/._0x3-dependencies.txt b/etc/templates/de/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/de/errors/._0x4-installtype.txt b/etc/templates/de/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/de/errors/._0x5-build.txt b/etc/templates/de/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x101-initial.txt b/etc/templates/de/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x102-installhelp.txt b/etc/templates/de/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x103-thanksforusing.txt b/etc/templates/de/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x104-client.txt b/etc/templates/de/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x105-noboot.txt b/etc/templates/de/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x106-logs.txt b/etc/templates/de/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x107-ar.txt b/etc/templates/de/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/de/messages/._0x108-ar-enabled.txt b/etc/templates/de/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/de/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/el/._language.txt b/etc/templates/el/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/._language.txt and /dev/null differ
diff --git a/etc/templates/el/._messages.txt b/etc/templates/el/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/._messages.txt and /dev/null differ
diff --git a/etc/templates/el/errors/._0x1-location.txt b/etc/templates/el/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/el/errors/._0x2-beroot.txt b/etc/templates/el/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/el/errors/._0x3-dependencies.txt b/etc/templates/el/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/el/errors/._0x4-installtype.txt b/etc/templates/el/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/el/errors/._0x5-build.txt b/etc/templates/el/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x101-initial.txt b/etc/templates/el/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x102-installhelp.txt b/etc/templates/el/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x103-thanksforusing.txt b/etc/templates/el/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x104-client.txt b/etc/templates/el/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x105-noboot.txt b/etc/templates/el/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x106-logs.txt b/etc/templates/el/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x107-ar.txt b/etc/templates/el/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/el/messages/._0x108-ar-enabled.txt b/etc/templates/el/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/el/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/en/._language.txt b/etc/templates/en/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/._language.txt and /dev/null differ
diff --git a/etc/templates/en/._messages.txt b/etc/templates/en/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/._messages.txt and /dev/null differ
diff --git a/etc/templates/en/errors/._0x1-location.txt b/etc/templates/en/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/en/errors/._0x2-beroot.txt b/etc/templates/en/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/en/errors/._0x3-dependencies.txt b/etc/templates/en/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/en/errors/._0x4-installtype.txt b/etc/templates/en/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/en/errors/._0x5-build.txt b/etc/templates/en/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x101-initial.txt b/etc/templates/en/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x102-installhelp.txt b/etc/templates/en/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x103-thanksforusing.txt b/etc/templates/en/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x104-client.txt b/etc/templates/en/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x105-noboot.txt b/etc/templates/en/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x106-logs.txt b/etc/templates/en/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x107-ar.txt b/etc/templates/en/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/en/messages/._0x108-ar-enabled.txt b/etc/templates/en/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/en/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/es/._language.txt b/etc/templates/es/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/._language.txt and /dev/null differ
diff --git a/etc/templates/es/._messages.txt b/etc/templates/es/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/._messages.txt and /dev/null differ
diff --git a/etc/templates/es/errors/._0x1-location.txt b/etc/templates/es/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/es/errors/._0x2-beroot.txt b/etc/templates/es/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/es/errors/._0x3-dependencies.txt b/etc/templates/es/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/es/errors/._0x4-installtype.txt b/etc/templates/es/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/es/errors/._0x5-build.txt b/etc/templates/es/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x101-initial.txt b/etc/templates/es/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x102-installhelp.txt b/etc/templates/es/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x103-thanksforusing.txt b/etc/templates/es/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x104-client.txt b/etc/templates/es/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x105-noboot.txt b/etc/templates/es/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x106-logs.txt b/etc/templates/es/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x107-ar.txt b/etc/templates/es/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/es/messages/._0x108-ar-enabled.txt b/etc/templates/es/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/es/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/fr/._language.txt b/etc/templates/fr/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/._language.txt and /dev/null differ
diff --git a/etc/templates/fr/._messages.txt b/etc/templates/fr/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/._messages.txt and /dev/null differ
diff --git a/etc/templates/fr/errors/._0x1-location.txt b/etc/templates/fr/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/fr/errors/._0x2-beroot.txt b/etc/templates/fr/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/fr/errors/._0x3-dependencies.txt b/etc/templates/fr/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/fr/errors/._0x4-installtype.txt b/etc/templates/fr/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/fr/errors/._0x5-build.txt b/etc/templates/fr/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x101-initial.txt b/etc/templates/fr/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x102-installhelp.txt b/etc/templates/fr/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x103-thanksforusing.txt b/etc/templates/fr/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x104-client.txt b/etc/templates/fr/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x105-noboot.txt b/etc/templates/fr/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x106-logs.txt b/etc/templates/fr/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x107-ar.txt b/etc/templates/fr/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/fr/messages/._0x108-ar-enabled.txt b/etc/templates/fr/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/fr/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/hu/._language.txt b/etc/templates/hu/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/._language.txt and /dev/null differ
diff --git a/etc/templates/hu/._messages.txt b/etc/templates/hu/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/._messages.txt and /dev/null differ
diff --git a/etc/templates/hu/errors/._0x1-location.txt b/etc/templates/hu/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/hu/errors/._0x2-beroot.txt b/etc/templates/hu/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/hu/errors/._0x3-dependencies.txt b/etc/templates/hu/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/hu/errors/._0x4-installtype.txt b/etc/templates/hu/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/hu/errors/._0x5-build.txt b/etc/templates/hu/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x101-initial.txt b/etc/templates/hu/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x102-installhelp.txt b/etc/templates/hu/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x103-thanksforusing.txt b/etc/templates/hu/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x104-client.txt b/etc/templates/hu/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x105-noboot.txt b/etc/templates/hu/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x106-logs.txt b/etc/templates/hu/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x107-ar.txt b/etc/templates/hu/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/hu/messages/._0x108-ar-enabled.txt b/etc/templates/hu/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/hu/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/it/._language.txt b/etc/templates/it/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/._language.txt and /dev/null differ
diff --git a/etc/templates/it/._messages.txt b/etc/templates/it/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/._messages.txt and /dev/null differ
diff --git a/etc/templates/it/errors/._0x1-location.txt b/etc/templates/it/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/it/errors/._0x2-beroot.txt b/etc/templates/it/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/it/errors/._0x3-dependencies.txt b/etc/templates/it/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/it/errors/._0x4-installtype.txt b/etc/templates/it/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/it/errors/._0x5-build.txt b/etc/templates/it/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x101-initial.txt b/etc/templates/it/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x102-installhelp.txt b/etc/templates/it/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x103-thanksforusing.txt b/etc/templates/it/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x104-client.txt b/etc/templates/it/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x105-noboot.txt b/etc/templates/it/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x106-logs.txt b/etc/templates/it/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x107-ar.txt b/etc/templates/it/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/it/messages/._0x108-ar-enabled.txt b/etc/templates/it/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/it/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/jp/._language.txt b/etc/templates/jp/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/._language.txt and /dev/null differ
diff --git a/etc/templates/jp/._messages.txt b/etc/templates/jp/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/._messages.txt and /dev/null differ
diff --git a/etc/templates/jp/errors/._0x1-location.txt b/etc/templates/jp/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/jp/errors/._0x2-beroot.txt b/etc/templates/jp/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/jp/errors/._0x3-dependencies.txt b/etc/templates/jp/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/jp/errors/._0x4-installtype.txt b/etc/templates/jp/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/jp/errors/._0x5-build.txt b/etc/templates/jp/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x101-initial.txt b/etc/templates/jp/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x102-installhelp.txt b/etc/templates/jp/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x103-thanksforusing.txt b/etc/templates/jp/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x104-client.txt b/etc/templates/jp/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x105-noboot.txt b/etc/templates/jp/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x106-logs.txt b/etc/templates/jp/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x107-ar.txt b/etc/templates/jp/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/jp/messages/._0x108-ar-enabled.txt b/etc/templates/jp/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/jp/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/nl/._language.txt b/etc/templates/nl/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/._language.txt and /dev/null differ
diff --git a/etc/templates/nl/._messages.txt b/etc/templates/nl/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/._messages.txt and /dev/null differ
diff --git a/etc/templates/nl/errors/._0x1-location.txt b/etc/templates/nl/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/nl/errors/._0x2-beroot.txt b/etc/templates/nl/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/nl/errors/._0x3-dependencies.txt b/etc/templates/nl/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/nl/errors/._0x4-installtype.txt b/etc/templates/nl/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/nl/errors/._0x5-build.txt b/etc/templates/nl/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x101-initial.txt b/etc/templates/nl/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x102-installhelp.txt b/etc/templates/nl/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x103-thanksforusing.txt b/etc/templates/nl/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x104-client.txt b/etc/templates/nl/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x105-noboot.txt b/etc/templates/nl/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x106-logs.txt b/etc/templates/nl/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x107-ar.txt b/etc/templates/nl/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/nl/messages/._0x108-ar-enabled.txt b/etc/templates/nl/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/nl/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/pl/._language.txt b/etc/templates/pl/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/._language.txt and /dev/null differ
diff --git a/etc/templates/pl/._messages.txt b/etc/templates/pl/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/._messages.txt and /dev/null differ
diff --git a/etc/templates/pl/errors/._0x1-location.txt b/etc/templates/pl/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/pl/errors/._0x2-beroot.txt b/etc/templates/pl/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/pl/errors/._0x3-dependencies.txt b/etc/templates/pl/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/pl/errors/._0x4-installtype.txt b/etc/templates/pl/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/pl/errors/._0x5-build.txt b/etc/templates/pl/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x101-initial.txt b/etc/templates/pl/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x102-installhelp.txt b/etc/templates/pl/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x103-thanksforusing.txt b/etc/templates/pl/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x104-client.txt b/etc/templates/pl/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x105-noboot.txt b/etc/templates/pl/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x106-logs.txt b/etc/templates/pl/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x107-ar.txt b/etc/templates/pl/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/pl/messages/._0x108-ar-enabled.txt b/etc/templates/pl/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/pl/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/ru/._language.txt b/etc/templates/ru/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/._language.txt and /dev/null differ
diff --git a/etc/templates/ru/._messages.txt b/etc/templates/ru/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/._messages.txt and /dev/null differ
diff --git a/etc/templates/ru/errors/._0x1-location.txt b/etc/templates/ru/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/ru/errors/._0x2-beroot.txt b/etc/templates/ru/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/ru/errors/._0x3-dependencies.txt b/etc/templates/ru/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/ru/errors/._0x4-installtype.txt b/etc/templates/ru/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/ru/errors/._0x5-build.txt b/etc/templates/ru/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x101-initial.txt b/etc/templates/ru/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x102-installhelp.txt b/etc/templates/ru/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x103-thanksforusing.txt b/etc/templates/ru/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x104-client.txt b/etc/templates/ru/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x105-noboot.txt b/etc/templates/ru/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x106-logs.txt b/etc/templates/ru/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x107-ar.txt b/etc/templates/ru/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/ru/messages/._0x108-ar-enabled.txt b/etc/templates/ru/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/ru/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/sr/._language.txt b/etc/templates/sr/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/._language.txt and /dev/null differ
diff --git a/etc/templates/sr/._messages.txt b/etc/templates/sr/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/._messages.txt and /dev/null differ
diff --git a/etc/templates/sr/errors/._0x1-location.txt b/etc/templates/sr/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/sr/errors/._0x2-beroot.txt b/etc/templates/sr/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/sr/errors/._0x3-dependencies.txt b/etc/templates/sr/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/sr/errors/._0x4-installtype.txt b/etc/templates/sr/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/sr/errors/._0x5-build.txt b/etc/templates/sr/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x101-initial.txt b/etc/templates/sr/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x102-installhelp.txt b/etc/templates/sr/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x103-thanksforusing.txt b/etc/templates/sr/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x104-client.txt b/etc/templates/sr/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x105-noboot.txt b/etc/templates/sr/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x106-logs.txt b/etc/templates/sr/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x107-ar.txt b/etc/templates/sr/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/sr/messages/._0x108-ar-enabled.txt b/etc/templates/sr/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/sr/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/etc/templates/tr/._language.txt b/etc/templates/tr/._language.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/._language.txt and /dev/null differ
diff --git a/etc/templates/tr/._messages.txt b/etc/templates/tr/._messages.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/._messages.txt and /dev/null differ
diff --git a/etc/templates/tr/errors/._0x1-location.txt b/etc/templates/tr/errors/._0x1-location.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/errors/._0x1-location.txt and /dev/null differ
diff --git a/etc/templates/tr/errors/._0x2-beroot.txt b/etc/templates/tr/errors/._0x2-beroot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/errors/._0x2-beroot.txt and /dev/null differ
diff --git a/etc/templates/tr/errors/._0x3-dependencies.txt b/etc/templates/tr/errors/._0x3-dependencies.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/errors/._0x3-dependencies.txt and /dev/null differ
diff --git a/etc/templates/tr/errors/._0x4-installtype.txt b/etc/templates/tr/errors/._0x4-installtype.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/errors/._0x4-installtype.txt and /dev/null differ
diff --git a/etc/templates/tr/errors/._0x5-build.txt b/etc/templates/tr/errors/._0x5-build.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/errors/._0x5-build.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x101-initial.txt b/etc/templates/tr/messages/._0x101-initial.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x101-initial.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x102-installhelp.txt b/etc/templates/tr/messages/._0x102-installhelp.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x102-installhelp.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x103-thanksforusing.txt b/etc/templates/tr/messages/._0x103-thanksforusing.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x103-thanksforusing.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x104-client.txt b/etc/templates/tr/messages/._0x104-client.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x104-client.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x105-noboot.txt b/etc/templates/tr/messages/._0x105-noboot.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x105-noboot.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x106-logs.txt b/etc/templates/tr/messages/._0x106-logs.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x106-logs.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x107-ar.txt b/etc/templates/tr/messages/._0x107-ar.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x107-ar.txt and /dev/null differ
diff --git a/etc/templates/tr/messages/._0x108-ar-enabled.txt b/etc/templates/tr/messages/._0x108-ar-enabled.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/etc/templates/tr/messages/._0x108-ar-enabled.txt and /dev/null differ
diff --git a/install.sh b/install.sh
index fb82917..798f5cd 100755
--- a/install.sh
+++ b/install.sh
@@ -128,7 +128,7 @@ Install()
echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
chmod 600 ${OSSEC_INIT}
cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
- chmod 644 ${INSTALLDIR}${OSSEC_INIT}
+ chmod 640 ${INSTALLDIR}${OSSEC_INIT}
# If update_rules is set, we need to tweak
@@ -369,7 +369,7 @@ ConfigureClient()
echo "3- ${configuring} $NAME."
echo ""
- if [[ "X${USER_AGENT_SERVER_IP}" = "X" && "X${USER_AGENT_SERVER_NAME}" = "X" ]]; then
+ if [ "X${USER_AGENT_SERVER_IP}" = "X" -a "X${USER_AGENT_SERVER_NAME}" = "X" ]; then
# Looping and asking for server ip or hostname
while [ 1 ]; do
$ECHO " 3.1- ${serveraddr}: "
diff --git a/src/._Config.Make b/src/._Config.Make
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._Config.Make and /dev/null differ
diff --git a/src/._InstallAgent.sh b/src/._InstallAgent.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._InstallAgent.sh and /dev/null differ
diff --git a/src/._InstallServer.sh b/src/._InstallServer.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._InstallServer.sh and /dev/null differ
diff --git a/src/._LOCATION b/src/._LOCATION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._LOCATION and /dev/null differ
diff --git a/src/._Makeall b/src/._Makeall
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._Makeall and /dev/null differ
diff --git a/src/._Makefile b/src/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._Makefile and /dev/null differ
diff --git a/src/._VERSION b/src/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/._VERSION and /dev/null differ
diff --git a/src/InstallAgent.sh b/src/InstallAgent.sh
index 4dcd94c..6f42f5b 100755
--- a/src/InstallAgent.sh
+++ b/src/InstallAgent.sh
@@ -67,14 +67,15 @@ elif [ "$UNAME" = "Darwin" ]; then
id -u ${USER} > /dev/null 2>&1
if [ ! $? = 0 ]; then
- # Creating for 10.5
- /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
+ # Creating for <= 10.4
+ /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
if [ $? = 0 ]; then
+
+ chmod +x ./init/darwin-addusers.pl
+ ./init/darwin-addusers.pl
+ else
chmod +x ./init/osx105-addusers.sh
./init/osx105-addusers.sh
- else
- chmod +x ./init/darwin-addusers.pl
- ./init/darwin-addusers.pl
fi
fi
else
@@ -189,13 +190,13 @@ chown root:${GROUP} ${DIR}/var/run
# Moving the binary files
-cp -pr ../bin/ossec-agentd ${DIR}/bin/
-cp -pr ../bin/agent-auth ${DIR}/bin/
-cp -pr ../bin/ossec-logcollector ${DIR}/bin/
-cp -pr ../bin/ossec-syscheckd ${DIR}/bin/
-cp -pr ../bin/ossec-execd ${DIR}/bin/
+cp -pr client-agent/ossec-agentd ${DIR}/bin/
+cp -pr os_auth/agent-auth ${DIR}/bin/
+cp -pr logcollector/ossec-logcollector ${DIR}/bin/
+cp -pr syscheckd/ossec-syscheckd ${DIR}/bin/
+cp -pr os_execd/ossec-execd ${DIR}/bin/
cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
-cp -pr ../bin/manage_agents ${DIR}/bin/
+cp -pr addagent/manage_agents ${DIR}/bin/
cp -pr ../contrib/util.sh ${DIR}/bin/
chown root:${GROUP} ${DIR}/bin/util.sh
chmod +x ${DIR}/bin/util.sh
diff --git a/src/InstallServer.sh b/src/InstallServer.sh
index 18c09c7..24444ce 100755
--- a/src/InstallServer.sh
+++ b/src/InstallServer.sh
@@ -81,14 +81,14 @@ elif [ "$UNAME" = "Darwin" ]; then
id -u ${USER} > /dev/null 2>&1
if [ ! $? = 0 ]; then
- # Creating for 10.5 and 10.6
- /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
+ # Creating for <= 10.4
+ /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
if [ $? = 0 ]; then
- chmod +x ./init/osx105-addusers.sh
- ./init/osx105-addusers.sh
- else
chmod +x ./init/darwin-addusers.pl
./init/darwin-addusers.pl
+ else
+ chmod +x ./init/osx105-addusers.sh
+ ./init/osx105-addusers.sh
fi
fi
else
@@ -121,8 +121,10 @@ for i in ${subdirs}; do
done
# Default for all directories
-chmod -R 550 ${DIR}
-chown -R root:${GROUP} ${DIR}
+chmod 550 ${DIR}
+chmod 550 ${DIR}/*
+chown root:${GROUP} ${DIR}
+chown root:${GROUP} ${DIR}/*
# AnalysisD needs to write to alerts: log, mail and cmds
chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
@@ -146,20 +148,21 @@ chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
chmod -R 750 ${DIR}/queue/rootcheck
chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
-chmod -R 750 ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
+chmod 750 ${DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
-chmod -R 755 ${DIR}/queue/agent-info
-chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agent-info
+chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
-chmod -R 755 ${DIR}/queue/rids
-chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/rids
+chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
-chmod -R 755 ${DIR}/queue/agentless
-chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agentless
+chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
# For the stats directory
@@ -169,12 +172,13 @@ chmod -R 750 ${DIR}/stats
# For the logging user
chown -R ${USER}:${GROUP} ${DIR}/logs
chmod -R 750 ${DIR}/logs
+touch ${DIR}/logs/ossec.log
+chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+chmod 660 ${DIR}/logs/ossec.log
+
touch ${DIR}/logs/active-responses.log
chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
chmod 660 ${DIR}/logs/active-responses.log
-touch ${DIR}/logs/ossec.log
-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
-chmod 664 ${DIR}/logs/ossec.log
# For the rules directory
ls ${DIR}/rules/*.xml > /dev/null 2>&1
@@ -192,6 +196,7 @@ if [ $? = 0 ]; then
fi
cp -pr ../etc/rules/* ${DIR}/rules/
+find ${DIR}/rules/ -type f -exec chmod 440 {} \;
# If the local_rules is saved, moved it back
ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
@@ -209,21 +214,21 @@ chown -R root:${GROUP} ${DIR}/etc
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
cp -pL /etc/localtime ${DIR}/etc/;
- chmod 555 ${DIR}/etc/localtime
+ chmod 440 ${DIR}/etc/localtime
chown root:${GROUP} ${DIR}/etc/localtime
fi
# Solaris Needs some extra files
if [ "$UNAME" = "SunOS" ]; then
mkdir -p ${DIR}/usr/share/lib/zoneinfo/
- chmod -R 555 ${DIR}/usr/
+ chmod -R 550 ${DIR}/usr/
cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
fi
ls /etc/TIMEZONE > /dev/null 2>&1
if [ $? = 0 ]; then
cp -p /etc/TIMEZONE ${DIR}/etc/;
- chmod 555 ${DIR}/etc/TIMEZONE
+ chmod 550 ${DIR}/etc/TIMEZONE
fi
@@ -232,15 +237,23 @@ chmod 770 ${DIR}/var/run
chown root:${GROUP} ${DIR}/var/run
# Moving the binary files
-cp -pr ../bin/ossec* ${DIR}/bin/
-cp -pr ../bin/manage_agents ${DIR}/bin/
-cp -pr ../bin/syscheck_update ${DIR}/bin/
-cp -pr ../bin/verify-agent-conf ${DIR}/bin/
-cp -pr ../bin/clear_stats ${DIR}/bin/
-cp -pr ../bin/list_agents ${DIR}/bin/
-cp -pr ../bin/agent_control ${DIR}/bin/
-cp -pr ../bin/syscheck_control ${DIR}/bin/
-cp -pr ../bin/rootcheck_control ${DIR}/bin/
+cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
+ analysisd/ossec-analysisd logcollector/ossec-logcollector \
+ monitord/ossec-monitord monitord/ossec-reportd \
+ os_execd/ossec-execd os_maild/ossec-maild \
+ remoted/ossec-remoted syscheckd/ossec-syscheckd \
+ analysisd/ossec-logtest os_csyslogd/ossec-csyslogd \
+ os_auth/ossec-authd os_dbd/ossec-dbd analysisd/ossec-makelists \
+ ${DIR}/bin/
+
+cp -pr util/verify-agent-conf ${DIR}/bin/
+cp -pr util/clear_stats ${DIR}/bin/
+cp -pr util/list_agents ${DIR}/bin/
+cp -pr util/ossec-regex ${DIR}/bin/
+cp -pr util/syscheck_update ${DIR}/bin/
+cp -pr util/agent_control ${DIR}/bin/
+cp -pr util/syscheck_control ${DIR}/bin/
+cp -pr util/rootcheck_control ${DIR}/bin/
cp -pr ../contrib/util.sh ${DIR}/bin/
chown root:${GROUP} ${DIR}/bin/util.sh
chmod +x ${DIR}/bin/util.sh
@@ -298,7 +311,7 @@ sh ./init/fw-check.sh execute > /dev/null
cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
-chmod 755 ${DIR}/active-response/bin/*
+chmod 550 ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/bin/*
diff --git a/src/Makeall b/src/Makeall
index 94c8a95..fe361a1 100755
--- a/src/Makeall
+++ b/src/Makeall
@@ -68,11 +68,11 @@ if [ "X${ARGV}" = "Xall" -o "X${ARGV}" = "Xrootcheck" -o "X${ARGV}" = "Xlibs" ];
# Checking for inotify
if [ "X$OS" = "XLinux" ]; then
- ls /usr/include/sys/inotify.h > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -e /usr/include/sys/inotify.h ]; then
echo "EEXTRA=-DUSEINOTIFY" >> Config.OS
- fi
-
+ elif [ -e /usr/include/linux/inotify.h ]; then
+ echo "EEXTRA=-DUSEINOTIFY" >> Config.OS
+ fi
fi
if [ "X$OS" = "XAIX" ]; then
@@ -97,6 +97,9 @@ if [ "X${ARGV}" = "Xall" -o "X${ARGV}" = "Xrootcheck" -o "X${ARGV}" = "Xlibs" ];
elif [ "X$OS" = "XDarwin" ]; then
echo "EEXTRA=-DDarwin -DHIGHFIRST" >> Config.OS
+
+ elif [ "X$OS" = "XFreeBSD" ]; then
+ echo "EEXTRA=-DFreeBSD" >> Config.OS
else
diff --git a/src/Makefile b/src/Makefile
index c103df3..a96be3a 100755
--- a/src/Makefile
+++ b/src/Makefile
@@ -47,16 +47,20 @@ setagent:
@echo "CEXTRA=-DCLIENT" >> ./Config.OS
setclang:
- @sed -i '' -e "s/^CC=.*/CC=clang/g" LOCATION
+ @mv LOCATION LOCATION.backup
+ @sed -e "s/^CC=.*/CC=clang/g" LOCATION.backup > LOCATION
+ @rm LOCATION.backup
unsetclang:
- @sed -i '' -e "s/^CC=.*/CC=gcc/g" LOCATION
+ @mv LOCATION LOCATION.backup
+ @sed -e "s/^CC=.*/CC=gcc/g" LOCATION.backup > LOCATION
+ @rm LOCATION.backup
setprelude:
@echo "CPRELUDE=-DPRELUDE -lprelude `libprelude-config --pthread-cflags` `libprelude-config --libs`" >> ./Config.OS
setgeoip:
- @echo "CGEOIP=-DGEOIP -lGeoIP" >> ./Config.OS
+ @echo "CGEOIP=-DGEOIP -I/usr/local/include -L/usr/local/lib -lGeoIP" >> ./Config.OS
setdb:
@cd ./os_dbd; echo "CDB=`./dbmake.sh`" >> ../Config.OS;
diff --git a/src/VERSION b/src/VERSION
index 90f0449..9b4b5fb 100755
--- a/src/VERSION
+++ b/src/VERSION
@@ -1 +1 @@
-v2.7-beta1
+v2.7.1
diff --git a/src/addagent/._Makefile b/src/addagent/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._Makefile and /dev/null differ
diff --git a/src/addagent/._b64.c b/src/addagent/._b64.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._b64.c and /dev/null differ
diff --git a/src/addagent/._main.c b/src/addagent/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._main.c and /dev/null differ
diff --git a/src/addagent/._manage_agents.c b/src/addagent/._manage_agents.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._manage_agents.c and /dev/null differ
diff --git a/src/addagent/._manage_agents.h b/src/addagent/._manage_agents.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._manage_agents.h and /dev/null differ
diff --git a/src/addagent/._manage_keys.c b/src/addagent/._manage_keys.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._manage_keys.c and /dev/null differ
diff --git a/src/addagent/._read_from_user.c b/src/addagent/._read_from_user.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._read_from_user.c and /dev/null differ
diff --git a/src/addagent/._validate.c b/src/addagent/._validate.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/addagent/._validate.c and /dev/null differ
diff --git a/src/addagent/b64.c b/src/addagent/b64.c
index 44f0079..45ecb49 100755
--- a/src/addagent/b64.c
+++ b/src/addagent/b64.c
@@ -13,7 +13,7 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@@ -36,7 +36,7 @@ static unsigned char decode(char c);
/**
- * Implementation of base64 encoding/decoding.
+ * Implementation of base64 encoding/decoding.
*
* @author Jan-Henrik Haukeland, <hauk at tildeslash.com>
*
@@ -68,7 +68,7 @@ char *encode_base64(int size, char *src) {
out = (char *)calloc(sizeof(char), size*4/3+4);
if(!out)
return NULL;
-
+
p = out;
for(i = 0; i < size; i+=3) {
@@ -114,45 +114,45 @@ char *encode_base64(int size, char *src) {
* 'dest'. The dest buffer is NUL terminated.
* Return NULL in case of error
*/
-char *decode_base64(const char *src)
+char *decode_base64(const char *src)
{
- if(src && *src)
+ if(src && *src)
{
char *dest;
unsigned char *p;
int k, l = strlen(src)+1;
unsigned char *buf;
-
+
/* The size of the dest will always be less than
* the source
*/
dest = (char *)calloc(sizeof(char), l + 13);
if(!dest)
return(NULL);
-
+
p = (unsigned char *)dest;
-
+
buf = malloc(l);
if(!buf)
return(NULL);
/* Ignore non base64 chars as per the POSIX standard */
- for(k=0, l=0; src[k]; k++)
+ for(k=0, l=0; src[k]; k++)
{
- if(is_base64(src[k]))
+ if(is_base64(src[k]))
{
buf[l++]= src[k];
}
- }
+ }
- for(k=0; k<l; k+=4)
+ for(k=0; k<l; k+=4)
{
char c1='A', c2='A', c3='A', c4='A';
unsigned char b1=0, b2=0, b3=0, b4=0;
c1= buf[k];
- if(k+1<l)
+ if(k+1<l)
{
c2= buf[k+1];
}
@@ -246,7 +246,7 @@ int main(int argc, char **argv)
{
char *s;
char *d;
-
+
if(argc < 2)
{
printf("%s string\n",argv[0]);
@@ -259,7 +259,7 @@ int main(int argc, char **argv)
d = decode_base64(s);
printf("decode:%s\n",d);
-
+
exit(0);
}
diff --git a/src/addagent/main.c b/src/addagent/main.c
index 1334da6..a620ff8 100755
--- a/src/addagent/main.c
+++ b/src/addagent/main.c
@@ -25,7 +25,8 @@ void helpmsg()
printf("\t-l List available agents.\n");
printf("\t-e <id> Extracts key for an agent (Manager only).\n");
printf("\t-i <id> Import authentication key (Agent only).\n");
- printf("\t-f <file> Bulk generate client keys from file. (Manager only).\n\n");
+ printf("\t-f <file> Bulk generate client keys from file. (Manager only).\n");
+ printf("\t <file> contains lines in IP,NAME format.\n\n");
exit(1);
}
diff --git a/src/addagent/read_from_user.c b/src/addagent/read_from_user.c
index 31da5e6..c46d158 100755
--- a/src/addagent/read_from_user.c
+++ b/src/addagent/read_from_user.c
@@ -23,7 +23,7 @@ char *read_from_user()
{
memset(__user_buffer, '\0', USER_SIZE +1);
- if((fgets(__user_buffer, USER_SIZE -1, stdin) == NULL) ||
+ if((fgets(__user_buffer, USER_SIZE -1, stdin) == NULL) ||
(strlen(__user_buffer) >= (USER_SIZE -2)))
{
printf(INPUT_LARGE);
diff --git a/src/agentlessd/._Makefile b/src/agentlessd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/._Makefile and /dev/null differ
diff --git a/src/agentlessd/._README b/src/agentlessd/._README
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/agentlessd/._README and /dev/null differ
diff --git a/src/agentlessd/._agentlessd.c b/src/agentlessd/._agentlessd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/._agentlessd.c and /dev/null differ
diff --git a/src/agentlessd/._agentlessd.h b/src/agentlessd/._agentlessd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/._agentlessd.h and /dev/null differ
diff --git a/src/agentlessd/._main.c b/src/agentlessd/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/._main.c and /dev/null differ
diff --git a/src/agentlessd/agentlessd.c b/src/agentlessd/agentlessd.c
index 8aa056f..505d43b 100755
--- a/src/agentlessd/agentlessd.c
+++ b/src/agentlessd/agentlessd.c
@@ -25,7 +25,7 @@ int save_agentless_entry(char *host, char *script, char *agttype)
char sys_location[1024 +1];
sys_location[1024] = '\0';
- snprintf(sys_location, 1024, "%s/(%s) %s",
+ snprintf(sys_location, 1024, "%s/(%s) %s",
AGENTLESS_ENTRYDIRPATH, script, host);
fp = fopen(sys_location, "w");
@@ -51,7 +51,7 @@ int send_intcheck_msg(char *script, char *host, char *msg)
sys_location[1024] = '\0';
snprintf(sys_location, 1024, "(%s) %s->%s", script, host, SYSCHECK);
-
+
if(SendMSG(lessdc.queue, msg, sys_location, SYSCHECK_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
@@ -77,7 +77,7 @@ int send_log_msg(char *script, char *host, char *msg)
sys_location[1024] = '\0';
snprintf(sys_location, 1024, "(%s) %s->%s", script, host, SYSCHECK);
-
+
if(SendMSG(lessdc.queue, msg, sys_location, LOCALFILE_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
@@ -108,7 +108,7 @@ int gen_diff_alert(char *host, char *script, int alert_diff_time)
snprintf(buf, 2048, "%s/%s->%s/diff.%d",
DIFF_DIR_PATH, host, script, alert_diff_time);
-
+
fp = fopen(buf, "r");
if(!fp)
{
@@ -133,7 +133,7 @@ int gen_diff_alert(char *host, char *script, int alert_diff_time)
else
{
/* Weird diff with only one large line. */
- buf[256] = '\0';
+ buf[256] = '\0';
}
}
else
@@ -146,19 +146,19 @@ int gen_diff_alert(char *host, char *script, int alert_diff_time)
/* Getting up to 8 line changes. */
tmp_str = buf;
-
+
while(tmp_str && (*tmp_str != '\0'))
{
tmp_str = strchr(tmp_str, '\n');
if(!tmp_str)
- break;
+ break;
else if(n >= 7)
{
- *tmp_str = '\0';
+ *tmp_str = '\0';
break;
}
n++;
- tmp_str++;
+ tmp_str++;
}
@@ -167,10 +167,10 @@ int gen_diff_alert(char *host, char *script, int alert_diff_time)
buf, n>=7?
"\nMore changes..":
"");
-
-
+
+
snprintf(buf, 1024, "(%s) %s->agentless", script, host);
-
+
if(SendMSG(lessdc.queue, diff_alert, buf, LOCALFILE_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
@@ -203,7 +203,7 @@ int check_diff_file(char *host, char *script)
os_md5 md5sum_old;
os_md5 md5sum_new;
-
+
old_location[1024] = '\0';
new_location[1024] = '\0';
tmp_location[1024] = '\0';
@@ -229,7 +229,7 @@ int check_diff_file(char *host, char *script)
if(OS_MD5_File(new_location, md5sum_new) != 0)
{
merror("%s: ERROR: Invalid internal state (missing '%s').",
- ARGV0, new_location);
+ ARGV0, new_location);
return(0);
}
@@ -251,15 +251,15 @@ int check_diff_file(char *host, char *script)
/* Run diff. */
date_of_change = File_DateofChange(old_location);
- snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\" > \"%s/%s->%s/diff.%d\" "
+ snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\" > \"%s/%s->%s/diff.%d\" "
"2>/dev/null",
- tmp_location, old_location,
+ tmp_location, old_location,
DIFF_DIR_PATH, host, script, date_of_change);
if(system(diff_cmd) != 256)
{
merror("%s: ERROR: Unable to run diff for %s->%s",
ARGV0, host, script);
- return(0);
+ return(0);
}
@@ -277,7 +277,7 @@ FILE *open_diff_file(char *host, char *script)
{
FILE *fp = NULL;
char sys_location[1024 +1];
-
+
sys_location[1024] = '\0';
snprintf(sys_location, 1024, "%s/%s->%s/%s", DIFF_DIR_PATH, host, script,
DIFF_NEW_FILE);
@@ -298,7 +298,7 @@ FILE *open_diff_file(char *host, char *script)
}
}
- snprintf(sys_location, 1024, "%s/%s->%s/%s", DIFF_DIR_PATH, host,
+ snprintf(sys_location, 1024, "%s/%s->%s/%s", DIFF_DIR_PATH, host,
script, DIFF_NEW_FILE);
fp = fopen(sys_location, "w");
if(!fp)
@@ -322,13 +322,13 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
char command[OS_SIZE_1024 +1];
FILE *fp;
FILE *fp_store = NULL;
-
-
+
+
buf[0] = '\0';
command[0] = '\0';
- command[OS_SIZE_1024] = '\0';
-
-
+ command[OS_SIZE_1024] = '\0';
+
+
while(entry->server[i])
{
/* Ignored entry. */
@@ -337,14 +337,14 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
i++;
continue;
}
-
-
- /* We only test for the first server entry. */
+
+
+ /* We only test for the first server entry. */
else if(test_it)
{
int ret_code = 0;
- snprintf(command, OS_SIZE_1024,
- "%s/%s test test >/dev/null 2>&1",
+ snprintf(command, OS_SIZE_1024,
+ "%s/%s test test >/dev/null 2>&1",
AGENTLESSDIRPATH, entry->type);
ret_code = system(command);
@@ -355,7 +355,7 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
{
merror("%s: ERROR: Expect command not found (or bad "
"arguments) for '%s'.",
- ARGV0, entry->type);
+ ARGV0, entry->type);
}
merror("%s: ERROR: Test failed for '%s' (%d). Ignoring.",
ARGV0, entry->type, ret_code/256);
@@ -366,23 +366,23 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
verbose("%s: INFO: Test passed for '%s'.", ARGV0, entry->type);
return(0);
}
-
+
if(entry->server[i][0] == 's')
{
- snprintf(command, OS_SIZE_1024, "%s/%s \"use_su\" \"%s\" %s 2>&1",
- AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
+ snprintf(command, OS_SIZE_1024, "%s/%s \"use_su\" \"%s\" %s 2>&1",
+ AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
entry->options);
}
else if(entry->server[i][0] == 'o')
{
- snprintf(command, OS_SIZE_1024, "%s/%s \"use_sudo\" \"%s\" %s 2>&1",
- AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
+ snprintf(command, OS_SIZE_1024, "%s/%s \"use_sudo\" \"%s\" %s 2>&1",
+ AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
entry->options);
}
else
{
- snprintf(command, OS_SIZE_1024, "%s/%s \"%s\" %s 2>&1",
- AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
+ snprintf(command, OS_SIZE_1024, "%s/%s \"%s\" %s 2>&1",
+ AGENTLESSDIRPATH, entry->type, entry->server[i] +1,
entry->options);
}
@@ -398,23 +398,23 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
tmp_str = strchr(buf, '\n');
if(tmp_str)
*tmp_str = '\0';
-
+
if(strncmp(buf, "ERROR: ", 7) == 0)
{
- merror("%s: ERROR: %s: %s: %s", ARGV0,
+ merror("%s: ERROR: %s: %s: %s", ARGV0,
entry->type, entry->server[i] +1, buf +7);
entry->error_flag++;
break;
}
else if(strncmp(buf, "INFO: ", 6) == 0)
{
- verbose("%s: INFO: %s: %s: %s", ARGV0,
+ verbose("%s: INFO: %s: %s: %s", ARGV0,
entry->type, entry->server[i] +1, buf +6);
}
else if(strncmp(buf, "FWD: ", 4) == 0)
{
tmp_str = buf + 5;
- send_intcheck_msg(entry->type, entry->server[i]+1,
+ send_intcheck_msg(entry->type, entry->server[i]+1,
tmp_str);
}
else if(strncmp(buf, "LOG: ", 4) == 0)
@@ -426,7 +426,7 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
else if((entry->state & LESSD_STATE_DIFF) &&
(strncmp(buf, "STORE: ", 7) == 0))
{
- fp_store = open_diff_file(entry->server[i]+1,
+ fp_store = open_diff_file(entry->server[i]+1,
entry->type);
}
else if(fp_store)
@@ -448,14 +448,14 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
}
else
{
- save_agentless_entry(entry->server[i] +1,
+ save_agentless_entry(entry->server[i] +1,
entry->type, "syscheck");
}
pclose(fp);
}
else
{
- merror("%s: ERROR: popen failed on '%s' for '%s'.", ARGV0,
+ merror("%s: ERROR: popen failed on '%s' for '%s'.", ARGV0,
entry->type, entry->server[i] +1);
entry->error_flag++;
}
@@ -467,7 +467,7 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
{
fclose(fp_store);
}
-
+
return(0);
}
@@ -476,10 +476,10 @@ int run_periodic_cmd(agentlessd_entries *entry, int test_it)
/* Main agentlessd */
void Agentlessd()
{
- time_t tm;
- struct tm *p;
+ time_t tm;
+ struct tm *p;
- int today = 0;
+ int today = 0;
int thismonth = 0;
int thisyear = 0;
int test_it = 1;
@@ -490,16 +490,16 @@ void Agentlessd()
/* Waiting a few seconds to settle */
sleep(2);
memset(str, '\0', OS_SIZE_1024 +1);
-
-
+
+
/* Getting currently time before starting */
tm = time(NULL);
p = localtime(&tm);
-
+
today = p->tm_mday;
thismonth = p->tm_mon;
thisyear = p->tm_year+1900;
-
+
/* Connecting to the message queue
* Exit if it fails.
@@ -535,7 +535,7 @@ void Agentlessd()
if(lessdc.entries[i]->error_flag != 99)
{
merror("%s: ERROR: Too many failures for '%s'. Ignoring it.",
- ARGV0, lessdc.entries[i]->type);
+ ARGV0, lessdc.entries[i]->type);
lessdc.entries[i]->error_flag = 99;
}
@@ -544,22 +544,22 @@ void Agentlessd()
continue;
}
-
+
/* Run the check again if the frequency has elapsed. */
if((lessdc.entries[i]->state & LESSD_STATE_PERIODIC) &&
- ((lessdc.entries[i]->current_state +
+ ((lessdc.entries[i]->current_state +
lessdc.entries[i]->frequency) < tm))
{
run_periodic_cmd(lessdc.entries[i], test_it);
if(!test_it)
lessdc.entries[i]->current_state = tm;
}
-
+
i++;
sleep(i);
}
-
+
/* We only check every minute */
test_it = 0;
sleep(60);
diff --git a/src/agentlessd/main.c b/src/agentlessd/main.c
index 516f485..1d3ce3b 100755
--- a/src/agentlessd/main.c
+++ b/src/agentlessd/main.c
@@ -29,7 +29,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
@@ -59,13 +59,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -102,30 +103,30 @@ int main(int argc, char **argv)
if(test_config)
exit(0);
-
+
/* Going on daemon mode */
- if(!run_foreground)
+ if(!run_foreground)
{
nowDaemon();
goDaemonLight();
}
chdir(dir);
-
+
/* Exiting if not configured. */
if(!lessdc.entries)
{
verbose("%s: INFO: Not configured. Exiting.", ARGV0);
exit(0);
}
-
-
+
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -137,16 +138,16 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real daemon now */
Agentlessd();
diff --git a/src/agentlessd/scripts/._main.exp b/src/agentlessd/scripts/._main.exp
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._main.exp and /dev/null differ
diff --git a/src/agentlessd/scripts/._register_host.sh b/src/agentlessd/scripts/._register_host.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._register_host.sh and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh.exp b/src/agentlessd/scripts/._ssh.exp
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh.exp and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_asa-fwsmconfig_diff b/src/agentlessd/scripts/._ssh_asa-fwsmconfig_diff
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_asa-fwsmconfig_diff and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_foundry_diff b/src/agentlessd/scripts/._ssh_foundry_diff
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_foundry_diff and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_generic_diff b/src/agentlessd/scripts/._ssh_generic_diff
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_generic_diff and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_integrity_check_bsd b/src/agentlessd/scripts/._ssh_integrity_check_bsd
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_integrity_check_bsd and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_integrity_check_linux b/src/agentlessd/scripts/._ssh_integrity_check_linux
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_integrity_check_linux and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_nopass.exp b/src/agentlessd/scripts/._ssh_nopass.exp
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_nopass.exp and /dev/null differ
diff --git a/src/agentlessd/scripts/._ssh_pixconfig_diff b/src/agentlessd/scripts/._ssh_pixconfig_diff
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._ssh_pixconfig_diff and /dev/null differ
diff --git a/src/agentlessd/scripts/._sshlogin.exp b/src/agentlessd/scripts/._sshlogin.exp
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._sshlogin.exp and /dev/null differ
diff --git a/src/agentlessd/scripts/._su.exp b/src/agentlessd/scripts/._su.exp
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/agentlessd/scripts/._su.exp and /dev/null differ
diff --git a/src/agentlessd/scripts/ssh_asa-fwsmconfig_diff b/src/agentlessd/scripts/ssh_asa-fwsmconfig_diff
index e843367..7e69b63 100755
--- a/src/agentlessd/scripts/ssh_asa-fwsmconfig_diff
+++ b/src/agentlessd/scripts/ssh_asa-fwsmconfig_diff
@@ -14,7 +14,8 @@
if {$argc < 1} {
- send_user "ERROR: ssh_pixconfig_diff <hostname> <commands>\n";
+ send_user "ERROR: ssh_asa-fwsmconfig_diff <hostname> <commands>\n";
+ send_user "ERROR: Must be run from /var/ossec\n";
exit 1;
}
diff --git a/src/agentlessd/scripts/ssh_pixconfig_diff b/src/agentlessd/scripts/ssh_pixconfig_diff
index ba6294e..57b8c9e 100755
--- a/src/agentlessd/scripts/ssh_pixconfig_diff
+++ b/src/agentlessd/scripts/ssh_pixconfig_diff
@@ -129,7 +129,7 @@ expect {
send_user "ERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
- "* password:*" {
+ "*Password:*" {
send "$pass\r"
expect {
diff --git a/src/analysisd/._Makefile b/src/analysisd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._Makefile and /dev/null differ
diff --git a/src/analysisd/._active-response.c b/src/analysisd/._active-response.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._active-response.c and /dev/null differ
diff --git a/src/analysisd/._active-response.h b/src/analysisd/._active-response.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._active-response.h and /dev/null differ
diff --git a/src/analysisd/._analysisd.c b/src/analysisd/._analysisd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._analysisd.c and /dev/null differ
diff --git a/src/analysisd/._analysisd.h b/src/analysisd/._analysisd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._analysisd.h and /dev/null differ
diff --git a/src/analysisd/._cleanevent.c b/src/analysisd/._cleanevent.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._cleanevent.c and /dev/null differ
diff --git a/src/analysisd/._config.c b/src/analysisd/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._config.c and /dev/null differ
diff --git a/src/analysisd/._config.h b/src/analysisd/._config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._config.h and /dev/null differ
diff --git a/src/analysisd/._dodiff.c b/src/analysisd/._dodiff.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._dodiff.c and /dev/null differ
diff --git a/src/analysisd/._eventinfo.c b/src/analysisd/._eventinfo.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._eventinfo.c and /dev/null differ
diff --git a/src/analysisd/._eventinfo.h b/src/analysisd/._eventinfo.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._eventinfo.h and /dev/null differ
diff --git a/src/analysisd/._eventinfo_list.c b/src/analysisd/._eventinfo_list.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._eventinfo_list.c and /dev/null differ
diff --git a/src/analysisd/._fts.c b/src/analysisd/._fts.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._fts.c and /dev/null differ
diff --git a/src/analysisd/._fts.h b/src/analysisd/._fts.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._fts.h and /dev/null differ
diff --git a/src/analysisd/._lists.c b/src/analysisd/._lists.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._lists.c and /dev/null differ
diff --git a/src/analysisd/._lists.h b/src/analysisd/._lists.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._lists.h and /dev/null differ
diff --git a/src/analysisd/._lists_list.c b/src/analysisd/._lists_list.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._lists_list.c and /dev/null differ
diff --git a/src/analysisd/._lists_make.c b/src/analysisd/._lists_make.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._lists_make.c and /dev/null differ
diff --git a/src/analysisd/._lists_make.h b/src/analysisd/._lists_make.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._lists_make.h and /dev/null differ
diff --git a/src/analysisd/._makelists.c b/src/analysisd/._makelists.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._makelists.c and /dev/null differ
diff --git a/src/analysisd/._makelists.h b/src/analysisd/._makelists.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._makelists.h and /dev/null differ
diff --git a/src/analysisd/._picviz.c b/src/analysisd/._picviz.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._picviz.c and /dev/null differ
diff --git a/src/analysisd/._picviz.h b/src/analysisd/._picviz.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._picviz.h and /dev/null differ
diff --git a/src/analysisd/._prelude.c b/src/analysisd/._prelude.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._prelude.c and /dev/null differ
diff --git a/src/analysisd/._prelude.h b/src/analysisd/._prelude.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/._prelude.h and /dev/null differ
diff --git a/src/analysisd/._rules.c b/src/analysisd/._rules.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._rules.c and /dev/null differ
diff --git a/src/analysisd/._rules.h b/src/analysisd/._rules.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._rules.h and /dev/null differ
diff --git a/src/analysisd/._rules_list.c b/src/analysisd/._rules_list.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._rules_list.c and /dev/null differ
diff --git a/src/analysisd/._stats.c b/src/analysisd/._stats.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._stats.c and /dev/null differ
diff --git a/src/analysisd/._stats.h b/src/analysisd/._stats.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._stats.h and /dev/null differ
diff --git a/src/analysisd/._testrule.c b/src/analysisd/._testrule.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/._testrule.c and /dev/null differ
diff --git a/src/analysisd/active-response.c b/src/analysisd/active-response.c
index fd27c37..f6f2414 100755
--- a/src/analysisd/active-response.c
+++ b/src/analysisd/active-response.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "active-response.h"
@@ -56,7 +56,7 @@ int AR_ReadConfig(int test_config, char *cfgfile)
/* Setting right permission */
- chmod(DEFAULTARPATH, 0444);
+ chmod(DEFAULTARPATH, 0440);
/* Reading configuration */
diff --git a/src/analysisd/active-response.h b/src/analysisd/active-response.h
index b34b49f..3c3fc11 100755
--- a/src/analysisd/active-response.h
+++ b/src/analysisd/active-response.h
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef _AR__H
#define _AR__H
@@ -29,7 +29,7 @@ void AR_Init();
* to the appropriate lists.
*/
int AR_ReadConfig(int test_config, char *cfgfile);
-
+
/* Active response commands */
OSList *ar_commands;
diff --git a/src/analysisd/alerts/._Makefile b/src/analysisd/alerts/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._Makefile and /dev/null differ
diff --git a/src/analysisd/alerts/._alerts.h b/src/analysisd/alerts/._alerts.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._alerts.h and /dev/null differ
diff --git a/src/analysisd/alerts/._exec.c b/src/analysisd/alerts/._exec.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._exec.c and /dev/null differ
diff --git a/src/analysisd/alerts/._exec.h b/src/analysisd/alerts/._exec.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._exec.h and /dev/null differ
diff --git a/src/analysisd/alerts/._getloglocation.c b/src/analysisd/alerts/._getloglocation.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._getloglocation.c and /dev/null differ
diff --git a/src/analysisd/alerts/._getloglocation.h b/src/analysisd/alerts/._getloglocation.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._getloglocation.h and /dev/null differ
diff --git a/src/analysisd/alerts/._log.c b/src/analysisd/alerts/._log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._log.c and /dev/null differ
diff --git a/src/analysisd/alerts/._log.h b/src/analysisd/alerts/._log.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._log.h and /dev/null differ
diff --git a/src/analysisd/alerts/._mail.c b/src/analysisd/alerts/._mail.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/alerts/._mail.c and /dev/null differ
diff --git a/src/analysisd/alerts/alerts.h b/src/analysisd/alerts/alerts.h
index 011238a..92d9325 100755
--- a/src/analysisd/alerts/alerts.h
+++ b/src/analysisd/alerts/alerts.h
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
diff --git a/src/analysisd/alerts/exec.c b/src/analysisd/alerts/exec.c
index b7857ea..073ac58 100755
--- a/src/analysisd/alerts/exec.c
+++ b/src/analysisd/alerts/exec.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -26,7 +26,7 @@
#include "eventinfo.h"
-/* OS_Exec v0.1
+/* OS_Exec v0.1
*/
void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
{
@@ -41,7 +41,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
if(strncmp(lf->srcip, "::ffff:", 7) == 0)
{
ip = lf->srcip + 7;
- }
+ }
else
{
ip = lf->srcip;
@@ -63,7 +63,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
OSMatch **wl;
srcip_size = strlen(ip);
-
+
wl = Config.hostname_white_list;
while(*wl)
{
@@ -77,8 +77,8 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
{
ip = "-";
}
-
-
+
+
/* Getting username */
if(lf->dstuser && (ar->ar_cmd->expect & USERNAME))
{
@@ -90,17 +90,17 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
}
- /* active response on the server.
+ /* active response on the server.
* The response must be here if the ar->location is set to AS
* or the ar->location is set to local (REMOTE_AGENT) and the
* event location is from here.
- */
+ */
if((ar->location & AS_ONLY) ||
((ar->location & REMOTE_AGENT) && (lf->location[0] != '(')) )
{
if(!(Config.ar & LOCAL_AR))
return;
-
+
snprintf(exec_msg, OS_SIZE_1024,
"%s %s %s %d.%ld %d %s",
ar->name,
@@ -116,9 +116,9 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
merror("%s: Error communicating with execd.", ARGV0);
}
}
-
- /* Active response to the forwarder */
+
+ /* Active response to the forwarder */
else if((Config.ar & REMOTE_AR))
{
int rc;
@@ -153,7 +153,7 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
__crt_ftell,
lf->generated_rule->sigid);
}
-
+
if((rc = OS_SendUnix(*arq, exec_msg, 0)) < 0)
{
if(rc == OS_SOCKBUSY)
@@ -162,12 +162,12 @@ void OS_Exec(int *execq, int *arq, Eventinfo *lf, active_response *ar)
}
else
{
- merror("%s: AR socket error (shutdown?).", ARGV0);
+ merror("%s: AR socket error (shutdown?).", ARGV0);
}
merror("%s: Error communicating with ar queue (%d).", ARGV0, rc);
}
}
-
+
return;
}
diff --git a/src/analysisd/alerts/exec.h b/src/analysisd/alerts/exec.h
index 773cd83..674796d 100755
--- a/src/analysisd/alerts/exec.h
+++ b/src/analysisd/alerts/exec.h
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
diff --git a/src/analysisd/alerts/getloglocation.c b/src/analysisd/alerts/getloglocation.c
index d3cee2b..652696a 100755
--- a/src/analysisd/alerts/getloglocation.c
+++ b/src/analysisd/alerts/getloglocation.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -22,32 +22,32 @@ char __elogfile[OS_FLSIZE+1];
char __alogfile[OS_FLSIZE+1];
char __flogfile[OS_FLSIZE+1];
-/* OS_InitLog */
+/* OS_InitLog */
void OS_InitLog()
{
OS_InitFwLog();
__crt_day = 0;
-
- /* alerts and events log file */
- memset(__alogfile,'\0',OS_FLSIZE +1);
- memset(__elogfile,'\0',OS_FLSIZE +1);
- memset(__flogfile,'\0',OS_FLSIZE +1);
+
+ /* alerts and events log file */
+ memset(__alogfile,'\0',OS_FLSIZE +1);
+ memset(__elogfile,'\0',OS_FLSIZE +1);
+ memset(__flogfile,'\0',OS_FLSIZE +1);
_eflog = NULL;
_aflog = NULL;
_fflog = NULL;
-
+
/* Setting the umask */
umask(0027);
}
-/* gzips a log file
+/* gzips a log file
int OS_CompressLog(int yesterday, char *prev_month, int prev_year)
- -- moved to monitord.
-*/
+ -- moved to monitord.
+*/
@@ -55,11 +55,11 @@ int OS_CompressLog(int yesterday, char *prev_month, int prev_year)
/* OS_GetLogLocation: v0.1, 2005/04/25 */
int OS_GetLogLocation(Eventinfo *lf)
{
- /* Checking what directories to create
+ /* Checking what directories to create
* Checking if the year directory is there.
* If not, create it. Same for the month directory.
*/
-
+
/* For the events */
if(_eflog)
{
@@ -68,7 +68,7 @@ int OS_GetLogLocation(Eventinfo *lf)
fclose(_eflog);
_eflog = NULL;
}
-
+
snprintf(__elogfile,OS_FLSIZE,"%s/%d/", EVENTS, lf->year);
if(IsDir(__elogfile) == -1)
if(mkdir(__elogfile,0770) == -1)
@@ -97,11 +97,11 @@ int OS_GetLogLocation(Eventinfo *lf)
_eflog = fopen(__elogfile,"a");
if(!_eflog)
ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__elogfile);
-
+
/* Creating a symlink */
unlink(EVENTS_DAILY);
link(__elogfile, EVENTS_DAILY);
-
+
/* for the alerts logs */
if(_aflog)
@@ -111,7 +111,7 @@ int OS_GetLogLocation(Eventinfo *lf)
fclose(_aflog);
_aflog = NULL;
}
-
+
snprintf(__alogfile,OS_FLSIZE,"%s/%d/", ALERTS, lf->year);
if(IsDir(__alogfile) == -1)
if(mkdir(__alogfile,0770) == -1)
@@ -137,14 +137,14 @@ int OS_GetLogLocation(Eventinfo *lf)
lf->day);
_aflog = fopen(__alogfile,"a");
-
+
if(!_aflog)
ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__alogfile);
-
+
/* Creating a symlink */
unlink(ALERTS_DAILY);
link(__alogfile, ALERTS_DAILY);
-
+
/* For the firewall events */
if(_fflog)
@@ -154,7 +154,7 @@ int OS_GetLogLocation(Eventinfo *lf)
fclose(_fflog);
_fflog = NULL;
}
-
+
snprintf(__flogfile,OS_FLSIZE,"%s/%d/", FWLOGS, lf->year);
if(IsDir(__flogfile) == -1)
if(mkdir(__flogfile,0770) == -1)
@@ -188,9 +188,9 @@ int OS_GetLogLocation(Eventinfo *lf)
/* Creating a symlink */
unlink(FWLOGS_DAILY);
link(__flogfile, FWLOGS_DAILY);
-
- /* Setting the new day */
+
+ /* Setting the new day */
__crt_day = lf->day;
return(0);
diff --git a/src/analysisd/alerts/getloglocation.h b/src/analysisd/alerts/getloglocation.h
index 06e5a4b..13c600e 100755
--- a/src/analysisd/alerts/getloglocation.h
+++ b/src/analysisd/alerts/getloglocation.h
@@ -31,7 +31,7 @@ void OS_InitFwLog();
* @param lf Event structure
*
* @retval 0 success
- * -1 error
+ * -1 error
*/
int OS_GetLogLocation(Eventinfo *lf);
diff --git a/src/analysisd/alerts/log.c b/src/analysisd/alerts/log.c
index e606859..f5cb74a 100755
--- a/src/analysisd/alerts/log.c
+++ b/src/analysisd/alerts/log.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -104,9 +104,44 @@ char *GeoIPLookup(char *ip)
OSMatch FWDROPpm;
OSMatch FWALLOWpm;
+/*
+ * Allow custom alert output tokens.
+ */
+typedef enum e_custom_alert_tokens_id
+{
+ CUSTOM_ALERT_TOKEN_TIMESTAMP = 0,
+ CUSTOM_ALERT_TOKEN_FTELL,
+ CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS,
+ CUSTOM_ALERT_TOKEN_HOSTNAME,
+ CUSTOM_ALERT_TOKEN_LOCATION,
+ CUSTOM_ALERT_TOKEN_RULE_ID,
+ CUSTOM_ALERT_TOKEN_RULE_LEVEL,
+ CUSTOM_ALERT_TOKEN_RULE_COMMENT,
+ CUSTOM_ALERT_TOKEN_SRC_IP,
+ CUSTOM_ALERT_TOKEN_DST_USER,
+ CUSTOM_ALERT_TOKEN_FULL_LOG,
+ CUSTOM_ALERT_TOKEN_RULE_GROUP,
+ CUSTOM_ALERT_TOKEN_LAST
+} CustomAlertTokenID;
+
+char CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LAST][15] =
+{
+{ "$TIMESTAMP" },
+{ "$FTELL" },
+{ "$RULEALERT" },
+{ "$HOSTNAME" },
+{ "$LOCATION" },
+{ "$RULEID" },
+{ "$RULELEVEL" },
+{ "$RULECOMMENT" },
+{ "$SRCIP" },
+{ "$DSTUSER" },
+{ "$FULLLOG" },
+{ "$RULEGROUP" },
+};
/* OS_Store: v0.2, 2005/02/10 */
-/* Will store the events in a file
+/* Will store the events in a file
* The string must be null terminated and contain
* any necessary new lines, tabs, etc.
*
@@ -133,7 +168,7 @@ void OS_Store(Eventinfo *lf)
lf->location,
lf->full_log);
- fflush(_eflog);
+ fflush(_eflog);
return;
}
@@ -310,7 +345,134 @@ void OS_Log(Eventinfo *lf)
return;
}
-
+/* OS_CustomLog: v0.1, 2012/10/10*/
+void OS_CustomLog(Eventinfo *lf,char* format)
+{
+ char *log;
+ char *tmp_log;
+ char tmp_buffer[1024];
+ //Replace all the tokens:
+ os_strdup(format,log);
+
+ snprintf(tmp_buffer, 1024, "%d", lf->time);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_TIMESTAMP], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+ snprintf(tmp_buffer, 1024, "%ld", __crt_ftell);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FTELL], tmp_buffer);
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+
+ snprintf(tmp_buffer, 1024, "%s", (lf->generated_rule->alert_opts & DO_MAILALERT)?"mail " : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+
+
+ snprintf(tmp_buffer, 1024, "%s",lf->hostname?lf->hostname:"None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_HOSTNAME], tmp_buffer);
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s",lf->location?lf->location:"None");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LOCATION], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->sigid);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ID], tmp_buffer);
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->level);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_LEVEL], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s",lf->srcip?lf->srcip:"None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_SRC_IP], tmp_buffer);
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s",lf->srcuser?lf->srcuser:"None");
+
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_DST_USER], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+ char * escaped_log;
+ escaped_log = escape_newlines(lf->full_log);
+
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG],escaped_log );
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+ if(escaped_log)
+ {
+ os_free(escaped_log);
+ escaped_log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s",lf->generated_rule->comment?lf->generated_rule->comment:"");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_COMMENT], tmp_buffer);
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s",lf->generated_rule->group?lf->generated_rule->group:"");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_GROUP], tmp_buffer);
+ if (tmp_log)
+ {
+ os_free(tmp_log);
+ tmp_log=NULL;
+ }
+
+
+ fprintf(_aflog,log);
+ fprintf(_aflog,"\n");
+ fflush(_aflog);
+
+ if(log)
+ {
+ os_free(log);
+ log=NULL;
+ }
+
+ return;
+}
void OS_InitFwLog()
{
@@ -326,7 +488,7 @@ void OS_InitFwLog()
ErrorExit(REGEX_COMPILE, ARGV0, FWALLOW,
FWALLOWpm.error);
}
-
+
}
@@ -337,7 +499,7 @@ int FW_Log(Eventinfo *lf)
* action, there is no point in going
* forward over here
*/
- if(!lf->action || !lf->srcip || !lf->dstip || !lf->srcport ||
+ if(!lf->action || !lf->srcip || !lf->dstip || !lf->srcport ||
!lf->dstport || !lf->protocol)
{
return(0);
@@ -368,7 +530,7 @@ int FW_Log(Eventinfo *lf)
os_free(lf->action);
os_strdup("CLOSED", lf->action);
break;
- /* allow, accept, */
+ /* allow, accept, */
case 'a':
case 'A':
/* pass/permitted */
@@ -376,9 +538,9 @@ int FW_Log(Eventinfo *lf)
case 'P':
/* open */
case 'o':
- case 'O':
+ case 'O':
os_free(lf->action);
- os_strdup("ALLOW", lf->action);
+ os_strdup("ALLOW", lf->action);
break;
default:
if(OSMatch_Execute(lf->action,strlen(lf->action),&FWDROPpm))
@@ -396,7 +558,7 @@ int FW_Log(Eventinfo *lf)
os_free(lf->action);
os_strdup("UNKNOWN", lf->action);
}
- break;
+ break;
}
@@ -416,7 +578,7 @@ int FW_Log(Eventinfo *lf)
lf->srcport,
lf->dstip,
lf->dstport);
-
+
fflush(_fflog);
return(1);
diff --git a/src/analysisd/alerts/log.h b/src/analysisd/alerts/log.h
index 5bf67e1..a38ca73 100755
--- a/src/analysisd/alerts/log.h
+++ b/src/analysisd/alerts/log.h
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -22,6 +22,7 @@
void OS_LogOutput(Eventinfo *lf);
void OS_Log(Eventinfo *lf);
+void OS_CustomLog(Eventinfo *lf,char * format);
void OS_Store(Eventinfo *lf);
int FW_Log(Eventinfo *lf);
diff --git a/src/analysisd/alerts/mail.c b/src/analysisd/alerts/mail.c
index 7f22d6e..dc87751 100755
--- a/src/analysisd/alerts/mail.c
+++ b/src/analysisd/alerts/mail.c
@@ -5,7 +5,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
diff --git a/src/analysisd/analysisd.c b/src/analysisd/analysisd.c
index 6e72bd8..9d6f91a 100755
--- a/src/analysisd/analysisd.c
+++ b/src/analysisd/analysisd.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -17,7 +17,7 @@
/* Part of the OSSEC
* Available at http://www.ossec.net
*/
-
+
/* ossec-analysisd.
* Responsible for correlation and log decoding.
@@ -98,7 +98,7 @@ void DecodeEvent(Eventinfo *lf);
int DecodeSyscheck(Eventinfo *lf);
int DecodeRootcheck(Eventinfo *lf);
int DecodeHostinfo(Eventinfo *lf);
-
+
/* For Decoders */
int ReadDecodeXML(char *file);
@@ -126,7 +126,7 @@ int hourly_firewall;
/** int main(int argc, char **argv)
*/
-#ifndef TESTRULE
+#ifndef TESTRULE
int main(int argc, char **argv)
#else
int main_analysisd(int argc, char **argv)
@@ -180,13 +180,14 @@ int main_analysisd(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -200,7 +201,7 @@ int main_analysisd(int argc, char **argv)
debug1(STARTED_MSG,ARGV0);
DEBUG_MSG("%s: DEBUG: Starting on debug mode - %d ", ARGV0, (int)time(0));
-
+
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
@@ -211,7 +212,7 @@ int main_analysisd(int argc, char **argv)
/* Found user */
debug1(FOUND_USER, ARGV0);
-
+
/* Initializing Active response */
AR_Init();
if(AR_ReadConfig(test_config, cfg) < 0)
@@ -219,8 +220,8 @@ int main_analysisd(int argc, char **argv)
ErrorExit(CONFIG_ERROR,ARGV0, cfg);
}
debug1(ASINIT, ARGV0);
-
-
+
+
/* Reading configuration file */
if(GlobalConf(cfg) < 0)
{
@@ -228,19 +229,19 @@ int main_analysisd(int argc, char **argv)
}
debug1(READ_CONFIG, ARGV0);
-
+
/* Fixing Config.ar */
Config.ar = ar_flag;
if(Config.ar == -1)
Config.ar = 0;
-
-
+
+
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
- strncpy(__shost, OSSEC_SERVER, 512 -1);
+ strncpy(__shost, OSSEC_SERVER, 512 -1);
}
else
{
@@ -251,14 +252,14 @@ int main_analysisd(int argc, char **argv)
if(_ltmp)
*_ltmp = '\0';
}
-
+
/* going on Daemon mode */
if(!test_config && !run_foreground)
{
nowDaemon();
goDaemon();
}
-
+
/* Starting prelude */
#ifdef PRELUDE
@@ -286,22 +287,22 @@ int main_analysisd(int argc, char **argv)
nowChroot();
-
-
+
+
/*
- * Anonymous Section: Load rules, decoders, and lists
+ * Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
- * are created with blank database structs, and need to be filled in after
- * completion of all rules and lists.
+ * are created with blank database structs, and need to be filled in after
+ * completion of all rules and lists.
*/
{
{
/* Initializing the decoders list */
OS_CreateOSDecoderList();
- if(!Config.decoders)
+ if(!Config.decoders)
{ /* Legacy loading */
/* Reading decoders */
if(!ReadDecodeXML(XML_DECODER))
@@ -332,9 +333,9 @@ int main_analysisd(int argc, char **argv)
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
if(!ReadDecodeXML(*decodersfiles))
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
-
- free(*decodersfiles);
- decodersfiles++;
+
+ free(*decodersfiles);
+ decodersfiles++;
}
}
@@ -343,7 +344,7 @@ int main_analysisd(int argc, char **argv)
}
{ /* Load Lists */
/* Initializing the lists of list struct */
- Lists_OP_CreateLists();
+ Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
@@ -375,24 +376,24 @@ int main_analysisd(int argc, char **argv)
verbose("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if(Rules_OP_ReadRules(*rulesfiles) < 0)
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
-
- free(*rulesfiles);
- rulesfiles++;
+
+ free(*rulesfiles);
+ rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
-
+
/* Find all rules with that require list lookups and attache the
- * the correct list struct to the rule. This keeps rules from having to
+ * the correct list struct to the rule. This keeps rules from having to
* search thought the list of lists for the correct file during rule evaluation.
*/
OS_ListLoadRules();
}
}
-
+
/* Fixing the levels/accuracy */
{
int total_rules;
@@ -400,7 +401,7 @@ int main_analysisd(int argc, char **argv)
total_rules = _setlevels(tmp_node, 0);
if(!test_config)
- verbose("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
+ verbose("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
@@ -416,8 +417,8 @@ int main_analysisd(int argc, char **argv)
AddHash_Rule(tmp_node);
}
-
-
+
+
/* Ignored files on syscheck */
{
char **files;
@@ -426,7 +427,7 @@ int main_analysisd(int argc, char **argv)
{
if(!test_config)
verbose("%s: INFO: Ignoring file: '%s'", ARGV0, *files);
- files++;
+ files++;
}
}
@@ -436,12 +437,12 @@ int main_analysisd(int argc, char **argv)
"log_fw",
0, 1);
-
+
/* Success on the configuration test */
if(test_config)
exit(0);
-
+
/* Verbose message */
debug1(PRIVSEP_MSG, ARGV0, dir, user);
@@ -450,11 +451,11 @@ int main_analysisd(int argc, char **argv)
StartSIG(ARGV0);
- /* Setting the user */
+ /* Setting the user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
-
-
+
+
/* Creating the PID file */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
@@ -492,7 +493,7 @@ int main_analysisd(int argc, char **argv)
if(Config.hostname_white_list == NULL)
{
if(Config.ar)
- verbose("%s: INFO: No Hostname in the white list for active reponse.",
+ verbose("%s: INFO: No Hostname in the white list for active reponse.",
ARGV0);
}
else
@@ -501,7 +502,7 @@ int main_analysisd(int argc, char **argv)
{
int wlc = 0;
OSMatch **wl;
-
+
wl = Config.hostname_white_list;
while(*wl)
{
@@ -527,13 +528,13 @@ int main_analysisd(int argc, char **argv)
/* Going to main loop */
OS_ReadMSG(m_queue);
- if (Config.picviz)
+ if (Config.picviz)
{
OS_PicvizClose();
}
exit(0);
-
+
}
@@ -542,7 +543,7 @@ int main_analysisd(int argc, char **argv)
* Main function. Receives the messages(events)
* and analyze them all.
*/
-#ifndef TESTRULE
+#ifndef TESTRULE
void OS_ReadMSG(int m_queue)
#else
void OS_ReadMSG_analysisd(int m_queue)
@@ -553,7 +554,7 @@ void OS_ReadMSG_analysisd(int m_queue)
Eventinfo *lf;
RuleInfo *stats_rule;
-
+
/* Null to global currently pointers */
currently_rule = NULL;
@@ -568,12 +569,12 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Initializing Rootcheck */
RootcheckInit();
-
-
+
+
/* Initializing host info */
HostinfoInit();
-
-
+
+
/* Creating the event list */
OS_CreateEventList(Config.memorysize);
@@ -583,7 +584,7 @@ void OS_ReadMSG_analysisd(int m_queue)
{
ErrorExit(FTS_LIST_ERROR, ARGV0);
}
-
+
/* Starting the active response queues */
if(Config.ar)
@@ -591,14 +592,14 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Waiting the ARQ to settle .. */
sleep(3);
-
+
#ifndef LOCAL
if(Config.ar & REMOTE_AR)
{
if((arq = StartMQ(ARQUEUE, WRITE)) < 0)
{
merror(ARQ_ERROR, ARGV0);
-
+
/* If LOCAL_AR is set, keep it there */
if(Config.ar & LOCAL_AR)
{
@@ -615,7 +616,7 @@ void OS_ReadMSG_analysisd(int m_queue)
verbose(CONN_TO, ARGV0, ARQUEUE, "active-response");
}
}
-
+
#else
/* Only for LOCAL_ONLY installs */
if(Config.ar & REMOTE_AR)
@@ -631,13 +632,13 @@ void OS_ReadMSG_analysisd(int m_queue)
}
}
#endif
-
+
if(Config.ar & LOCAL_AR)
{
if((execdq = StartMQ(EXECQUEUE, WRITE)) < 0)
{
merror(ARQ_ERROR, ARGV0);
-
+
/* If REMOTE_AR is set, keep it there */
if(Config.ar & REMOTE_AR)
{
@@ -684,8 +685,8 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Doing some cleanup */
memset(msg, '\0', OS_MAXSTR +1);
-
-
+
+
/* Initializing the logs */
{
lf = (Eventinfo *)calloc(1,sizeof(Eventinfo));
@@ -702,25 +703,27 @@ void OS_ReadMSG_analysisd(int m_queue)
Free_Eventinfo(lf);
}
-
-
+
+
debug1("%s: DEBUG: Startup completed. Waiting for new messages..",ARGV0);
-
+
+ if(Config.custom_alert_output)
+ debug1("%s: INFO: Custom output found.!",ARGV0);
/* Daemon loop */
while(1)
{
lf = (Eventinfo *)calloc(1,sizeof(Eventinfo));
-
+
/* This shouldn't happen .. */
if(lf == NULL)
{
ErrorExit(MEM_ERROR,ARGV0);
}
-
+
DEBUG_MSG("%s: DEBUG: Waiting for msgs - %d ", ARGV0, (int)time(0));
-
+
/* Receive message from queue */
if((i = OS_RecvUnix(m_queue, OS_MAXSTR, msg)))
{
@@ -741,12 +744,12 @@ void OS_ReadMSG_analysisd(int m_queue)
Free_Eventinfo(lf);
continue;
}
-
+
/* Message before extracting header */
DEBUG_MSG("%s: DEBUG: Received msg: %s ", ARGV0, msg);
-
+
/* Clean the msg appropriately */
if(OS_CleanMSG(msg, lf) < 0)
{
@@ -759,7 +762,7 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Msg cleaned */
DEBUG_MSG("%s: DEBUG: Msg cleanup: %s ", ARGV0, lf->log);
-
+
/* Currently rule must be null in here */
currently_rule = NULL;
@@ -794,8 +797,8 @@ void OS_ReadMSG_analysisd(int m_queue)
prev_year = lf->year;
}
}
-
-
+
+
/* Incrementing number of events received */
hourly_events++;
@@ -806,7 +809,7 @@ void OS_ReadMSG_analysisd(int m_queue)
if(msg[0] == SYSCHECK_MQ)
{
hourly_syscheck++;
-
+
if(!DecodeSyscheck(lf))
{
/* We don't process syscheck events further */
@@ -847,7 +850,7 @@ void OS_ReadMSG_analysisd(int m_queue)
DecodeEvent(lf);
}
-
+
/* Firewall event */
if(lf->decoder_info->type == FIREWALL)
@@ -855,7 +858,7 @@ void OS_ReadMSG_analysisd(int m_queue)
/* If we could not get any information from
* the log, just ignore it
*/
- hourly_firewall++;
+ hourly_firewall++;
if(Config.logfw)
{
if(!FW_Log(lf))
@@ -886,10 +889,10 @@ void OS_ReadMSG_analysisd(int m_queue)
{
void *saved_rule = lf->generated_rule;
char *saved_log;
-
+
/* Saving previous log */
saved_log = lf->full_log;
-
+
lf->generated_rule = stats_rule;
lf->full_log = __stats_comment;
@@ -898,7 +901,15 @@ void OS_ReadMSG_analysisd(int m_queue)
if(stats_rule->alert_opts & DO_LOGALERT)
{
__crt_ftell = ftell(_aflog);
- OS_Log(lf);
+ if(Config.custom_alert_output)
+ {
+ OS_CustomLog(lf,Config.custom_alert_output_format);
+ }
+ else
+ {
+ OS_Log(lf);
+ }
+
}
@@ -910,13 +921,13 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Checking the rules */
- DEBUG_MSG("%s: DEBUG: Checking the rules - %d ",
+ DEBUG_MSG("%s: DEBUG: Checking the rules - %d ",
ARGV0, lf->decoder_info->type);
-
+
/* Looping all the rules */
rulenode_pt = OS_GetFirstRule();
- if(!rulenode_pt)
+ if(!rulenode_pt)
{
ErrorExit("%s: Rules in an inconsistent state. Exiting.",
ARGV0);
@@ -929,22 +940,22 @@ void OS_ReadMSG_analysisd(int m_queue)
{
if(!lf->generated_rule)
{
- goto CLMEM;
+ goto CLMEM;
}
-
+
/* We go ahead in here and process the alert. */
currently_rule = lf->generated_rule;
}
-
+
/* The categories must match */
- else if(rulenode_pt->ruleinfo->category !=
+ else if(rulenode_pt->ruleinfo->category !=
lf->decoder_info->type)
{
continue;
}
/* Checking each rule. */
- else if((currently_rule = OS_CheckIfRuleMatch(lf, rulenode_pt))
+ else if((currently_rule = OS_CheckIfRuleMatch(lf, rulenode_pt))
== NULL)
{
continue;
@@ -958,7 +969,7 @@ void OS_ReadMSG_analysisd(int m_queue)
}
- /* Checking ignore time */
+ /* Checking ignore time */
if(currently_rule->ignore_time)
{
if(currently_rule->time_ignored == 0)
@@ -969,7 +980,7 @@ void OS_ReadMSG_analysisd(int m_queue)
* is less than the time it should be ignored,
* leave (do not alert again).
*/
- else if((lf->time - currently_rule->time_ignored)
+ else if((lf->time - currently_rule->time_ignored)
< currently_rule->ignore_time)
{
break;
@@ -984,7 +995,7 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Pointer to the rule that generated it */
lf->generated_rule = currently_rule;
-
+
/* Checking if we should ignore it */
if(currently_rule->ckignore && IGnore(lf))
{
@@ -992,8 +1003,8 @@ void OS_ReadMSG_analysisd(int m_queue)
lf->generated_rule = NULL;
break;
}
-
-
+
+
/* Checking if we need to add to ignore list */
if(currently_rule->ignore)
{
@@ -1005,7 +1016,15 @@ void OS_ReadMSG_analysisd(int m_queue)
if(currently_rule->alert_opts & DO_LOGALERT)
{
__crt_ftell = ftell(_aflog);
- OS_Log(lf);
+
+ if(Config.custom_alert_output)
+ {
+ OS_CustomLog(lf,Config.custom_alert_output_format);
+ }
+ else
+ {
+ OS_Log(lf);
+ }
}
@@ -1026,7 +1045,7 @@ void OS_ReadMSG_analysisd(int m_queue)
{
OS_PicvizLog(lf);
}
-
+
/* Execute an active response */
if(currently_rule->ar)
@@ -1041,7 +1060,7 @@ void OS_ReadMSG_analysisd(int m_queue)
do_ar = 1;
if((*rule_ar)->ar_cmd->expect & USERNAME)
{
- if(!lf->dstuser ||
+ if(!lf->dstuser ||
!OS_PRegex(lf->dstuser,"^[a-zA-Z._0-9@?-]*$"))
{
if(lf->dstuser)
@@ -1078,19 +1097,19 @@ void OS_ReadMSG_analysisd(int m_queue)
}
else
{
- lf->sid_node_to_delete =
+ lf->sid_node_to_delete =
currently_rule->sid_prev_matched->last_node;
}
}
/* Group list */
else if(currently_rule->group_prev_matched)
{
- i = 0;
-
+ i = 0;
+
while(i < currently_rule->group_prev_matched_sz)
{
if(!OSList_AddData(
- currently_rule->group_prev_matched[i],
+ currently_rule->group_prev_matched[i],
lf))
{
merror("%s: Unable to add data to grp list.",ARGV0);
@@ -1098,7 +1117,7 @@ void OS_ReadMSG_analysisd(int m_queue)
i++;
}
}
-
+
OS_AddEvent(lf);
break;
@@ -1113,10 +1132,10 @@ void OS_ReadMSG_analysisd(int m_queue)
/* Cleaning the memory */
CLMEM:
-
+
/* Only clear the memory if the eventinfo was not
- * added to the stateful memory
+ * added to the stateful memory
* -- message is free inside clean event --
*/
if(lf->generated_rule == NULL)
@@ -1156,39 +1175,39 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
* status,
*/
RuleInfo *currently_rule = curr_node->ruleinfo;
-
-
+
+
/* Can't be null */
if(!currently_rule)
{
merror("%s: Inconsistent state. currently rule NULL", ARGV0);
return(NULL);
}
-
+
#ifdef TESTRULE
if(full_output && !alert_only)
print_out(" Trying rule: %d - %s", currently_rule->sigid,
currently_rule->comment);
#endif
-
-
+
+
/* Checking if any decoder pre-matched here */
- if(currently_rule->decoded_as &&
+ if(currently_rule->decoded_as &&
currently_rule->decoded_as != lf->decoder_info->id)
{
return(NULL);
}
-
-
+
+
/* Checking program name */
if(currently_rule->program_name)
{
if(!lf->program_name)
return(NULL);
- if(!OSMatch_Execute(lf->program_name,
- lf->p_name_size,
+ if(!OSMatch_Execute(lf->program_name,
+ lf->p_name_size,
currently_rule->program_name))
return(NULL);
}
@@ -1201,7 +1220,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
return(NULL);
}
-
+
if(!OSMatch_Execute(lf->id,
strlen(lf->id),
currently_rule->id))
@@ -1210,25 +1229,25 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
#endif
}
-
+
/* Checking if any word to match exists */
if(currently_rule->match)
{
if(!OSMatch_Execute(lf->log, lf->size, currently_rule->match))
return(NULL);
- }
+ }
+
-
/* Checking if exist any regex for this rule */
if(currently_rule->regex)
{
if(!OSRegex_Execute(lf->log, currently_rule->regex))
return(NULL);
}
-
-
+
+
/* Checking for actions */
if(currently_rule->action)
{
@@ -1239,7 +1258,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
return(NULL);
}
-
+
/* Checking for the url */
if(currently_rule->url)
{
@@ -1247,7 +1266,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
return(NULL);
}
-
+
if(!OSMatch_Execute(lf->url, strlen(lf->url), currently_rule->url))
{
return(NULL);
@@ -1302,7 +1321,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
return(NULL);
}
-
+
if(!OSMatch_Execute(lf->srcport,
strlen(lf->srcport),
currently_rule->srcport))
@@ -1319,7 +1338,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
return(NULL);
}
-
+
if(!OSMatch_Execute(lf->dstport,
strlen(lf->dstport),
currently_rule->dstport))
@@ -1331,7 +1350,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
#endif
}
} /* END PACKET_INFO */
-
+
/* Extra information from event */
if(currently_rule->alert_opts & DO_EXTRAINFO)
@@ -1564,7 +1583,7 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
}
}
-
+
/* If it is a context rule, search for it */
if(currently_rule->context == 1)
{
@@ -1576,19 +1595,19 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
if(full_output && !alert_only)
print_out(" *Rule %d matched.", currently_rule->sigid);
#endif
-
-
+
+
/* Search for dependent rules */
if(curr_node->child)
{
RuleNode *child_node = curr_node->child;
RuleInfo *child_rule = NULL;
-
+
#ifdef TESTRULE
if(full_output && !alert_only)
print_out(" *Trying child rules.");
#endif
-
+
while(child_node)
{
child_rule = OS_CheckIfRuleMatch(lf, child_node);
@@ -1596,19 +1615,19 @@ RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
return(child_rule);
}
-
+
child_node = child_node->next;
}
}
-
+
/* If we are set to no alert, keep going */
if(currently_rule->alert_opts & NO_ALERT)
{
return(NULL);
}
-
+
hourly_alerts++;
currently_rule->firedtimes++;
@@ -1623,14 +1642,14 @@ void LoopRule(RuleNode *curr_node, FILE *flog)
{
if(curr_node->ruleinfo->firedtimes)
{
- fprintf(flog, "%d-%d-%d-%d\n",
- thishour,
+ fprintf(flog, "%d-%d-%d-%d\n",
+ thishour,
curr_node->ruleinfo->sigid,
curr_node->ruleinfo->level,
curr_node->ruleinfo->firedtimes);
curr_node->ruleinfo->firedtimes = 0;
}
-
+
if(curr_node->child)
{
RuleNode *child_node = curr_node->child;
@@ -1699,7 +1718,7 @@ void DumpLogstats()
/* Looping on all the rules and printing the stats from them */
do
{
- LoopRule(rulenode_pt, flog);
+ LoopRule(rulenode_pt, flog);
}while((rulenode_pt = rulenode_pt->next) != NULL);
@@ -1711,7 +1730,7 @@ void DumpLogstats()
hourly_events = 0;
hourly_syscheck = 0;
hourly_firewall = 0;
-
+
fclose(flog);
}
diff --git a/src/analysisd/cdb/._Makefile b/src/analysisd/cdb/._Makefile
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._Makefile and /dev/null differ
diff --git a/src/analysisd/cdb/._cdb.c b/src/analysisd/cdb/._cdb.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._cdb.c and /dev/null differ
diff --git a/src/analysisd/cdb/._cdb.h b/src/analysisd/cdb/._cdb.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._cdb.h and /dev/null differ
diff --git a/src/analysisd/cdb/._cdb_hash.c b/src/analysisd/cdb/._cdb_hash.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._cdb_hash.c and /dev/null differ
diff --git a/src/analysisd/cdb/._cdb_make.c b/src/analysisd/cdb/._cdb_make.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._cdb_make.c and /dev/null differ
diff --git a/src/analysisd/cdb/._cdb_make.h b/src/analysisd/cdb/._cdb_make.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._cdb_make.h and /dev/null differ
diff --git a/src/analysisd/cdb/._uint32.h b/src/analysisd/cdb/._uint32.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._uint32.h and /dev/null differ
diff --git a/src/analysisd/cdb/._uint32_pack.c b/src/analysisd/cdb/._uint32_pack.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._uint32_pack.c and /dev/null differ
diff --git a/src/analysisd/cdb/._uint32_unpack.c b/src/analysisd/cdb/._uint32_unpack.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/cdb/._uint32_unpack.c and /dev/null differ
diff --git a/src/analysisd/cleanevent.c b/src/analysisd/cleanevent.c
index 4c10494..dfc456c 100755
--- a/src/analysisd/cleanevent.c
+++ b/src/analysisd/cleanevent.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -31,9 +31,9 @@ char *(month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
-
+
/* OS_CleanMSG v0.3: 2006/03/04
- * Format a received message in the
+ * Format a received message in the
* Eventinfo structure.
*/
int OS_CleanMSG(char *msg, Eventinfo *lf)
@@ -59,23 +59,23 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
merror(FORMAT_ERROR, ARGV0);
return(-1);
}
-
+
*pieces = '\0';
- pieces++;
-
-
+ pieces++;
+
+
os_strdup(msg, lf->location);
-
-
+
+
/* Getting the log length */
loglen = strlen(pieces) + 1;
-
-
+
+
/* Assigning the values in the strucuture (lf->full_log) */
os_malloc((2*loglen) +1, lf->full_log);
-
-
- /* Setting the whole message at full_log */
+
+
+ /* Setting the whole message at full_log */
strncpy(lf->full_log, pieces, loglen);
@@ -83,22 +83,22 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
lf->log = lf->full_log+loglen;
strncpy(lf->log, pieces, loglen);
-
-
- /* Checking for the syslog date format.
- * ( ex: Dec 29 10:00:01
+
+
+ /* Checking for the syslog date format.
+ * ( ex: Dec 29 10:00:01
* or 2007-06-14T15:48:55-04:00 for syslog-ng isodate
* or 2009-05-22T09:36:46.214994-07:00 for rsyslog )
*/
if(
(
- (loglen > 17) &&
- (pieces[3] == ' ') &&
- (pieces[6] == ' ') &&
- (pieces[9] == ':') &&
- (pieces[12] == ':') &&
+ (loglen > 17) &&
+ (pieces[3] == ' ') &&
+ (pieces[6] == ' ') &&
+ (pieces[9] == ':') &&
+ (pieces[12] == ':') &&
(pieces[15] == ' ') && (lf->log+=16)
- )
+ )
||
(
(loglen > 33) &&
@@ -107,7 +107,7 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
(pieces[10] == 'T') &&
(pieces[13] == ':') &&
(pieces[16] == ':') &&
-
+
(
((pieces[22] == ':') &&
(pieces[25] == ' ') && (lf->log+=26)) ||
@@ -115,9 +115,9 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
((pieces[19] == '.') &&
(pieces[29] == ':') && (lf->log+=32))
)
-
+
)
- )
+ )
{
/* Checking for an extra space in here */
if(*lf->log == ' ')
@@ -126,15 +126,15 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
/* Hostname */
pieces = lf->hostname = lf->log;
-
-
+
+
/* Checking for a valid hostname */
while(isValidChar(*pieces) == 1)
{
pieces++;
}
-
-
+
+
/* Checking if it is a syslog without hostname (common on Solaris. */
if(*pieces == ':' && pieces[1] == ' ')
{
@@ -152,8 +152,8 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
lf->log = pieces;
}
-
- /* Extracting the hostname */
+
+ /* Extracting the hostname */
else if(*pieces != ' ')
{
/* Invalid hostname */
@@ -176,13 +176,13 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
/* Extracting program_name */
- /* Valid names:
- * p_name:
+ /* Valid names:
+ * p_name:
* p_name[pid]:
* p_name[pid]: [ID xx facility.severity]
* auth|security:info p_name:
- *
- */
+ *
+ */
while(isValidChar(*pieces) == 1)
{
pieces++;
@@ -195,7 +195,7 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
*pieces = '\0';
pieces+=2;
}
-
+
/* Checking for the second format: p_name[pid]: */
else if((*pieces == '[') && (isdigit((int)pieces[1])))
{
@@ -246,7 +246,7 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
pieces++;
while(isalnum((int)*pieces))
pieces++;
-
+
if(*pieces == ' ')
{
pieces++;
@@ -302,15 +302,15 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
lf->program_name = NULL;
}
}
-
-
+
+
/* Removing [ID xx facility.severity] */
if(pieces)
{
/* Setting log after program name */
lf->log = pieces;
- if((pieces[0] == '[') &&
+ if((pieces[0] == '[') &&
(pieces[1] == 'I') &&
(pieces[2] == 'D') &&
(pieces[3] == ' '))
@@ -333,8 +333,8 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
lf->p_name_size = strlen(lf->program_name);
}
}
-
- /* xferlog date format
+
+ /* xferlog date format
* Mon Apr 17 18:27:14 2006 1 64.160.42.130
*/
else if((loglen > 28) &&
@@ -350,37 +350,53 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
/* Moving log to the beginning of the message */
lf->log+=24;
}
-
+
/* Checking for snort date format
- * ex: 01/28-09:13:16.240702 [**]
- */
- else if( (loglen > 24) &&
- (pieces[2] == '/') &&
+ * ex: 01/28-09:13:16.240702 [**]
+ */
+ else if( (loglen > 24) &&
+ (pieces[2] == '/') &&
(pieces[5] == '-') &&
- (pieces[8] == ':') &&
+ (pieces[8] == ':') &&
(pieces[11]== ':') &&
- (pieces[14]== '.') &&
+ (pieces[14]== '.') &&
(pieces[21] == ' ') )
{
lf->log+=23;
}
+ /* Checking for suricata (new) date format
+ * ex: 01/28/1979-09:13:16.240702 [**]
+ */
+ else if( (loglen > 26) &&
+ (pieces[2] == '/') &&
+ (pieces[5] == '/') &&
+ (pieces[10] == '-') &&
+ (pieces[13] == ':') &&
+ (pieces[16]== ':') &&
+ (pieces[19]== '.') &&
+ (pieces[26] == ' ') )
+ {
+ lf->log+=28;
+ }
+
+
/* Checking for apache log format */
/* [Fri Feb 11 18:06:35 2004] [warn] */
- else if( (loglen > 27) &&
- (pieces[0] == '[') &&
+ else if( (loglen > 27) &&
+ (pieces[0] == '[') &&
(pieces[4] == ' ') &&
- (pieces[8] == ' ') &&
+ (pieces[8] == ' ') &&
(pieces[11]== ' ') &&
- (pieces[14]== ':') &&
+ (pieces[14]== ':') &&
(pieces[17]== ':') &&
- (pieces[20]== ' ') &&
+ (pieces[20]== ' ') &&
(pieces[25]== ']') )
{
lf->log+=27;
}
-
+
/* Checking for the osx asl log format.
* Examples:
* [Time 2006.12.28 15:53:55 UTC] [Facility auth] [Sender sshd] [PID 483] [Message error: PAM: Authentication failure for username from 192.168.0.2] [Level 3] [UID -2] [GID -2] [Host Hostname]
@@ -399,8 +415,8 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
{
/* Do not read more than 1 message entry -> log tampering */
short unsigned int done_message = 0;
-
-
+
+
/* Removing the date */
lf->log+=25;
@@ -422,10 +438,10 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
if(pieces)
{
*pieces = '\0';
-
+
/* Setting program_name size */
lf->p_name_size = strlen(lf->program_name);
-
+
pieces++;
}
/* Invalid program name */
@@ -435,14 +451,14 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
break;
}
}
-
+
/* Getting message */
else if((strncmp(pieces, "Message ", 8) == 0) &&
(done_message == 0))
{
pieces+=8;
done_message = 1;
-
+
lf->log = pieces;
/* Getting the closing brackets */
@@ -472,7 +488,7 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
*pieces = '\0';
pieces++;
}
-
+
/* Invalid hostname */
else
{
@@ -485,17 +501,19 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
pieces = strchr(pieces, '[');
}
}
-
+
/* Checking for squid date format
* 1140804070.368 11623
* seconds from 00:00:00 1970-01-01 UTC
*/
- else if((loglen > 32) &&
+ else if((loglen > 32) &&
(pieces[0] == '1') &&
+ (isdigit((int)pieces[1])) &&
+ (isdigit((int)pieces[2])) &&
+ (isdigit((int)pieces[3])) &&
(pieces[10] == '.') &&
- (pieces[14] == ' ') &&
(isdigit((int)pieces[13])) &&
- (isdigit((int)pieces[1])) &&
+ (pieces[14] == ' ') &&
((pieces[21] == ' ')||(pieces[22] == ' ')))
{
lf->log+=14;
@@ -508,7 +526,7 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
}
- /* Every message must be in the format
+ /* Every message must be in the format
* hostname->location or
* (agent) ip->location.
*/
@@ -525,13 +543,13 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
lf->hostname = __shost;
}
-
+
/* Setting up the event data */
lf->time = c_time;
p = localtime(&c_time);
-
+
/* Assign hour, day, year and month values */
lf->day = p->tm_mday;
lf->year = p->tm_year+1900;
@@ -540,14 +558,14 @@ int OS_CleanMSG(char *msg, Eventinfo *lf)
p->tm_hour,
p->tm_min,
p->tm_sec);
-
+
/* Setting the global hour/weekday */
__crt_hour = p->tm_hour;
- __crt_wday = p->tm_wday;
-
-
+ __crt_wday = p->tm_wday;
+
+
#ifdef TESTRULE
if(!alert_only)
diff --git a/src/analysisd/compiled_rules/._.function_list b/src/analysisd/compiled_rules/._.function_list
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/compiled_rules/._.function_list and /dev/null differ
diff --git a/src/analysisd/compiled_rules/._Makefile b/src/analysisd/compiled_rules/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/compiled_rules/._Makefile and /dev/null differ
diff --git a/src/analysisd/compiled_rules/._generic_samples.c b/src/analysisd/compiled_rules/._generic_samples.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/compiled_rules/._generic_samples.c and /dev/null differ
diff --git a/src/analysisd/compiled_rules/._register_rule.sh b/src/analysisd/compiled_rules/._register_rule.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/compiled_rules/._register_rule.sh and /dev/null differ
diff --git a/src/analysisd/compiled_rules/generic_samples.c b/src/analysisd/compiled_rules/generic_samples.c
index 50054f0..57da7b0 100644
--- a/src/analysisd/compiled_rules/generic_samples.c
+++ b/src/analysisd/compiled_rules/generic_samples.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -20,10 +20,10 @@
-/** Note: If the rule fails to match it should return NULL.
+/** Note: If the rule fails to match it should return NULL.
* If you want processing to continue, return lf (the eventinfo structure).
*/
-
+
/* Example 1:
@@ -115,17 +115,17 @@ void *comp_mswin_targetuser_calleruser_diff(Eventinfo *lf)
if(*target_user != *caller_user)
return(lf);
- if(*target_user == '\t' ||
+ if(*target_user == '\t' ||
(*target_user == ' ' && target_user[1] == ' '))
- break;
+ break;
- target_user++;caller_user++;
+ target_user++;caller_user++;
}
/* If we got in here, the accounts are the same.
* So, we return NULL since we only want to alert if they are different.
- */
+ */
return(NULL);
}
@@ -143,7 +143,7 @@ void *is_simple_http_request(Eventinfo *lf)
return(lf);
}
-
+
/* Simple request, no query. */
if(!strchr(lf->url,'?'))
{
diff --git a/src/analysisd/config.c b/src/analysisd/config.c
index 921b45f..be6706a 100755
--- a/src/analysisd/config.c
+++ b/src/analysisd/config.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -53,11 +53,14 @@ int GlobalConf(char * cfgfile)
Config.syscheck_ignore = NULL;
Config.white_list = NULL;
Config.hostname_white_list = NULL;
-
+
/* Default actions -- only log above level 1 */
Config.mailbylevel = 7;
Config.logbylevel = 1;
+ Config.custom_alert_output =0;
+ Config.custom_alert_output_format = NULL;
+
Config.includes = NULL;
Config.lists = NULL;
Config.decoders = NULL;
@@ -76,7 +79,7 @@ int GlobalConf(char * cfgfile)
/* Minimum memory size */
if(Config.memorysize < 64)
Config.memorysize = 64;
-
+
return(0);
}
diff --git a/src/analysisd/config.h b/src/analysisd/config.h
index 5bf409a..f335d12 100755
--- a/src/analysisd/config.h
+++ b/src/analysisd/config.h
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef _CONFIG__H
diff --git a/src/analysisd/decoders/._Makefile b/src/analysisd/decoders/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._Makefile and /dev/null differ
diff --git a/src/analysisd/decoders/._decode-xml.c b/src/analysisd/decoders/._decode-xml.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._decode-xml.c and /dev/null differ
diff --git a/src/analysisd/decoders/._decoder.c b/src/analysisd/decoders/._decoder.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._decoder.c and /dev/null differ
diff --git a/src/analysisd/decoders/._decoder.h b/src/analysisd/decoders/._decoder.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._decoder.h and /dev/null differ
diff --git a/src/analysisd/decoders/._decoders_list.c b/src/analysisd/decoders/._decoders_list.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._decoders_list.c and /dev/null differ
diff --git a/src/analysisd/decoders/._hostinfo.c b/src/analysisd/decoders/._hostinfo.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._hostinfo.c and /dev/null differ
diff --git a/src/analysisd/decoders/._plugin_decoders.h b/src/analysisd/decoders/._plugin_decoders.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._plugin_decoders.h and /dev/null differ
diff --git a/src/analysisd/decoders/._rootcheck.c b/src/analysisd/decoders/._rootcheck.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._rootcheck.c and /dev/null differ
diff --git a/src/analysisd/decoders/._syscheck.c b/src/analysisd/decoders/._syscheck.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/._syscheck.c and /dev/null differ
diff --git a/src/analysisd/decoders/decode-xml.c b/src/analysisd/decoders/decode-xml.c
index 6838264..f3c182d 100755
--- a/src/analysisd/decoders/decode-xml.c
+++ b/src/analysisd/decoders/decode-xml.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -43,7 +43,7 @@ int getDecoderfromlist(char *name)
{
return(OSStore_GetPosition(os_decoder_store, name));
}
-
+
return(0);
}
@@ -93,10 +93,10 @@ int os_setdecoderids(char *p_name)
{
int p_id = 0;
char *p_name;
-
+
nnode = node->osdecoder;
- nnode->id = getDecoderfromlist(nnode->name);
-
+ nnode->id = getDecoderfromlist(nnode->name);
+
/* Id can noit be 0 */
if(nnode->id == 0)
{
@@ -132,8 +132,8 @@ int os_setdecoderids(char *p_name)
/* Setting parent name */
nnode->name = p_name;
}
-
-
+
+
/* Id can noit be 0 */
if(nnode->id == 0)
{
@@ -157,11 +157,11 @@ int ReadDecodeAttrs(char **names, char **values)
{
return(0);
}
-
+
if(strcmp(names[0], "offset") == 0)
{
int offset = 0;
-
+
/* Offsets can be: after_parent, after_prematch
* or after_regex.
*/
@@ -182,7 +182,7 @@ int ReadDecodeAttrs(char **names, char **values)
merror(INV_OFFSET, ARGV0, values[0]);
offset |= AFTER_ERROR;
}
-
+
return(offset);
}
@@ -198,9 +198,9 @@ int ReadDecodeXML(char *file)
OS_XML xml;
XML_NODE node = NULL;
- /* XML variables */
+ /* XML variables */
/* These are the available options for the rule configuration */
-
+
char *xml_plugindecoder = "plugin_decoder";
char *xml_decoder = "decoder";
char *xml_decoder_name = "name";
@@ -217,21 +217,21 @@ int ReadDecodeXML(char *file)
int i = 0;
OSDecoderInfo *NULL_Decoder_tmp = NULL;
-
-
- /* Reading the XML */
+
+
+ /* Reading the XML */
if((i = OS_ReadXML(file,&xml)) < 0)
{
if((i == -2) && (strcmp(file, XML_LDECODER) == 0))
{
return(-2);
}
-
+
merror(XML_ERROR, ARGV0, file, xml.err, xml.err_line);
return(0);
}
-
+
/* Applying any variable found */
if(OS_ApplyVariables(&xml) != 0)
{
@@ -263,7 +263,7 @@ int ReadDecodeXML(char *file)
NULL_Decoder = (void *)NULL_Decoder_tmp;
-
+
i = 0;
while(node[i])
{
@@ -275,14 +275,14 @@ int ReadDecodeXML(char *file)
char *prematch;
char *p_name;
-
- if(!node[i]->element ||
+
+ if(!node[i]->element ||
strcasecmp(node[i]->element, xml_decoder) != 0)
{
merror(XML_INVELEM, ARGV0, node[i]->element);
return(0);
}
-
+
/* Getting name */
if((!node[i]->attributes) || (!node[i]->values)||
@@ -293,7 +293,7 @@ int ReadDecodeXML(char *file)
return(0);
}
-
+
/* Checking for additional entries */
if(node[i]->attributes[1] && node[i]->values[1])
{
@@ -302,7 +302,7 @@ int ReadDecodeXML(char *file)
merror(XML_INVELEM, ARGV0, node[i]->element);
return(0);
}
-
+
if(node[i]->attributes[2])
{
merror(XML_INVELEM, ARGV0, node[i]->element);
@@ -310,7 +310,7 @@ int ReadDecodeXML(char *file)
}
}
-
+
/* Getting decoder options */
elements = OS_GetElementsbyNode(&xml,node[i]);
if(elements == NULL)
@@ -326,8 +326,8 @@ int ReadDecodeXML(char *file)
merror(MEM_ERROR,ARGV0);
return(0);
}
-
-
+
+
/* Default values to the list */
pi->parent = NULL;
pi->id = 0;
@@ -343,19 +343,19 @@ int ReadDecodeXML(char *file)
pi->get_next = 0;
pi->regex_offset = 0;
pi->prematch_offset = 0;
-
+
regex = NULL;
prematch = NULL;
p_name = NULL;
-
-
+
+
/* Checking if strdup worked */
if(!pi->name)
{
merror(MEM_ERROR, ARGV0);
return(0);
}
-
+
/* Add decoder */
if(!addDecoder2list(pi->name))
{
@@ -376,51 +376,51 @@ int ReadDecodeXML(char *file)
merror(XML_VALUENULL, ARGV0, elements[j]->element);
return(0);
}
-
+
/* Checking if it is a child of a rule */
else if(strcasecmp(elements[j]->element, xml_parent) == 0)
{
pi->parent = _loadmemory(pi->parent, elements[j]->content);
}
-
+
/* Getting the regex */
else if(strcasecmp(elements[j]->element,xml_regex) == 0)
{
int r_offset;
r_offset = ReadDecodeAttrs(elements[j]->attributes,
elements[j]->values);
-
+
if(r_offset & AFTER_ERROR)
{
merror(DEC_REGEX_ERROR, ARGV0, pi->name);
return(0);
}
-
- /* Only the first regex entry may have an offset */
+
+ /* Only the first regex entry may have an offset */
if(regex && r_offset)
{
merror(DUP_REGEX, ARGV0, pi->name);
merror(DEC_REGEX_ERROR, ARGV0, pi->name);
return(0);
}
-
+
/* regex offset */
if(r_offset)
{
pi->regex_offset = r_offset;
}
-
+
/* Assign regex */
regex =
_loadmemory(regex,
elements[j]->content);
}
-
+
/* Getting the pre match */
else if(strcasecmp(elements[j]->element,xml_prematch)==0)
{
int r_offset;
-
+
r_offset = ReadDecodeAttrs(
elements[j]->attributes,
elements[j]->values);
@@ -430,7 +430,7 @@ int ReadDecodeXML(char *file)
ErrorExit(DEC_REGEX_ERROR, ARGV0, pi->name);
}
-
+
/* Only the first prematch entry may have an offset */
if(prematch && r_offset)
{
@@ -442,7 +442,7 @@ int ReadDecodeXML(char *file)
{
pi->prematch_offset = r_offset;
}
-
+
prematch =
_loadmemory(prematch,
elements[j]->content);
@@ -470,7 +470,7 @@ int ReadDecodeXML(char *file)
int ed_c = 0;
for(ed_c = 0; plugin_decoders[ed_c] != NULL; ed_c++)
{
- if(strcmp(plugin_decoders[ed_c],
+ if(strcmp(plugin_decoders[ed_c],
elements[j]->content) == 0)
{
/* Initializing plugin */
@@ -490,8 +490,8 @@ int ReadDecodeXML(char *file)
return(0);
}
}
-
-
+
+
/* Getting the type */
else if(strcmp(elements[j]->element, xml_type) == 0)
{
@@ -500,17 +500,17 @@ int ReadDecodeXML(char *file)
else if(strcmp(elements[j]->content, "ids") == 0)
pi->type = IDS;
else if(strcmp(elements[j]->content, "web-log") == 0)
- pi->type = WEBLOG;
+ pi->type = WEBLOG;
else if(strcmp(elements[j]->content, "syslog") == 0)
pi->type = SYSLOG;
else if(strcmp(elements[j]->content, "squid") == 0)
pi->type = SQUID;
else if(strcmp(elements[j]->content, "windows") == 0)
- pi->type = WINDOWS;
+ pi->type = WINDOWS;
else if(strcmp(elements[j]->content, "host-information") == 0)
pi->type = HOST_INFO;
else if(strcmp(elements[j]->content, "ossec") == 0)
- pi->type = OSSEC_RL;
+ pi->type = OSSEC_RL;
else
{
merror("%s: Invalid decoder type '%s'.",
@@ -518,13 +518,13 @@ int ReadDecodeXML(char *file)
return(0);
}
}
-
+
/* Getting the order */
else if(strcasecmp(elements[j]->element,xml_order)==0)
{
char **norder, **s_norder;
int order_int = 0;
-
+
/* Maximum number is 8 for the order */
norder = OS_StrBreak(',',elements[j]->content, 8);
s_norder = norder;
@@ -538,7 +538,7 @@ int ReadDecodeXML(char *file)
order_int++;
}
order_int = 0;
-
+
/* Checking the values from the order */
while(*norder)
@@ -618,23 +618,23 @@ int ReadDecodeXML(char *file)
free(s_norder);
}
-
+
/* Getting the fts order */
else if(strcasecmp(elements[j]->element,xml_fts)==0)
{
char **norder;
char **s_norder;
-
+
/* Maximum number is 8 for the fts */
norder = OS_StrBreak(',',elements[j]->content, 8);
if(norder == NULL)
ErrorExit(MEM_ERROR,ARGV0);
-
-
+
+
/* Saving the initial point to free later */
s_norder = norder;
-
-
+
+
/* Checking the values from the fts */
while(*norder)
{
@@ -707,11 +707,11 @@ int ReadDecodeXML(char *file)
/* NEXT */
j++;
-
+
} /* while(elements[j]) */
-
+
OS_ClearNode(elements);
-
+
/* Prematch must be set */
if(!prematch && !pi->parent && !p_name)
@@ -727,7 +727,7 @@ int ReadDecodeXML(char *file)
merror(DEC_REGEX_ERROR, ARGV0, pi->name);
return(0);
}
-
+
/* For the offsets */
if(pi->regex_offset & AFTER_PARENT && !pi->parent)
@@ -736,7 +736,7 @@ int ReadDecodeXML(char *file)
merror(DEC_REGEX_ERROR, ARGV0, pi->name);
return(0);
}
-
+
if(pi->regex_offset & AFTER_PREMATCH)
{
/* If after_prematch is set, but rule have
@@ -755,7 +755,7 @@ int ReadDecodeXML(char *file)
return(0);
}
}
-
+
/* For the after_regex offset */
if(pi->regex_offset & AFTER_PREVREGEX)
{
@@ -766,7 +766,7 @@ int ReadDecodeXML(char *file)
return(0);
}
}
-
+
/* Checking the prematch offset */
if(pi->prematch_offset)
@@ -788,7 +788,7 @@ int ReadDecodeXML(char *file)
}
}
-
+
/* Compiling the regex/prematch */
if(prematch)
{
@@ -801,7 +801,7 @@ int ReadDecodeXML(char *file)
free(prematch);
}
-
+
/* Compiling the p_name */
if(p_name)
{
@@ -814,7 +814,7 @@ int ReadDecodeXML(char *file)
free(p_name);
}
-
+
/* We may not have the pi->regex */
if(regex)
{
@@ -842,11 +842,11 @@ int ReadDecodeXML(char *file)
merror(DECODE_ADD, ARGV0, pi->name);
return(0);
}
-
+
/* Adding osdecoder to the list */
if(!OS_AddOSDecoder(pi))
{
- merror(DECODER_ERROR, ARGV0);
+ merror(DECODER_ERROR, ARGV0);
return(0);
}
@@ -857,7 +857,7 @@ int ReadDecodeXML(char *file)
/* Cleaning node and XML structures */
OS_ClearNode(node);
-
+
OS_ClearXML(&xml);
@@ -868,7 +868,7 @@ int ReadDecodeXML(char *file)
int SetDecodeXML()
-{
+{
/* Adding rootcheck decoder to list */
addDecoder2list(ROOTCHECK_MOD);
addDecoder2list(SYSCHECK_MOD);
diff --git a/src/analysisd/decoders/decoder.c b/src/analysisd/decoders/decoder.c
index 1375db5..b5cb303 100755
--- a/src/analysisd/decoders/decoder.c
+++ b/src/analysisd/decoders/decoder.c
@@ -9,11 +9,11 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
#include "shared.h"
#include "os_regex/os_regex.h"
#include "os_xml/os_xml.h"
@@ -54,9 +54,9 @@ void DecodeEvent(Eventinfo *lf)
{
print_out("\n**Phase 2: Completed decoding.");
}
- #endif
+ #endif
- do
+ do
{
nnode = node->osdecoder;
@@ -64,7 +64,7 @@ void DecodeEvent(Eventinfo *lf)
/* First checking program name */
if(lf->program_name)
{
- if(!OSMatch_Execute(lf->program_name, lf->p_name_size,
+ if(!OSMatch_Execute(lf->program_name, lf->p_name_size,
nnode->program_name))
{
continue;
@@ -89,11 +89,11 @@ void DecodeEvent(Eventinfo *lf)
#ifdef TESTRULE
if(!alert_only)print_out(" decoder: '%s'", nnode->name);
- #endif
-
+ #endif
+
lf->decoder_info = nnode;
-
+
child_node = node->child;
@@ -122,7 +122,7 @@ void DecodeEvent(Eventinfo *lf)
{
char *llog;
- /* If we have an offset set, use it */
+ /* If we have an offset set, use it */
if(nnode->prematch_offset & AFTER_PARENT)
{
llog = pmatch;
@@ -163,7 +163,7 @@ void DecodeEvent(Eventinfo *lf)
return;
child_node = child_node->next;
- nnode = NULL;
+ nnode = NULL;
}
else
{
@@ -185,8 +185,8 @@ void DecodeEvent(Eventinfo *lf)
nnode->plugindecoder(lf);
return;
}
-
-
+
+
/* Getting the regex */
while(child_node)
{
@@ -273,7 +273,7 @@ void DecodeEvent(Eventinfo *lf)
}
/* ok to return */
- return;
+ return;
}while((node=node->next) != NULL);
#ifdef TESTRULE
@@ -282,7 +282,7 @@ void DecodeEvent(Eventinfo *lf)
print_out(" No decoder matched.");
}
#endif
-
+
}
@@ -292,7 +292,7 @@ void *DstUser_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" dstuser: '%s'", field);
#endif
-
+
lf->dstuser = field;
return(NULL);
}
@@ -301,7 +301,7 @@ void *SrcUser_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" srcuser: '%s'", field);
#endif
-
+
lf->srcuser = field;
return(NULL);
}
@@ -310,7 +310,7 @@ void *SrcIP_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" srcip: '%s'", field);
#endif
-
+
lf->srcip = field;
return(NULL);
}
@@ -319,7 +319,7 @@ void *DstIP_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" dstip: '%s'", field);
#endif
-
+
lf->dstip = field;
return(NULL);
}
@@ -328,7 +328,7 @@ void *SrcPort_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" srcport: '%s'", field);
#endif
-
+
lf->srcport = field;
return(NULL);
}
@@ -337,7 +337,7 @@ void *DstPort_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" dstport: '%s'", field);
#endif
-
+
lf->dstport = field;
return(NULL);
}
@@ -346,7 +346,7 @@ void *Protocol_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" proto: '%s'", field);
#endif
-
+
lf->protocol = field;
return(NULL);
}
@@ -355,7 +355,7 @@ void *Action_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" action: '%s'", field);
#endif
-
+
lf->action = field;
return(NULL);
}
@@ -364,7 +364,7 @@ void *ID_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" id: '%s'", field);
#endif
-
+
lf->id = field;
return(NULL);
}
@@ -373,7 +373,7 @@ void *Url_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" url: '%s'", field);
#endif
-
+
lf->url = field;
return(NULL);
}
@@ -382,7 +382,7 @@ void *Data_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" extra_data: '%s'", field);
#endif
-
+
lf->data = field;
return(NULL);
}
@@ -391,7 +391,7 @@ void *Status_FP(Eventinfo *lf, char *field)
#ifdef TESTRULE
if(!alert_only)print_out(" status: '%s'", field);
#endif
-
+
lf->status = field;
return(NULL);
}
diff --git a/src/analysisd/decoders/decoder.h b/src/analysisd/decoders/decoder.h
index 86333cd..84e9e86 100755
--- a/src/analysisd/decoders/decoder.h
+++ b/src/analysisd/decoders/decoder.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -25,8 +25,8 @@
#define AFTER_PARENT 0x001 /* 1 */
#define AFTER_PREMATCH 0x002 /* 2 */
-#define AFTER_PREVREGEX 0x004 /* 4 */
-#define AFTER_ERROR 0x010
+#define AFTER_PREVREGEX 0x004 /* 4 */
+#define AFTER_ERROR 0x010
@@ -40,16 +40,16 @@ typedef struct
u_int16_t id;
u_int16_t regex_offset;
u_int16_t prematch_offset;
-
+
int fts;
char *parent;
char *name;
char *ftscomment;
-
+
OSRegex *regex;
OSRegex *prematch;
OSMatch *program_name;
-
+
void (*plugindecoder)(void *lf);
void (**order)(void *lf, char *field);
}OSDecoderInfo;
diff --git a/src/analysisd/decoders/decoders_list.c b/src/analysisd/decoders/decoders_list.c
index 8c5320a..652f785 100755
--- a/src/analysisd/decoders/decoders_list.c
+++ b/src/analysisd/decoders/decoders_list.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -51,7 +51,7 @@ OSDecoderNode *OS_GetFirstOSDecoder(char *p_name)
{
return(osdecodernode_forpname);
}
-
+
return(osdecodernode_nopname);
}
@@ -61,11 +61,11 @@ OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
{
OSDecoderNode *tmp_node = s_node;
int rm_f = 0;
-
+
if(tmp_node)
{
OSDecoderNode *new_node;
-
+
new_node = (OSDecoderNode *)calloc(1,sizeof(OSDecoderNode));
if(new_node == NULL)
{
@@ -83,9 +83,9 @@ OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
if((tmp_node->osdecoder->prematch ||
tmp_node->osdecoder->regex) && pi->regex_offset)
{
- rm_f = 1;
+ rm_f = 1;
}
-
+
/* Multi-regexes patterns cannot have prematch */
if(pi->prematch)
{
@@ -110,24 +110,24 @@ OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
return(NULL);
}
}
-
+
}while(tmp_node->next && (tmp_node = tmp_node->next));
-
-
+
+
/* Must have a prematch set */
if(!rm_f && (pi->regex_offset & AFTER_PREVREGEX))
{
merror(INV_OFFSET, ARGV0, pi->name);
return(NULL);
}
-
+
tmp_node->next = new_node;
-
+
new_node->next = NULL;
- new_node->osdecoder = pi;
+ new_node->osdecoder = pi;
new_node->child = NULL;
}
-
+
else
{
/* Must not have a previous regex set */
@@ -164,7 +164,7 @@ int OS_AddOSDecoder(OSDecoderInfo *pi)
/* We can actually have two lists. One with program
* name and the other without.
*/
- if(pi->program_name)
+ if(pi->program_name)
{
osdecodernode = osdecodernode_forpname;
}
@@ -173,7 +173,7 @@ int OS_AddOSDecoder(OSDecoderInfo *pi)
osdecodernode = osdecodernode_nopname;
}
-
+
/* Search for parent on both lists */
if(pi->parent)
{
@@ -194,7 +194,7 @@ int OS_AddOSDecoder(OSDecoderInfo *pi)
}
tmp_node = tmp_node->next;
}
-
+
/* List without p name */
tmp_node = osdecodernode_nopname;
@@ -219,9 +219,9 @@ int OS_AddOSDecoder(OSDecoderInfo *pi)
{
return(1);
}
-
+
merror(PPLUGIN_INV, ARGV0, pi->parent);
- return(0);
+ return(0);
}
else
{
diff --git a/src/analysisd/decoders/hostinfo.c b/src/analysisd/decoders/hostinfo.c
index d5577e5..fa7c414 100755
--- a/src/analysisd/decoders/hostinfo.c
+++ b/src/analysisd/decoders/hostinfo.c
@@ -95,7 +95,7 @@ void HostinfoInit()
/* Opening HOSTINFO_FILE */
snprintf(_hi_buf,OS_SIZE_1024, "%s", HOSTINFO_FILE);
-
+
/* r+ to read and write. Do not truncate */
_hi_fp = fopen(_hi_buf,"r+");
@@ -115,7 +115,7 @@ void HostinfoInit()
return;
}
-
+
/* clearing the buffer */
memset(_hi_buf, '\0', OS_MAXSTR +1);
@@ -148,7 +148,7 @@ int DecodeHostinfo(Eventinfo *lf)
{
int changed = 0;
int bf_size;
-
+
char *ip;
char *portss;
char *tmpstr;
@@ -157,7 +157,7 @@ int DecodeHostinfo(Eventinfo *lf)
char opened[OS_MAXSTR + 1];
FILE *fp;
-
+
/* Checking maximum number of errors */
if(hi_err > 30)
{
@@ -165,7 +165,7 @@ int DecodeHostinfo(Eventinfo *lf)
"Ignoring it.", ARGV0);
return(0);
}
-
+
/* Zeroing buffers */
buffer[OS_MAXSTR] = '\0';
@@ -182,8 +182,8 @@ int DecodeHostinfo(Eventinfo *lf)
/* Copying log to buffer */
strncpy(buffer,lf->log, OS_MAXSTR);
-
-
+
+
/* Getting ip */
tmpstr = __go_after(buffer, HOST_HOST);
if(!tmpstr)
@@ -194,7 +194,7 @@ int DecodeHostinfo(Eventinfo *lf)
return(0);
}
-
+
/* Setting ip */
ip = tmpstr;
tmpstr = strchr(tmpstr, ',');
@@ -217,8 +217,8 @@ int DecodeHostinfo(Eventinfo *lf)
*tmpstr = '\0';
}
bf_size = strlen(ip);
-
-
+
+
/* Reads the file and search for a possible
* entry
*/
@@ -233,13 +233,13 @@ int DecodeHostinfo(Eventinfo *lf)
/* Removing new line */
tmpstr = strchr(_hi_buf, '\n');
if(tmpstr)
- *tmpstr = '\0';
+ *tmpstr = '\0';
/* Checking for ip */
if(strncmp(ip, _hi_buf, bf_size) == 0)
{
- /* Cannot use strncmp to avoid errors with crafted files */
+ /* Cannot use strncmp to avoid errors with crafted files */
if(strcmp(portss, _hi_buf + bf_size) == 0)
{
return(0);
@@ -253,9 +253,9 @@ int DecodeHostinfo(Eventinfo *lf)
changed = 1;
}
}
- }
+ }
+
-
/* Adding the new entry at the end of the file */
fseek(fp, 0, SEEK_END);
fprintf(fp,"%s%s\n", ip, portss);
@@ -264,7 +264,7 @@ int DecodeHostinfo(Eventinfo *lf)
/* Setting decoder */
lf->decoder_info = hostinfo_dec;
-
+
/* Setting comment */
if(changed == 1)
{
@@ -275,7 +275,7 @@ int DecodeHostinfo(Eventinfo *lf)
{
hostinfo_dec->id = id_new;
}
-
+
return(1);
}
diff --git a/src/analysisd/decoders/plugin_decoders.h b/src/analysisd/decoders/plugin_decoders.h
index ab1bd8f..282eb31 100755
--- a/src/analysisd/decoders/plugin_decoders.h
+++ b/src/analysisd/decoders/plugin_decoders.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -37,22 +37,22 @@ void *OSSECAlert_Decoder_Exec(void *lf);
/* List of plugins. All three lists must be in the same order */
char *(plugin_decoders[])={"PF_Decoder",
- "SymantecWS_Decoder",
+ "SymantecWS_Decoder",
"SonicWall_Decoder",
"OSSECAlert_Decoder",
NULL};
-void *(plugin_decoders_init[]) = {PF_Decoder_Init,
+void *(plugin_decoders_init[]) = {PF_Decoder_Init,
SymantecWS_Decoder_Init,
- SonicWall_Decoder_Init,
+ SonicWall_Decoder_Init,
OSSECAlert_Decoder_Init,
NULL};
-void *(plugin_decoders_exec[]) = {PF_Decoder_Exec,
+void *(plugin_decoders_exec[]) = {PF_Decoder_Exec,
SymantecWS_Decoder_Exec,
SonicWall_Decoder_Exec,
OSSECAlert_Decoder_Exec,
NULL};
-
+
#endif
diff --git a/src/analysisd/decoders/plugins/._Makefile b/src/analysisd/decoders/plugins/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/plugins/._Makefile and /dev/null differ
diff --git a/src/analysisd/decoders/plugins/._ossecalert_decoder.c b/src/analysisd/decoders/plugins/._ossecalert_decoder.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/plugins/._ossecalert_decoder.c and /dev/null differ
diff --git a/src/analysisd/decoders/plugins/._pf_decoder.c b/src/analysisd/decoders/plugins/._pf_decoder.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/plugins/._pf_decoder.c and /dev/null differ
diff --git a/src/analysisd/decoders/plugins/._sonicwall_decoder.c b/src/analysisd/decoders/plugins/._sonicwall_decoder.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/plugins/._sonicwall_decoder.c and /dev/null differ
diff --git a/src/analysisd/decoders/plugins/._symantecws_decoder.c b/src/analysisd/decoders/plugins/._symantecws_decoder.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/analysisd/decoders/plugins/._symantecws_decoder.c and /dev/null differ
diff --git a/src/analysisd/decoders/plugins/ossecalert_decoder.c b/src/analysisd/decoders/plugins/ossecalert_decoder.c
index 337e0a7..0f91fc0 100644
--- a/src/analysisd/decoders/plugins/ossecalert_decoder.c
+++ b/src/analysisd/decoders/plugins/ossecalert_decoder.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -35,12 +35,12 @@ void *OSSECAlert_Decoder_Init()
#define oa_strchr(x,y,z) z = strchr(x,y); if(!z){ return(NULL); }
-/* OSSECAlert decoder
+/* OSSECAlert decoder
* Will extract the rule_id and point back to the original rule.
* Will also extract srcip and username if available.
* Examples:
- *
- */
+ *
+ */
void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
{
char *oa_id = 0;
@@ -61,7 +61,7 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
return(NULL);
}
-
+
/* Going past the level. */
oa_strchr(lf->log, ';', tmp_str);
tmp_str++;
@@ -73,10 +73,10 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
if(*tmp_str != ' ')
{
return(NULL);
- }
+ }
tmp_str++;
-
+
/* Getting id. */
oa_id = tmp_str;
oa_strchr(tmp_str, ' ', tmp_str);
@@ -106,7 +106,7 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
/* Setting location; */
oa_location = tmp_str;
-
+
oa_strchr(tmp_str, ';', tmp_str);
*tmp_str = '\0';
@@ -124,7 +124,7 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
}
else
{
- snprintf(oa_newlocation, 255, "%s->%s|%s", lf->hostname,
+ snprintf(oa_newlocation, 255, "%s->%s|%s", lf->hostname,
lf->location, oa_location);
free(lf->location);
os_strdup(oa_newlocation, lf->location);
@@ -134,7 +134,7 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
*tmp_str = ';';
tmp_str++;
-
+
/* Getting additional fields. */
while((*tmp_str == ' ') && (tmp_str[1] != ' '))
{
@@ -160,18 +160,18 @@ void *OSSECAlert_Decoder_Exec(Eventinfo *lf)
*tmp_str = ';';
tmp_str++;
}
-
+
/* Removing space. */
while(*tmp_str == ' ')
tmp_str++;
-
-
+
+
/* Creating new full log. */
free(lf->full_log);
os_strdup(tmp_str, lf->full_log);
lf->log = lf->full_log;
-
+
/* Rule that generated. */
lf->generated_rule = rule_pointer;
diff --git a/src/analysisd/decoders/plugins/pf_decoder.c b/src/analysisd/decoders/plugins/pf_decoder.c
index 3c9ed17..8680ece 100644
--- a/src/analysisd/decoders/plugins/pf_decoder.c
+++ b/src/analysisd/decoders/plugins/pf_decoder.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -28,7 +28,7 @@ void *PF_Decoder_Init()
}
-/* OpenBSD PF decoder
+/* OpenBSD PF decoder
* Will extract the action,srcip,dstip,protocol,srcport,dstport
*
* Examples:
@@ -38,7 +38,7 @@ void *PF_Decoder_Init()
* Mar 30 15:54:22.174412 rule 3/(match) pass out on xl0: 192.168.2.10.1514 > 192.168.2.190.1030: udp 89
* Mar 30 17:47:40.390143 rule 2/(match) pass in on lo0: 127.0.0.1 > 127.0.0.1: icmp: echo reply
* Mar 30 17:47:41.400075 rule 3/(match) pass out on lo0: 127.0.0.1 > 127.0.0.1: icmp: echo request
- */
+ */
void *PF_Decoder_Exec(Eventinfo *lf)
{
int port_count = 0;
@@ -49,13 +49,13 @@ void *PF_Decoder_Exec(Eventinfo *lf)
/* tmp_str should be: Mar 30 15:54:22.171929 rule 3/(match) pass out .. */
tmp_str = strchr(lf->log, ')');
-
+
/* Didn't match */
if(!tmp_str)
{
return(NULL);
}
-
+
/* Going to the action entry */
tmp_str++;
if(*tmp_str != ' ')
@@ -83,7 +83,7 @@ void *PF_Decoder_Exec(Eventinfo *lf)
return(NULL);
}
-
+
/* Jumping to the src ip */
tmp_str = strchr(tmp_str, ':');
if(!tmp_str)
@@ -98,32 +98,32 @@ void *PF_Decoder_Exec(Eventinfo *lf)
tmp_str++;
-
+
/* tmp_str should be: 192.168.2.10.1514 > .. */
aux_str = strchr(tmp_str, ' ');
if(!aux_str)
return(NULL);
-
-
+
+
/* Setting aux_str to 0 for strdup */
*aux_str = '\0';
-
+
os_strdup(tmp_str, lf->srcip);
-
+
/* Aux str has a valid pointer to lf->log now */
*aux_str = ' ';
aux_str++;
-
-
-
+
+
+
/* Setting the source port if present */
tmp_str = lf->srcip;
while(*tmp_str != '\0')
{
if(*tmp_str == '.')
port_count++;
-
-
+
+
/* Found port */
if(port_count == 4)
{
@@ -132,7 +132,7 @@ void *PF_Decoder_Exec(Eventinfo *lf)
os_strdup(tmp_str, lf->srcport);
break;
}
-
+
tmp_str++;
}
@@ -152,14 +152,14 @@ void *PF_Decoder_Exec(Eventinfo *lf)
tmp_str = strchr(aux_str, ':');
if(!tmp_str)
return(NULL);
-
-
+
+
/* Setting aux_str to 0 for strdup */
*tmp_str = '\0';
-
+
os_strdup(aux_str, lf->dstip);
-
-
+
+
/* tmp str has a valid pointer to lf->log now */
*tmp_str = ':';
tmp_str++;
@@ -172,8 +172,8 @@ void *PF_Decoder_Exec(Eventinfo *lf)
{
if(*aux_str == '.')
port_count++;
-
-
+
+
/* Found port */
if(port_count == 4)
{
@@ -182,7 +182,7 @@ void *PF_Decoder_Exec(Eventinfo *lf)
os_strdup(aux_str, lf->dstport);
break;
}
-
+
aux_str++;
}
@@ -207,10 +207,10 @@ void *PF_Decoder_Exec(Eventinfo *lf)
{
os_strdup("TCP", lf->protocol);
}
-
+
break;
}
-
+
return(NULL);
}
diff --git a/src/analysisd/decoders/plugins/sonicwall_decoder.c b/src/analysisd/decoders/plugins/sonicwall_decoder.c
index 34bd5e2..42e854a 100644
--- a/src/analysisd/decoders/plugins/sonicwall_decoder.c
+++ b/src/analysisd/decoders/plugins/sonicwall_decoder.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -32,7 +32,7 @@
/** Global variables -- not thread safe. If we ever multi thread
* analysisd, these will need to be changed.
- */
+ */
OSRegex *__sonic_regex_prid = NULL;
OSRegex *__sonic_regex_sdip = NULL;
OSRegex *__sonic_regex_prox = NULL;
@@ -90,13 +90,13 @@ void *SonicWall_Decoder_Init()
-/* SonicWall decoder
+/* SonicWall decoder
* Will extract the id, severity, action, srcip, dstip, protocol,srcport,dstport
* severity will be extracted as status.
* Examples:
* Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23419 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000
* Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.1.1.1 pri=1 c=32 m=30 msg="Administrator login denied due to bad credentials" n=7 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN
- */
+ */
void *SonicWall_Decoder_Exec(Eventinfo *lf)
{
int i = 0;
@@ -107,9 +107,9 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
/* Zeroing category */
category[0] = '\0';
lf->decoder_info->type = SYSLOG;
-
-
-
+
+
+
/** We first run our regex to extract the severity, cat and id. **/
if(!(tmp_str = OSRegex_Execute(lf->log, __sonic_regex_prid)))
{
@@ -132,7 +132,7 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
/* Clearing all substrings */
__sonic_regex_prid->sub_strings[0] = NULL;
__sonic_regex_prid->sub_strings[2] = NULL;
-
+
free(__sonic_regex_prid->sub_strings[1]);
__sonic_regex_prid->sub_strings[1] = NULL;
}
@@ -157,9 +157,9 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
{
return(NULL);
}
- if(__sonic_regex_sdip->sub_strings[0] &&
- __sonic_regex_sdip->sub_strings[1] &&
- __sonic_regex_sdip->sub_strings[2] &&
+ if(__sonic_regex_sdip->sub_strings[0] &&
+ __sonic_regex_sdip->sub_strings[1] &&
+ __sonic_regex_sdip->sub_strings[2] &&
__sonic_regex_sdip->sub_strings[3])
{
/* Setting all the values */
@@ -187,7 +187,7 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
i = 0;
tmp_str += 6;
-
+
/* Allocating memory for the protocol */
os_calloc(8, sizeof(char), proto);
@@ -223,7 +223,7 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
-
+
/** Setting the category/action based on the id. **/
/* IDS event */
@@ -231,16 +231,16 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
{
lf->decoder_info->type = IDS;
}
-
+
/* Firewall connection opened */
else if((strcmp(lf->id, "98") == 0) ||
- (strcmp(lf->id, "597") == 0) ||
- (strcmp(lf->id, "598") == 0))
+ (strcmp(lf->id, "597") == 0) ||
+ (strcmp(lf->id, "598") == 0))
{
lf->decoder_info->type = FIREWALL;
- os_strdup("pass", lf->action);
+ os_strdup("pass", lf->action);
}
-
+
/* Firewall connection dropped */
else if((strcmp(lf->id, "38") == 0) ||
(strcmp(lf->id, "36") == 0) ||
@@ -249,16 +249,16 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
(strcmp(lf->id, "37") == 0))
{
lf->decoder_info->type = FIREWALL;
- os_strdup("drop", lf->action);
+ os_strdup("drop", lf->action);
}
-
+
/* Firewall connection closed */
else if(strcmp(lf->id, "537") == 0)
{
lf->decoder_info->type = FIREWALL;
os_strdup("close", lf->action);
}
-
+
/* Proxy msg */
else if(strcmp(lf->id, "97") == 0)
{
@@ -270,7 +270,7 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
{
return(NULL);
}
-
+
/* We first run our regex to extract the severity and id. */
if(!OSRegex_Execute(tmp_str, __sonic_regex_prox))
@@ -290,18 +290,18 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
{
return(NULL);
}
-
+
/* Getting HTTP page */
- if(__sonic_regex_prox->sub_strings[1] &&
+ if(__sonic_regex_prox->sub_strings[1] &&
__sonic_regex_prox->sub_strings[2])
{
char *final_url;
int url_size = strlen(__sonic_regex_prox->sub_strings[1]) +
strlen(__sonic_regex_prox->sub_strings[2]) + 2;
-
+
os_calloc(url_size +1, sizeof(char), final_url);
- snprintf(final_url, url_size, "%s%s",
+ snprintf(final_url, url_size, "%s%s",
__sonic_regex_prox->sub_strings[1],
__sonic_regex_prox->sub_strings[2]);
@@ -324,7 +324,7 @@ void *SonicWall_Decoder_Exec(Eventinfo *lf)
return(NULL);
}
-
+
return(NULL);
}
diff --git a/src/analysisd/decoders/plugins/symantecws_decoder.c b/src/analysisd/decoders/plugins/symantecws_decoder.c
index 2e1a773..5ee3ecc 100644
--- a/src/analysisd/decoders/plugins/symantecws_decoder.c
+++ b/src/analysisd/decoders/plugins/symantecws_decoder.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -27,25 +27,25 @@ void *SymantecWS_Decoder_Init()
}
-/* Symantec Web Security decoder
+/* Symantec Web Security decoder
* Will extract the action, srcip, id, url and username.
*
- * Examples (also online at
+ * Examples (also online at
* http://www.ossec.net/wiki/index.php/Symantec_WebSecurity ).
* 20070717,73613,1=5,11=10.1.1.3,10=userc,3=1,2=1
* 20070717,73614,1=5,11=1.2.3.4,1106=News,60=http://news.bbc.co.uk/,10=userX,1000=212.58.240.42,2=27
- */
+ */
void *SymantecWS_Decoder_Exec(Eventinfo *lf)
{
int count = 0;
char buf_str[OS_SIZE_1024 +1];
char *tmp_str = NULL;
-
+
/* Initializing buffer */
buf_str[0] = '\0';
buf_str[OS_SIZE_1024] = '\0';
-
-
+
+
/* Removing date and time */
if(!(tmp_str = strchr(lf->log, ',')))
{
@@ -56,8 +56,8 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf)
return(NULL);
}
tmp_str++;
-
-
+
+
/* Getting all the values */
while(tmp_str != NULL)
{
@@ -66,9 +66,9 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf)
{
count = 0;
tmp_str+=3;
- while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
+ while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
{
- buf_str[count] = *tmp_str;
+ buf_str[count] = *tmp_str;
count++; tmp_str++;
}
buf_str[count] = '\0';
@@ -78,15 +78,15 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf)
os_strdup(buf_str, lf->dstuser);
}
}
-
+
/* Checking the ip address */
else if(strncmp(tmp_str, "11=", 3) == 0)
{
count = 0;
tmp_str+=3;
- while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
+ while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
{
- buf_str[count] = *tmp_str;
+ buf_str[count] = *tmp_str;
count++; tmp_str++;
}
buf_str[count] = '\0';
@@ -103,9 +103,9 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf)
{
count = 0;
tmp_str+=3;
- while(*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',')
+ while(*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',')
{
- buf_str[count] = *tmp_str;
+ buf_str[count] = *tmp_str;
count++; tmp_str++;
}
buf_str[count] = '\0';
@@ -143,7 +143,7 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf)
tmp_str++;
}
}
-
+
return(NULL);
}
diff --git a/src/analysisd/decoders/rootcheck.c b/src/analysisd/decoders/rootcheck.c
index 231776e..b72a677 100755
--- a/src/analysisd/decoders/rootcheck.c
+++ b/src/analysisd/decoders/rootcheck.c
@@ -42,7 +42,7 @@ void RootcheckInit()
int i = 0;
rk_err = 0;
-
+
for(;i<MAX_AGENTS;i++)
{
rk_agent_ips[i] = NULL;
@@ -58,7 +58,7 @@ void RootcheckInit()
rootcheck_dec->fts = 0;
debug1("%s: RootcheckInit completed.", ARGV0);
-
+
return;
}
@@ -80,8 +80,8 @@ FILE *RK_File(char *agent, int *agent_id)
*agent_id = i;
return(rk_agent_fps[i]);
}
-
- i++;
+
+ i++;
}
/* If here, our agent wasn't found */
@@ -90,7 +90,7 @@ FILE *RK_File(char *agent, int *agent_id)
if(rk_agent_ips[i] != NULL)
{
snprintf(rk_buf,OS_SIZE_1024, "%s/%s", ROOTCHECK_DIR,agent);
-
+
/* r+ to read and write. Do not truncate */
rk_agent_fps[i] = fopen(rk_buf,"r+");
if(!rk_agent_fps[i])
@@ -106,7 +106,7 @@ FILE *RK_File(char *agent, int *agent_id)
if(!rk_agent_fps[i])
{
merror(FOPEN_ERROR, ARGV0, rk_buf);
-
+
free(rk_agent_ips[i]);
rk_agent_ips[i] = NULL;
@@ -164,7 +164,7 @@ int DecodeRootcheck(Eventinfo *lf)
merror("%s: Error handling rootcheck database (fgetpos).",ARGV0);
return(0);
}
-
+
/* Reads the file and search for a possible
* entry
@@ -187,14 +187,14 @@ int DecodeRootcheck(Eventinfo *lf)
tmpstr = strchr(rk_buf, '\n');
if(tmpstr)
{
- *tmpstr = '\0';
+ *tmpstr = '\0';
}
-
+
/* Old format without the time stampts */
if(rk_buf[0] != '!')
{
- /* Cannot use strncmp to avoid errors with crafted files */
+ /* Cannot use strncmp to avoid errors with crafted files */
if(strcmp(lf->log, rk_buf) == 0)
{
rootcheck_dec->fts = 0;
@@ -207,14 +207,14 @@ int DecodeRootcheck(Eventinfo *lf)
{
/* Going past time: !1183431603!1183431603 (last, first saw) */
tmpstr = rk_buf + 23;
-
+
/* Matches, we need to upgrade last time saw */
if(strcmp(lf->log, tmpstr) == 0)
{
fsetpos(fp, &fp_pos);
fprintf(fp, "!%d", lf->time);
rootcheck_dec->fts = 0;
- lf->decoder_info = rootcheck_dec;
+ lf->decoder_info = rootcheck_dec;
return(1);
}
}
@@ -225,9 +225,9 @@ int DecodeRootcheck(Eventinfo *lf)
merror("%s: Error handling rootcheck database (fgetpos3).",ARGV0);
return(0);
}
- }
+ }
+
-
/* Adding the new entry at the end of the file */
fseek(fp, 0, SEEK_END);
fprintf(fp,"!%d!%d %s\n",lf->time, lf->time, lf->log);
@@ -236,7 +236,7 @@ int DecodeRootcheck(Eventinfo *lf)
rootcheck_dec->fts = 0;
rootcheck_dec->fts |= FTS_DONE;
lf->decoder_info = rootcheck_dec;
- return(1);
+ return(1);
}
diff --git a/src/analysisd/decoders/syscheck.c b/src/analysisd/decoders/syscheck.c
index 698e373..8618813 100755
--- a/src/analysisd/decoders/syscheck.c
+++ b/src/analysisd/decoders/syscheck.c
@@ -45,7 +45,7 @@ typedef struct __sdb
int id3;
int idn;
int idd;
-
+
/* Syscheck rule */
OSDecoderInfo *syscheck_dec;
@@ -53,7 +53,7 @@ typedef struct __sdb
/* File search variables */
fpos_t init_pos;
-
+
}_sdb; /* syscheck db information */
@@ -70,7 +70,7 @@ void SyscheckInit()
int i = 0;
sdb.db_err = 0;
-
+
for(;i <= MAX_AGENTS;i++)
{
sdb.agent_ips[i] = NULL;
@@ -81,7 +81,7 @@ void SyscheckInit()
/* Clearing db memory */
memset(sdb.buf, '\0', OS_MAXSTR +1);
memset(sdb.comment, '\0', OS_MAXSTR +1);
-
+
memset(sdb.size, '\0', OS_FLSIZE +1);
memset(sdb.perm, '\0', OS_FLSIZE +1);
memset(sdb.owner, '\0', OS_FLSIZE +1);
@@ -96,13 +96,13 @@ void SyscheckInit()
sdb.syscheck_dec->name = SYSCHECK_MOD;
sdb.syscheck_dec->type = OSSEC_RL;
sdb.syscheck_dec->fts = 0;
-
+
sdb.id1 = getDecoderfromlist(SYSCHECK_MOD);
sdb.id2 = getDecoderfromlist(SYSCHECK_MOD2);
sdb.id3 = getDecoderfromlist(SYSCHECK_MOD3);
sdb.idn = getDecoderfromlist(SYSCHECK_NEW);
sdb.idd = getDecoderfromlist(SYSCHECK_DEL);
-
+
debug1("%s: SyscheckInit completed.", ARGV0);
return;
}
@@ -116,7 +116,7 @@ void SyscheckInit()
void __setcompleted(char *agent)
{
FILE *fp;
-
+
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/.%s.cpt", SYSCHECK_DIR, agent);
@@ -163,7 +163,7 @@ void DB_SetCompleted(Eventinfo *lf)
{
return;
}
-
+
__setcompleted(lf->location);
@@ -194,8 +194,8 @@ FILE *DB_File(char *agent, int *agent_id)
*agent_id = i;
return(sdb.agent_fps[i]);
}
-
- i++;
+
+ i++;
}
/* If here, our agent wasn't found */
@@ -210,8 +210,8 @@ FILE *DB_File(char *agent, int *agent_id)
/* Getting agent file */
snprintf(sdb.buf, OS_FLSIZE , "%s/%s", SYSCHECK_DIR,agent);
-
-
+
+
/* r+ to read and write. Do not truncate */
sdb.agent_fps[i] = fopen(sdb.buf,"r+");
if(!sdb.agent_fps[i])
@@ -224,8 +224,8 @@ FILE *DB_File(char *agent, int *agent_id)
sdb.agent_fps[i] = fopen(sdb.buf, "r+");
}
}
-
- /* Checking again */
+
+ /* Checking again */
if(!sdb.agent_fps[i])
{
merror("%s: Unable to open '%s'",ARGV0, sdb.buf);
@@ -239,12 +239,12 @@ FILE *DB_File(char *agent, int *agent_id)
/* Returning the opened pointer (the beginning of it) */
fseek(sdb.agent_fps[i],0, SEEK_SET);
*agent_id = i;
-
-
+
+
/* Getting if the agent was completed */
if(__iscompleted(agent))
{
- sdb.agent_cp[i][0] = '1';
+ sdb.agent_cp[i][0] = '1';
}
return(sdb.agent_fps[i]);
@@ -259,10 +259,10 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
int p = 0;
int sn_size;
int agent_id;
-
+
char *saved_sum;
char *saved_name;
-
+
FILE *fp;
@@ -285,8 +285,8 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
merror("%s: Error handling integrity database (fgetpos).",ARGV0);
return(0);
}
-
-
+
+
/* Looping the file */
while(fgets(sdb.buf, OS_MAXSTR, fp) != NULL)
{
@@ -298,7 +298,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
}
- /* Getting name */
+ /* Getting name */
saved_name = strchr(sdb.buf, ' ');
if(saved_name == NULL)
{
@@ -308,8 +308,8 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
}
*saved_name = '\0';
saved_name++;
-
-
+
+
/* New format - with a timestamp */
if(*saved_name == '!')
{
@@ -338,7 +338,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
fgetpos(fp, &sdb.init_pos);
continue;
}
-
+
saved_sum = sdb.buf;
@@ -362,10 +362,10 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
if(saved_sum[-2] == '!')
{
p++;
- if(saved_sum[-1] == '!')
+ if(saved_sum[-1] == '!')
p++;
else if(saved_sum[-1] == '?')
- p+=2;
+ p+=2;
}
}
@@ -425,7 +425,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
"File '%.756s' was deleted. Unable to retrieve "
"checksum.", f_name);
}
-
+
/* If file was re-added, do not compare changes */
else if(saved_sum[0] == '-' && saved_sum[1] == '1')
{
@@ -434,10 +434,10 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
"File '%.756s' was re-added.", f_name);
}
- else
+ else
{
int oldperm = 0, newperm = 0;
-
+
/* Providing more info about the file change */
char *oldsize = NULL, *newsize = NULL;
char *olduid = NULL, *newuid = NULL;
@@ -551,16 +551,16 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
"to '%c%c%c%c%c%c%c%c%c'\n",
(oldperm & S_IRUSR)? 'r' : '-',
(oldperm & S_IWUSR)? 'w' : '-',
-
+
(oldperm & S_ISUID)? 's' :
(oldperm & S_IXUSR)? 'x' : '-',
-
+
(oldperm & S_IRGRP)? 'r' : '-',
(oldperm & S_IWGRP)? 'w' : '-',
(oldperm & S_ISGID)? 's' :
(oldperm & S_IXGRP)? 'x' : '-',
-
+
(oldperm & S_IROTH)? 'r' : '-',
(oldperm & S_IWOTH)? 'w' : '-',
@@ -575,10 +575,10 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
(newperm & S_ISUID)? 's' :
(newperm & S_IXUSR)? 'x' : '-',
-
+
(newperm & S_IRGRP)? 'r' : '-',
(newperm & S_IWGRP)? 'w' : '-',
-
+
(newperm & S_ISGID)? 's' :
(newperm & S_IXGRP)? 'x' : '-',
@@ -610,7 +610,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
os_strdup(olduid, lf->owner_before);
os_strdup(newuid, lf->owner_after);
#endif
- }
+ }
/* group ownership message */
if(!newgid || !oldgid || strcmp(newgid, oldgid) == 0)
@@ -664,7 +664,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
#endif
- /* Provide information about the file */
+ /* Provide information about the file */
snprintf(sdb.comment, OS_MAXSTR, "Integrity checksum changed for: "
"'%.756s'\n"
"%s"
@@ -674,7 +674,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
"%s"
"%s"
"%s%s",
- f_name,
+ f_name,
sdb.size,
sdb.perm,
sdb.owner,
@@ -693,19 +693,19 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
lf->log = lf->full_log;
lf->data = NULL;
-
+
/* Setting decoder */
lf->decoder_info = sdb.syscheck_dec;
-
- return(1);
+
+ return(1);
} /* continuiing... */
/* If we reach here, this file is not present on our database */
fseek(fp, 0, SEEK_END);
-
+
fprintf(fp,"+++%s !%d %s\n", c_sum, lf->time, f_name);
fflush(fp);
@@ -719,7 +719,7 @@ int DB_Search(char *f_name, char *c_sum, Eventinfo *lf)
snprintf(sdb.comment, OS_MAXSTR,
"New file '%.756s' "
"added to the file system.", f_name);
-
+
/* Creating a new log message */
free(lf->full_log);
@@ -747,10 +747,10 @@ int DecodeSyscheck(Eventinfo *lf)
{
char *c_sum;
char *f_name;
-
-
+
+
/* Every syscheck message must be in the following format:
- * checksum filename
+ * checksum filename
*/
f_name = strchr(lf->log, ' ');
if(f_name == NULL)
@@ -763,7 +763,7 @@ int DecodeSyscheck(Eventinfo *lf)
DB_SetCompleted(lf);
return(0);
}
-
+
merror(SK_INV_MSG, ARGV0);
return(0);
}
@@ -785,14 +785,14 @@ int DecodeSyscheck(Eventinfo *lf)
{
lf->data = NULL;
}
-
-
+
+
/* Checking if file is supposed to be ignored */
if(Config.syscheck_ignore)
{
char **ff_ig = Config.syscheck_ignore;
-
+
while(*ff_ig)
{
if(strncasecmp(*ff_ig, f_name, strlen(*ff_ig)) == 0)
@@ -800,16 +800,16 @@ int DecodeSyscheck(Eventinfo *lf)
lf->data = NULL;
return(0);
}
-
+
ff_ig++;
}
}
-
-
+
+
/* Checksum is at the beginning of the log */
c_sum = lf->log;
-
-
+
+
/* Searching for file changes */
return(DB_Search(f_name, c_sum, lf));
}
diff --git a/src/analysisd/dodiff.c b/src/analysisd/dodiff.c
index cbfe5de..2fba506 100755
--- a/src/analysisd/dodiff.c
+++ b/src/analysisd/dodiff.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -35,7 +35,7 @@ static int _add2last(char *str, int strsize, char *file)
dirrule = strrchr(file, '/');
if(!dirrule)
{
- merror("%s: ERROR: Invalid file name to diff: %s",
+ merror("%s: ERROR: Invalid file name to diff: %s",
ARGV0, file);
return(0);
}
@@ -108,8 +108,8 @@ int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
{
*htpt = '\0';
}
- snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname+1,
- currently_rule->sigid, DIFF_LAST_FILE);
+ snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname+1,
+ currently_rule->sigid, DIFF_LAST_FILE);
if(htpt)
{
@@ -119,7 +119,7 @@ int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
}
else
{
- snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
+ snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
currently_rule->sigid, DIFF_LAST_FILE);
}
@@ -182,8 +182,8 @@ int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
{
*htpt = '\0';
}
- snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname+1,
- currently_rule->sigid, date_of_change);
+ snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname+1,
+ currently_rule->sigid, date_of_change);
if(htpt)
{
@@ -193,7 +193,7 @@ int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
}
else
{
- snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname,
+ snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname,
currently_rule->sigid, date_of_change);
}
diff --git a/src/analysisd/eventinfo.c b/src/analysisd/eventinfo.c
index e759a57..b35fd40 100755
--- a/src/analysisd/eventinfo.c
+++ b/src/analysisd/eventinfo.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -17,7 +17,7 @@
/* Part of the OSSEC.
* Available at http://www.ossec.net
*/
-
+
#include "config.h"
@@ -34,8 +34,8 @@ Eventinfo *Search_LastSids(Eventinfo *my_lf, RuleInfo *currently_rule)
Eventinfo *lf;
Eventinfo *first_lf;
OSListNode *lf_node;
-
-
+
+
/* Setting frequency to 0 */
currently_rule->__frequency = 0;
@@ -53,12 +53,12 @@ Eventinfo *Search_LastSids(Eventinfo *my_lf, RuleInfo *currently_rule)
return(NULL);
}
first_lf = (Eventinfo *)lf_node->data;
-
+
do
{
lf = (Eventinfo *)lf_node->data;
-
+
/* If time is outside the timeframe, return */
if((c_time - lf->time) > currently_rule->timeframe)
{
@@ -344,16 +344,16 @@ Eventinfo *Search_LastGroups(Eventinfo *my_lf, RuleInfo *currently_rule)
}
-/* Search LastEvents.
+/* Search LastEvents.
* Will look if any of the last events (inside the timeframe)
- * match the specified rule.
+ * match the specified rule.
*/
Eventinfo *Search_LastEvents(Eventinfo *my_lf, RuleInfo *currently_rule)
{
EventNode *eventnode_pt;
Eventinfo *lf;
Eventinfo *first_lf;
-
+
merror("XXXX : remove me!");
@@ -365,17 +365,17 @@ Eventinfo *Search_LastEvents(Eventinfo *my_lf, RuleInfo *currently_rule)
/* Nothing found */
return(NULL);
}
-
+
/* Setting frequency to 0 */
currently_rule->__frequency = 0;
first_lf = (Eventinfo *)eventnode_pt->event;
-
-
+
+
/* Searching all previous events */
do
{
lf = eventnode_pt->event;
-
+
/* If time is outside the timeframe, return */
if((c_time - lf->time) > currently_rule->timeframe)
{
@@ -383,22 +383,22 @@ Eventinfo *Search_LastEvents(Eventinfo *my_lf, RuleInfo *currently_rule)
}
- /* We avoid multiple triggers for the same rule
+ /* We avoid multiple triggers for the same rule
* or rules with a lower level.
*/
else if(lf->matched >= currently_rule->level)
{
return(NULL);
}
-
-
+
+
/* The category must be the same */
else if(lf->decoder_info->type != my_lf->decoder_info->type)
{
- continue;
+ continue;
}
-
-
+
+
/* If regex does not match, go to next */
if(currently_rule->if_matched_regex)
{
@@ -414,27 +414,27 @@ Eventinfo *Search_LastEvents(Eventinfo *my_lf, RuleInfo *currently_rule)
{
if((!lf->dstuser)||(!my_lf->dstuser))
continue;
-
+
if(strcmp(lf->dstuser,my_lf->dstuser) != 0)
continue;
}
-
+
/* Checking for same id */
if(currently_rule->context_opts & SAME_ID)
{
if((!lf->id) || (!my_lf->id))
continue;
-
+
if(strcmp(lf->id,my_lf->id) != 0)
- continue;
+ continue;
}
-
+
/* Checking for repetitions from same src_ip */
if(currently_rule->context_opts & SAME_SRCIP)
{
if((!lf->srcip)||(!my_lf->srcip))
continue;
-
+
if(strcmp(lf->srcip,my_lf->srcip) != 0)
continue;
}
@@ -453,33 +453,33 @@ Eventinfo *Search_LastEvents(Eventinfo *my_lf, RuleInfo *currently_rule)
}
}
-
- /* Checking if the number of matches worked */
+
+ /* Checking if the number of matches worked */
if(currently_rule->__frequency < currently_rule->frequency)
{
if(currently_rule->__frequency <= 10)
{
- currently_rule->last_events[currently_rule->__frequency]
+ currently_rule->last_events[currently_rule->__frequency]
= lf->full_log;
- currently_rule->last_events[currently_rule->__frequency+1]
+ currently_rule->last_events[currently_rule->__frequency+1]
= NULL;
}
-
+
currently_rule->__frequency++;
continue;
}
-
-
+
+
/* If reached here, we matched */
my_lf->matched = currently_rule->level;
lf->matched = currently_rule->level;
first_lf->matched = currently_rule->level;
-
- return(lf);
-
+
+ return(lf);
+
}while((eventnode_pt = eventnode_pt->next) != NULL);
-
+
return(NULL);
}
@@ -510,7 +510,7 @@ void Zero_Eventinfo(Eventinfo *lf)
lf->time = 0;
lf->matched = 0;
-
+
lf->year = 0;
lf->mon[3] = '\0';
lf->hour[9] = '\0';
@@ -522,18 +522,18 @@ void Zero_Eventinfo(Eventinfo *lf)
#ifdef PRELUDE
lf->filename = NULL;
- lf->perm_before = 0;
- lf->perm_after = 0;
- lf->md5_before = NULL;
- lf->md5_after = NULL;
- lf->sha1_before = NULL;
- lf->sha1_after = NULL;
- lf->size_before = NULL;
- lf->size_after = NULL;
- lf->owner_before = NULL;
- lf->owner_after = NULL;
- lf->gowner_before = NULL;
- lf->gowner_after = NULL;
+ lf->perm_before = 0;
+ lf->perm_after = 0;
+ lf->md5_before = NULL;
+ lf->md5_after = NULL;
+ lf->sha1_before = NULL;
+ lf->sha1_after = NULL;
+ lf->size_before = NULL;
+ lf->size_after = NULL;
+ lf->owner_before = NULL;
+ lf->owner_after = NULL;
+ lf->gowner_before = NULL;
+ lf->gowner_after = NULL;
#endif
return;
@@ -547,11 +547,11 @@ void Free_Eventinfo(Eventinfo *lf)
merror("%s: Trying to free NULL event. Inconsistent..",ARGV0);
return;
}
-
+
if(lf->full_log)
- free(lf->full_log);
+ free(lf->full_log);
if(lf->location)
- free(lf->location);
+ free(lf->location);
if(lf->srcip)
free(lf->srcip);
@@ -564,13 +564,13 @@ void Free_Eventinfo(Eventinfo *lf)
if(lf->protocol)
free(lf->protocol);
if(lf->action)
- free(lf->action);
+ free(lf->action);
if(lf->status)
free(lf->status);
if(lf->srcuser)
free(lf->srcuser);
if(lf->dstuser)
- free(lf->dstuser);
+ free(lf->dstuser);
if(lf->id)
free(lf->id);
if(lf->command)
@@ -579,39 +579,39 @@ void Free_Eventinfo(Eventinfo *lf)
free(lf->url);
if(lf->data)
- free(lf->data);
+ free(lf->data);
if(lf->systemname)
- free(lf->systemname);
+ free(lf->systemname);
#ifdef PRELUDE
if(lf->filename)
free(lf->filename);
if (lf->md5_before)
- free(lf->md5_before);
+ free(lf->md5_before);
if (lf->md5_after)
- free(lf->md5_after);
+ free(lf->md5_after);
if (lf->sha1_before)
- free(lf->sha1_before);
+ free(lf->sha1_before);
if (lf->sha1_after)
- free(lf->sha1_after);
+ free(lf->sha1_after);
if (lf->size_before)
- free(lf->size_before);
+ free(lf->size_before);
if (lf->size_after)
- free(lf->size_after);
+ free(lf->size_after);
if (lf->owner_before)
- free(lf->owner_before);
+ free(lf->owner_before);
if (lf->owner_after)
- free(lf->owner_after);
+ free(lf->owner_after);
if (lf->gowner_before)
- free(lf->gowner_before);
+ free(lf->gowner_before);
if (lf->gowner_after)
- free(lf->gowner_after);
+ free(lf->gowner_after);
#endif
/* Freeing node to delete */
if(lf->sid_node_to_delete)
{
- OSList_DeleteThisNode(lf->generated_rule->sid_prev_matched,
+ OSList_DeleteThisNode(lf->generated_rule->sid_prev_matched,
lf->sid_node_to_delete);
}
else if(lf->generated_rule && lf->generated_rule->group_prev_matched)
@@ -622,16 +622,16 @@ void Free_Eventinfo(Eventinfo *lf)
{
OSList_DeleteOldestNode(lf->generated_rule->group_prev_matched[i]);
i++;
- }
+ }
}
-
+
/* We dont need to free:
* fts
* comment
*/
free(lf);
- lf = NULL;
-
+ lf = NULL;
+
return;
}
diff --git a/src/analysisd/eventinfo.h b/src/analysisd/eventinfo.h
index e03fc3d..fb5b4b6 100755
--- a/src/analysisd/eventinfo.h
+++ b/src/analysisd/eventinfo.h
@@ -64,7 +64,7 @@ typedef struct _Eventinfo
/* Other internal variables */
short int matched;
-
+
int time;
int day;
int year;
diff --git a/src/analysisd/eventinfo_list.c b/src/analysisd/eventinfo_list.c
index b10bf2c..a2d096f 100755
--- a/src/analysisd/eventinfo_list.c
+++ b/src/analysisd/eventinfo_list.c
@@ -9,12 +9,12 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-#include "shared.h"
+#include "shared.h"
#include "eventinfo.h"
@@ -44,46 +44,46 @@ EventNode *OS_GetLastEvent()
{
EventNode *eventnode_pt = eventnode;
- return(eventnode_pt);
+ return(eventnode_pt);
}
/* Add an event to the list -- always to the begining */
void OS_AddEvent(Eventinfo *lf)
{
EventNode *tmp_node = eventnode;
-
+
if(tmp_node)
{
EventNode *new_node;
new_node = (EventNode *)calloc(1,sizeof(EventNode));
-
+
if(new_node == NULL)
{
ErrorExit(MEM_ERROR,ARGV0);
}
- /* Always adding to the beginning of the list
+ /* Always adding to the beginning of the list
* The new node will become the first node and
* new_node->next will be the previous first node
*/
new_node->next = tmp_node;
new_node->prev = NULL;
tmp_node->prev = new_node;
-
+
eventnode = new_node;
/* Adding the event to the node */
new_node->event = lf;
_memoryused++;
-
+
/* Need to remove the last nodes */
if(_memoryused > _memorymaxsize)
{
int i = 0;
EventNode *oldlast;
-
- /* Remove at least the last 10 events
+
+ /* Remove at least the last 10 events
* or the events that will not match anymore
* (higher than max frequency)
*/
@@ -102,7 +102,7 @@ void OS_AddEvent(Eventinfo *lf)
}
}
}
-
+
else
{
/* Adding first node */
@@ -115,8 +115,8 @@ void OS_AddEvent(Eventinfo *lf)
eventnode->prev = NULL;
eventnode->next = NULL;
eventnode->event = lf;
-
- lastnode = eventnode;
+
+ lastnode = eventnode;
}
return;
diff --git a/src/analysisd/fts.c b/src/analysisd/fts.c
index fc97c20..9ab65c6 100755
--- a/src/analysisd/fts.c
+++ b/src/analysisd/fts.c
@@ -9,12 +9,12 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-/* First time seen functions
+/* First time seen functions
*/
@@ -39,8 +39,8 @@ int FTS_Init()
char _line[OS_FLSIZE + 1];
_line[OS_FLSIZE] = '\0';
-
-
+
+
fts_list = OSList_Create();
if(!fts_list)
{
@@ -60,7 +60,7 @@ int FTS_Init()
merror(LIST_ERROR, ARGV0);
return(0);
}
-
+
/* Getting default list size */
fts_list_size = getDefine_Int("analysisd",
@@ -71,7 +71,7 @@ int FTS_Init()
fts_minsize_for_str = getDefine_Int("analysisd",
"fts_min_size_for_str",
6, 128);
-
+
if(!OSList_SetMaxSize(fts_list, fts_list_size))
{
merror(LIST_SIZE_ERROR, ARGV0);
@@ -87,8 +87,14 @@ int FTS_Init()
fp_list = fopen(FTS_QUEUE, "w+");
if(fp_list)
fclose(fp_list);
-
- chmod(FTS_QUEUE, 0777);
+
+ chmod(FTS_QUEUE, 0640);
+
+ int uid = Privsep_GetUser(USER);
+ int gid = Privsep_GetGroup(GROUPGLOBAL);
+ if(uid>=0 && gid>=0)
+ chown(FTS_QUEUE, uid, gid);
+
fp_list = fopen(FTS_QUEUE, "r+");
if(!fp_list)
{
@@ -120,7 +126,7 @@ int FTS_Init()
}
}
-
+
/* Creating ignore list */
fp_ignore = fopen(IG_QUEUE, "r+");
if(!fp_ignore)
@@ -129,8 +135,14 @@ int FTS_Init()
fp_ignore = fopen(IG_QUEUE, "w+");
if(fp_ignore)
fclose(fp_ignore);
-
- chmod(IG_QUEUE, 0777);
+
+ chmod(IG_QUEUE, 0640);
+
+ int uid = Privsep_GetUser(USER);
+ int gid = Privsep_GetGroup(GROUPGLOBAL);
+ if(uid>=0 && gid>=0)
+ chown(IG_QUEUE, uid, gid);
+
fp_ignore = fopen(IG_QUEUE, "r+");
if(!fp_ignore)
{
@@ -140,7 +152,7 @@ int FTS_Init()
}
debug1("%s: DEBUG: FTSInit completed.", ARGV0);
-
+
return(1);
}
@@ -148,12 +160,12 @@ int FTS_Init()
*/
void AddtoIGnore(Eventinfo *lf)
{
- fseek(fp_ignore, 0, SEEK_END);
+ fseek(fp_ignore, 0, SEEK_END);
#ifdef TESTRULE
return;
#endif
-
+
/* Assigning the values to the FTS */
fprintf(fp_ignore, "%s %s %s %s %s %s %s %s\n",
(lf->decoder_info->name && (lf->generated_rule->ignore & FTS_NAME))?
@@ -166,9 +178,9 @@ void AddtoIGnore(Eventinfo *lf)
(lf->dstip && (lf->generated_rule->ignore & FTS_DSTIP))?
lf->dstip:"",
(lf->data && (lf->generated_rule->ignore & FTS_DATA))?
- lf->data:"",
+ lf->data:"",
(lf->systemname && (lf->generated_rule->ignore & FTS_SYSTEMNAME))?
- lf->systemname:"",
+ lf->systemname:"",
(lf->generated_rule->ignore & FTS_LOCATION)?lf->location:"");
fflush(fp_ignore);
@@ -203,7 +215,7 @@ int IGnore(Eventinfo *lf)
(lf->data && (lf->generated_rule->ignore & FTS_DATA))?
lf->data:"",
(lf->systemname && (lf->generated_rule->ignore & FTS_SYSTEMNAME))?
- lf->systemname:"",
+ lf->systemname:"",
(lf->generated_rule->ckignore & FTS_LOCATION)?lf->location:"");
_fline[OS_FLSIZE] = '\0';
@@ -228,13 +240,13 @@ int IGnore(Eventinfo *lf)
/* FTS v0.1
* Check if the word "msg" is present on the "queue".
* If it is not, write it there.
- */
+ */
int FTS(Eventinfo *lf)
{
int number_of_matches = 0;
char _line[OS_FLSIZE + 1];
-
+
char *line_for_list = NULL;
OSListNode *fts_node;
@@ -259,9 +271,9 @@ int FTS(Eventinfo *lf)
if(OSHash_Get(fts_store, _line))
{
return(0);
- }
+ }
+
-
/* Checking if from the last FTS events, we had
* at least 3 "similars" before. If yes, we just
* ignore it.
@@ -271,7 +283,7 @@ int FTS(Eventinfo *lf)
fts_node = OSList_GetLastNode(fts_list);
while(fts_node)
{
- if(OS_StrHowClosedMatch((char *)fts_node->data, _line) >
+ if(OS_StrHowClosedMatch((char *)fts_node->data, _line) >
fts_minsize_for_str)
{
number_of_matches++;
@@ -290,8 +302,8 @@ int FTS(Eventinfo *lf)
os_strdup(_line, line_for_list);
OSList_AddData(fts_list, line_for_list);
}
-
-
+
+
/* Storing new entry */
if(line_for_list == NULL)
{
@@ -303,12 +315,12 @@ int FTS(Eventinfo *lf)
return(0);
}
-
+
#ifdef TESTRULE
return(1);
#endif
-
-
+
+
/* Saving to fts fp */
fseek(fp_list, 0, SEEK_END);
fprintf(fp_list,"%s\n", _line);
diff --git a/src/analysisd/lists.c b/src/analysisd/lists.c
index b7a677e..9d907dc 100644
--- a/src/analysisd/lists.c
+++ b/src/analysisd/lists.c
@@ -9,7 +9,7 @@
* License (version 3) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -26,7 +26,7 @@
void Lists_OP_CreateLists()
{
OS_CreateListsList();
- return;
+ return;
}
int Lists_OP_LoadList(char * listfile)
diff --git a/src/analysisd/lists_list.c b/src/analysisd/lists_list.c
index 78f8b5e..e5f8358 100644
--- a/src/analysisd/lists_list.c
+++ b/src/analysisd/lists_list.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rules.h"
#include "cdb/cdb.h"
@@ -23,7 +23,7 @@
ListNode *global_listnode;
ListRule *global_listrule;
-/*
+/*
*/
ListNode *_OS_AddList(ListNode *new_listnode);
@@ -41,14 +41,14 @@ void OS_CreateListsList()
ListNode *OS_GetFirstList()
{
ListNode *listnode_pt = global_listnode;
-
- return(listnode_pt);
+
+ return(listnode_pt);
}
ListRule *OS_GetFirstListRule()
{
- ListRule *listrule_pt = global_listrule;
- return listrule_pt;
+ ListRule *listrule_pt = global_listrule;
+ return listrule_pt;
}
void OS_ListLoadRules()
@@ -67,19 +67,19 @@ void OS_ListLoadRules()
ListRule *_OS_AddListRule(ListRule *new_listrule)
{
-
+
if(global_listrule == NULL)
{
global_listrule = new_listrule;
- }
- else
+ }
+ else
{
ListRule *last_list_rule = global_listrule;
while(last_list_rule->next != NULL)
{
- last_list_rule = last_list_rule->next;
+ last_list_rule = last_list_rule->next;
}
- last_list_rule->next = new_listrule;
+ last_list_rule->next = new_listrule;
}
return(global_listrule);
}
@@ -104,7 +104,7 @@ ListNode *_OS_AddList(ListNode *new_listnode)
last_list_node = last_list_node->next;
}
last_list_node->next = new_listnode;
-
+
}
return(global_listnode);
}
@@ -123,7 +123,7 @@ ListNode *_OS_FindList(ListNode *_listnode, char *listname)
do
{
if (strcmp(last_list_node->txt_filename, listname) == 0 ||
- strcmp(last_list_node->cdb_filename, listname) == 0)
+ strcmp(last_list_node->cdb_filename, listname) == 0)
{
/* Found first match returning */
return(last_list_node);
@@ -133,7 +133,7 @@ ListNode *_OS_FindList(ListNode *_listnode, char *listname)
}
return(NULL);
}
-
+
ListNode *OS_FindList(char *listname)
{
ListNode *matched = NULL;
@@ -141,9 +141,9 @@ ListNode *OS_FindList(char *listname)
return matched;
}
-ListRule *OS_AddListRule(ListRule *first_rule_list,
- int lookup_type,
- int field,
+ListRule *OS_AddListRule(ListRule *first_rule_list,
+ int lookup_type,
+ int field,
char *listname,
OSMatch *matcher)
{
@@ -152,7 +152,7 @@ ListRule *OS_AddListRule(ListRule *first_rule_list,
new_rulelist_pt->field = field;
new_rulelist_pt->next = NULL;
new_rulelist_pt->matcher = matcher;
- new_rulelist_pt->lookup_type = lookup_type;
+ new_rulelist_pt->lookup_type = lookup_type;
new_rulelist_pt->filename = listname;
if((new_rulelist_pt->db = OS_FindList(listname)) == NULL)
new_rulelist_pt->loaded = 0;
@@ -212,11 +212,11 @@ int OS_DBSearchKeyValue(ListRule *lrule, char *key)
cdb_read(&lrule->db->cdb, val, vlen, vpos);
result = OSMatch_Execute(val, vlen, lrule->matcher);
free(val);
- return result;
+ return result;
} else {
return 0;
}
- }
+ }
return 0;
}
@@ -228,7 +228,7 @@ int OS_DBSeachKey(ListRule *lrule, char *key)
{
if(_OS_CDBOpen(lrule->db) == -1) return -1;
if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) return 1;
- }
+ }
return 0;
}
@@ -240,12 +240,12 @@ int OS_DBSeachKeyAddress(ListRule *lrule, char *key)
{
if(_OS_CDBOpen(lrule->db) == -1) return -1;
//snprintf(_ip,128,"%s",key);
- //XXX Breka apart string on the . boundtrys a loop over to longest match.
+ //XXX Breka apart string on the . boundtrys a loop over to longest match.
if( cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) {
return 1;
}
- else
+ else
{
char *tmpkey;
os_strdup(key, tmpkey);
@@ -256,19 +256,65 @@ int OS_DBSeachKeyAddress(ListRule *lrule, char *key)
if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) {
free(tmpkey);
return 1;
- }
+ }
+ }
+ tmpkey[strlen(tmpkey) - 1] = '\0';
+ }
+ free(tmpkey);
+ }
+ }
+ return 0;
+}
+
+int OS_DBSearchKeyAddressValue(ListRule *lrule, char *key)
+{
+ int result=-1;
+ char *val;
+ unsigned vlen, vpos;
+ if (lrule->db!= NULL)
+ {
+ if(_OS_CDBOpen(lrule->db) == -1) return 0;
+
+ // First lookup for a single IP address
+ if(cdb_find(&lrule->db->cdb, key, strlen(key)) > 0 ) {
+ vpos = cdb_datapos(&lrule->db->cdb);
+ vlen = cdb_datalen(&lrule->db->cdb);
+ val = malloc(vlen);
+ cdb_read(&lrule->db->cdb, val, vlen, vpos);
+ result = OSMatch_Execute(val, vlen, lrule->matcher);
+ free(val);
+ return result;
+ } else {
+ // IP address not found, look for matching subnets
+ char *tmpkey;
+ os_strdup(key, tmpkey);
+ while(strlen(tmpkey) > 0)
+ {
+ if(tmpkey[strlen(tmpkey) - 1] == '.')
+ {
+ if( cdb_find(&lrule->db->cdb, tmpkey, strlen(tmpkey)) > 0 ) {
+ vpos = cdb_datapos(&lrule->db->cdb);
+ vlen = cdb_datalen(&lrule->db->cdb);
+ val = malloc(vlen);
+ cdb_read(&lrule->db->cdb, val, vlen, vpos);
+ result = OSMatch_Execute(val, vlen, lrule->matcher);
+ free(val);
+ free(tmpkey);
+ return result;
+ }
}
tmpkey[strlen(tmpkey) - 1] = '\0';
}
free(tmpkey);
+ return 0;
}
- }
+ }
return 0;
}
int OS_DBSearch(ListRule *lrule, char *key)
{
- //XXX - god damn hack!!! Jeremy Rossi
+ //XXX - god damn hack!!! Jeremy Rossi
if (lrule->loaded == 0)
{
lrule->db = OS_FindList(lrule->filename);
@@ -280,7 +326,7 @@ int OS_DBSearch(ListRule *lrule, char *key)
//debug1("LR_STRING_MATCH");
if(OS_DBSeachKey(lrule, key) == 1)
return 1;
- else
+ else
return 0;
break;
case LR_STRING_NOT_MATCH:
@@ -292,8 +338,10 @@ int OS_DBSearch(ListRule *lrule, char *key)
break;
case LR_STRING_MATCH_VALUE:
//debug1("LR_STRING_MATCH_VALUE");
- // XXX TODO
- return 0;
+ if (OS_DBSearchKeyValue(lrule, key) == 1)
+ return 1;
+ else
+ return 0;
break;
case LR_ADDRESS_MATCH:
//debug1("LR_ADDRESS_MATCH");
@@ -301,15 +349,17 @@ int OS_DBSearch(ListRule *lrule, char *key)
break;
case LR_ADDRESS_NOT_MATCH:
//debug1("LR_ADDRESS_NOT_MATCH");
- if(OS_DBSeachKeyAddress(lrule, key) == 0)
+ if (OS_DBSeachKeyAddress(lrule, key) == 0)
return 1;
else
return 0;
break;
- case LR_ADDRESS_MATCH_VALUE:
+ case LR_ADDRESS_MATCH_VALUE:
//debug1("LR_ADDRESS_MATCH_VALUE");
- // XXX TODO
- return 0;
+ if (OS_DBSearchKeyAddressValue(lrule, key) == 0)
+ return 1;
+ else
+ return 0;
break;
default:
debug1("lists_list.c::OS_DBSearch should never hit default");
diff --git a/src/analysisd/lists_make.c b/src/analysisd/lists_make.c
index a33bf9d..7d9730c 100644
--- a/src/analysisd/lists_make.c
+++ b/src/analysisd/lists_make.c
@@ -47,7 +47,7 @@ void Lists_OP_MakeCDB(char *txt_filename, char *cdb_filename, int force)
str[OS_MAXSTR]= '\0';
char tmp_filename[OS_MAXSTR];
- tmp_filename[OS_MAXSTR - 2] = '\0';
+ tmp_filename[OS_MAXSTR - 2] = '\0';
snprintf(tmp_filename, OS_MAXSTR - 2, "%s.tmp", txt_filename);
/*
@@ -59,7 +59,7 @@ void Lists_OP_MakeCDB(char *txt_filename, char *cdb_filename, int force)
if(File_DateofChange(txt_filename) > File_DateofChange(cdb_filename) ||
force)
{
- printf(" * File %s need to be updated\n", cdb_filename);
+ printf(" * File %s needs to be updated\n", cdb_filename);
tmp_fd = fopen(tmp_filename, "w+");
cdb_make_start(&cdbm, tmp_fd);
if(!(txt_fd = fopen(txt_filename, "r")))
@@ -69,20 +69,20 @@ void Lists_OP_MakeCDB(char *txt_filename, char *cdb_filename, int force)
}
while((fgets(str, OS_MAXSTR-1,txt_fd)) != NULL)
{
- /* Removing new lines or carriage returns. */
- tmp_str = strchr(str, '\r');
- if(tmp_str)
- *tmp_str = '\0';
- tmp_str = strchr(str, '\n');
- if(tmp_str)
- *tmp_str = '\0';
+ /* Removing new lines or carriage returns. */
+ tmp_str = strchr(str, '\r');
+ if(tmp_str)
+ *tmp_str = '\0';
+ tmp_str = strchr(str, '\n');
+ if(tmp_str)
+ *tmp_str = '\0';
if((val = strchr(str, ':')))
{
*val = '\0';
val++;
}
else
- {
+ {
continue;
}
key = str;
diff --git a/src/analysisd/makelists.c b/src/analysisd/makelists.c
index 731cef7..a5afd77 100644
--- a/src/analysisd/makelists.c
+++ b/src/analysisd/makelists.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -17,13 +17,13 @@
/* Part of the OSSEC
* Available at http://www.ossec.net
*/
-
+
/* ossec-analysisd.
* Responsible for correlation and log decoding.
*/
-#ifdef ARGV0
- #undef ARGV0
+#ifdef ARGV0
+ #undef ARGV0
#define ARGV0 "ossec-testrule"
#endif
@@ -144,7 +144,7 @@ int main(int argc, char **argv)
/* Found user */
debug1(FOUND_USER, ARGV0);
-
+
/* Reading configuration file */
if(GlobalConf(cfg) < 0)
{
@@ -152,7 +152,7 @@ int main(int argc, char **argv)
}
debug1(READ_CONFIG, ARGV0);
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
@@ -162,8 +162,8 @@ int main(int argc, char **argv)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
-
-
+
+
/* Createing the lists for use in rules */
Lists_OP_CreateLists();
diff --git a/src/analysisd/picviz.c b/src/analysisd/picviz.c
index f670e27..a98ff1b 100644
--- a/src/analysisd/picviz.c
+++ b/src/analysisd/picviz.c
@@ -28,7 +28,7 @@ void OS_PicvizOpen(char *socket)
if(!picviz_fp)
{
merror("%s: Unable to open picviz socket file '%s'.",
- ARGV0, socket);
+ ARGV0, socket);
}
}
diff --git a/src/analysisd/prelude.c b/src/analysisd/prelude.c
index 4b7bcf0..711c57a 100644
--- a/src/analysisd/prelude.c
+++ b/src/analysisd/prelude.c
@@ -41,7 +41,7 @@ char *(ossec2prelude_sev[])={"info","info","info","info",
"low","low","low","low",
"medium", "medium", "medium", "medium",
"high", "high", "high", "high", "high"};
-
+
/* Prelude client */
static prelude_client_t *prelude_client;
@@ -59,7 +59,7 @@ void prelude_idmef_debug(idmef_message_t *idmef)
-static int
+static int
add_idmef_object(idmef_message_t *msg, const char *object, const char *value)
{
int ret = 0;
@@ -79,16 +79,16 @@ add_idmef_object(idmef_message_t *msg, const char *object, const char *value)
}
ret = idmef_value_new_from_path(&val, path, value);
- if(ret < 0)
+ if(ret < 0)
{
idmef_path_destroy(path);
return(-1);
}
ret = idmef_path_set(path, msg, val);
- if(ret < 0)
+ if(ret < 0)
{
- merror("%s: OSSEC2Prelude: IDMEF: Cannot add object '%s': %s.",
+ merror("%s: OSSEC2Prelude: IDMEF: Cannot add object '%s': %s.",
ARGV0, object, prelude_strerror(ret));
}
@@ -144,16 +144,16 @@ void prelude_start(char *profile, int argc, char **argv)
ret = prelude_init(&argc, argv);
- if (ret < 0)
+ if (ret < 0)
{
merror("%s: %s: Unable to initialize the Prelude library: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
return;
}
- ret = prelude_client_new(&prelude_client,
+ ret = prelude_client_new(&prelude_client,
profile!=NULL?profile:DEFAULT_ANALYZER_NAME);
- if (!prelude_client)
+ if (!prelude_client)
{
merror("%s: %s: Unable to create a prelude client object: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
@@ -163,25 +163,25 @@ void prelude_start(char *profile, int argc, char **argv)
ret = setup_analyzer(prelude_client_get_analyzer(prelude_client));
- if(ret < 0)
+ if(ret < 0)
{
merror("%s: %s: Unable to setup analyzer: %s",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
- prelude_client_destroy(prelude_client,
+ prelude_client_destroy(prelude_client,
PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
return;
}
- ret = prelude_client_set_flags(prelude_client,
- prelude_client_get_flags(prelude_client)
+ ret = prelude_client_set_flags(prelude_client,
+ prelude_client_get_flags(prelude_client)
| PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
if(ret < 0)
{
merror("%s: %s: Unable to set prelude client flags: %s.",
- ARGV0, prelude_strsource(ret), prelude_strerror(ret));
+ ARGV0, prelude_strsource(ret), prelude_strerror(ret));
}
@@ -193,12 +193,12 @@ void prelude_start(char *profile, int argc, char **argv)
ret = prelude_client_start(prelude_client);
- if (ret < 0)
+ if (ret < 0)
{
merror("%s: %s: Unable to initialize prelude client: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
- prelude_client_destroy(prelude_client,
+ prelude_client_destroy(prelude_client,
PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
return;
@@ -209,13 +209,13 @@ void prelude_start(char *profile, int argc, char **argv)
}
-void FileAccess_PreludeLog(idmef_message_t *idmef,
- int filenum,
- char *filename,
- char *md5,
- char *sha1,
- char *owner,
- char *gowner,
+void FileAccess_PreludeLog(idmef_message_t *idmef,
+ int filenum,
+ char *filename,
+ char *md5,
+ char *sha1,
+ char *owner,
+ char *gowner,
int perm) {
int _checksum_counter = 0;
@@ -238,7 +238,7 @@ void FileAccess_PreludeLog(idmef_message_t *idmef,
return;
}
-
+
/* Add the hashs */
if (md5) {
snprintf(_prelude_section,128,"alert.target(0).file(%d).checksum(%d).algorithm",filenum, _checksum_counter);
@@ -262,7 +262,7 @@ void FileAccess_PreludeLog(idmef_message_t *idmef,
add_idmef_object(idmef, _prelude_section,owner);
snprintf(_prelude_section,128,"alert.target(0).file(%d).File_Access(%d).user_id.type",filenum,FILE_USER);
add_idmef_object(idmef, _prelude_section, "user-privs");
- }
+ }
/*add the group owner */
if (gowner) {
debug1("%s: DEBUG: gowner = %s.", ARGV0, gowner);
@@ -339,7 +339,7 @@ void OS_PreludeLog(Eventinfo *lf)
idmef_message_t *idmef;
RuleInfoDetail *last_info_detail;
-
+
/* Generate prelude alert */
ret = idmef_message_new(&idmef);
if ( ret < 0 ) {
@@ -347,14 +347,14 @@ void OS_PreludeLog(Eventinfo *lf)
return;
}
-
- add_idmef_object(idmef, "alert.assessment.impact.description",
+
+ add_idmef_object(idmef, "alert.assessment.impact.description",
lf->generated_rule->comment);
- add_idmef_object(idmef, "alert.assessment.impact.severity",
- (lf->generated_rule->level > 15) ? "high":
+ add_idmef_object(idmef, "alert.assessment.impact.severity",
+ (lf->generated_rule->level > 15) ? "high":
ossec2prelude_sev[lf->generated_rule->level]);
-
+
add_idmef_object(idmef, "alert.assessment.impact.completion", "succeeded");
if (lf->action)
@@ -380,7 +380,7 @@ void OS_PreludeLog(Eventinfo *lf)
case 'T':
snprintf(_prelude_data,256,"CLOSED: %s", lf->action);
break;
- /* allow, accept, */
+ /* allow, accept, */
case 'a':
case 'A':
/* pass/permitted */
@@ -388,7 +388,7 @@ void OS_PreludeLog(Eventinfo *lf)
case 'P':
/* open */
case 'o':
- case 'O':
+ case 'O':
snprintf(_prelude_data,256,"ALLOW: %s", lf->action);
break;
default:
@@ -406,7 +406,7 @@ void OS_PreludeLog(Eventinfo *lf)
/* Begin Classification Infomations */
{
- add_idmef_object(idmef, "alert.classification.text",
+ add_idmef_object(idmef, "alert.classification.text",
lf->generated_rule->comment);
@@ -429,7 +429,7 @@ void OS_PreludeLog(Eventinfo *lf)
}
/* Rule sid is used to create a link to the rule on the OSSEC wiki */
- if(lf->generated_rule->sigid)
+ if(lf->generated_rule->sigid)
{
snprintf(_prelude_section,128,"alert.classification.reference(%d).origin",
classification_counter);
@@ -448,17 +448,17 @@ void OS_PreludeLog(Eventinfo *lf)
classification_counter);
snprintf(_prelude_data, 256,"http://www.ossec.net/wiki/Rule:%d",
lf->generated_rule->sigid);
- add_idmef_object(idmef, _prelude_section, _prelude_data);
+ add_idmef_object(idmef, _prelude_section, _prelude_data);
classification_counter++;
}
/* Extended Info Details */
- for (last_info_detail = lf->generated_rule->info_details;
- last_info_detail != NULL;
+ for (last_info_detail = lf->generated_rule->info_details;
+ last_info_detail != NULL;
last_info_detail = last_info_detail->next)
{
- if (last_info_detail->type == RULEINFODETAIL_LINK)
+ if (last_info_detail->type == RULEINFODETAIL_LINK)
{
snprintf(_prelude_section,128,"alert.classification.reference(%d).origin",
classification_counter);
@@ -470,16 +470,16 @@ void OS_PreludeLog(Eventinfo *lf)
add_idmef_object(idmef, _prelude_section, _prelude_data);
snprintf(_prelude_section,128,"alert.classification.reference(%d).url",
classification_counter);
- add_idmef_object(idmef, _prelude_section, last_info_detail->data);
+ add_idmef_object(idmef, _prelude_section, last_info_detail->data);
classification_counter++;
- }
+ }
else if(last_info_detail->type == RULEINFODETAIL_TEXT)
{
snprintf(_prelude_section,128,"alert.classification.reference(%d).origin",
classification_counter);
add_idmef_object(idmef, _prelude_section, "vendor-specific");
-
+
snprintf(_prelude_section,128,"alert.classification.reference(%d).name",
classification_counter);
snprintf(_prelude_data,256,"Rule:%d info",lf->generated_rule->sigid);
@@ -494,7 +494,7 @@ void OS_PreludeLog(Eventinfo *lf)
{
snprintf(_prelude_section,128,"alert.classification.reference(%d).origin",
classification_counter);
- switch(last_info_detail->type)
+ switch(last_info_detail->type)
{
case RULEINFODETAIL_CVE:
add_idmef_object(idmef, _prelude_section, "cve");
@@ -516,11 +516,11 @@ void OS_PreludeLog(Eventinfo *lf)
}
- /* Break ok the list of groups on the "," boundry
+ /* Break ok the list of groups on the "," boundry
* For each section create a prelude reference classification
- * that points back to the the OSSEC wiki for more infomation.
+ * that points back to the the OSSEC wiki for more infomation.
*/
- if(lf->generated_rule->group)
+ if(lf->generated_rule->group)
{
char *copy_group;
char new_generated_rule_group[256];
@@ -545,7 +545,7 @@ void OS_PreludeLog(Eventinfo *lf)
classification_counter);
snprintf(_prelude_data,256,"http://www.ossec.net/wiki/Group:%s",
copy_group);
- add_idmef_object(idmef, _prelude_section, _prelude_data);
+ add_idmef_object(idmef, _prelude_section, _prelude_data);
classification_counter++;
copy_group = strtok(NULL, ",");
@@ -556,10 +556,10 @@ void OS_PreludeLog(Eventinfo *lf)
/* Begin Node infomation block */
- {
+ {
/* Setting source info. */
add_idmef_object(idmef, "alert.source(0).Spoofed", "no");
- add_idmef_object(idmef, "alert.source(0).Node.Address(0).address",
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address",
lf->srcip);
add_idmef_object(idmef, "alert.source(0).Service.port", lf->srcport);
@@ -567,15 +567,15 @@ void OS_PreludeLog(Eventinfo *lf)
{
add_idmef_object(idmef, "alert.source(0).User.UserId(0).name", lf->srcuser);
}
-
+
/* Setting target */
add_idmef_object(idmef, "alert.target(0).Service.name", lf->program_name);
add_idmef_object(idmef, "alert.target(0).Spoofed", "no");
- if(lf->dstip)
+ if(lf->dstip)
{
- add_idmef_object(idmef, "alert.target(0).Node.Address(0).address",
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address",
lf->dstip);
}
else
@@ -596,7 +596,7 @@ void OS_PreludeLog(Eventinfo *lf)
{
*tmp_str = '\0';
}
- add_idmef_object(idmef, "alert.target(0).Node.Address(0).address",
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address",
new_prelude_target);
}
add_idmef_object(idmef, "alert.target(0).Service.name", lf->hostname);
@@ -608,14 +608,14 @@ void OS_PreludeLog(Eventinfo *lf)
add_idmef_object(idmef, "alert.target(0).User.UserId(0).name", lf->dstuser);
}
} /* end Node infomation block */
-
+
/* Setting source file. */
add_idmef_object(idmef, "alert.additional_data(0).type", "string");
add_idmef_object(idmef, "alert.additional_data(0).meaning", "Source file");
add_idmef_object(idmef, "alert.additional_data(0).data", lf->location);
additional_data_counter++;
-
+
/* Setting full log. */
add_idmef_object(idmef, "alert.additional_data(1).type", "string");
diff --git a/src/analysisd/rules.c b/src/analysisd/rules.c
index 1aa0b18..5ada268 100755
--- a/src/analysisd/rules.c
+++ b/src/analysisd/rules.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -30,12 +30,13 @@
/* Internal functions */
-int getattributes(char **attributes,
+int getattributes(char **attributes,
char **values,
- int *id, int *level,
+ int *id, int *level,
int *maxsize, int *timeframe,
- int *frequency, int *accuracy,
+ int *frequency, int *accuracy,
int *noalert, int *ignore_time, int *overwrite);
+int doesRuleExist(int sid, RuleNode *r_node);
void Rule_AddAR(RuleInfo *config_rule);
@@ -61,15 +62,15 @@ void Rules_OP_CreateRules()
/* Rules_OP_ReadRules, v0.3, 2005/03/21
* Read the log rules.
* v0.3: Fixed many memory problems.
- */
+ */
int Rules_OP_ReadRules(char * rulefile)
{
OS_XML xml;
XML_NODE node = NULL;
- /* XML variables */
+ /* XML variables */
/* These are the available options for the rule configuration */
-
+
char *xml_group = "group";
char *xml_rule = "rule";
@@ -84,7 +85,7 @@ int Rules_OP_ReadRules(char * rulefile)
char *xml_comment = "description";
char *xml_ignore = "ignore";
char *xml_check_if_ignored = "check_if_ignored";
-
+
char *xml_srcip = "srcip";
char *xml_srcport = "srcport";
char *xml_dstip = "dstip";
@@ -108,17 +109,17 @@ int Rules_OP_ReadRules(char * rulefile)
char *xml_match_key_value = "match_key_value";
char *xml_address_key = "address_match_key";
char *xml_not_address_key = "not_address_match_key";
- char *xml_address_key_value = "address_match_key_value";
+ char *xml_address_key_value = "address_match_key_value";
char *xml_if_sid = "if_sid";
char *xml_if_group = "if_group";
char *xml_if_level = "if_level";
char *xml_fts = "if_fts";
-
+
char *xml_if_matched_regex = "if_matched_regex";
char *xml_if_matched_group = "if_matched_group";
char *xml_if_matched_sid = "if_matched_sid";
-
+
char *xml_same_source_ip = "same_source_ip";
char *xml_same_src_port = "same_src_port";
char *xml_same_dst_port = "same_dst_port";
@@ -128,16 +129,16 @@ int Rules_OP_ReadRules(char * rulefile)
char *xml_dodiff = "check_diff";
char *xml_different_url = "different_url";
-
+
char *xml_notsame_source_ip = "not_same_source_ip";
char *xml_notsame_user = "not_same_user";
char *xml_notsame_agent = "not_same_agent";
char *xml_notsame_id = "not_same_id";
char *xml_options = "options";
-
+
char *rulepath;
-
+
int i;
int default_timeframe = 360;
@@ -160,11 +161,11 @@ int Rules_OP_ReadRules(char * rulefile)
debug1("%s is the rulefile", rulefile);
debug1("Not modifing the rule path");
}
-
-
- i = 0;
-
- /* Reading the XML */
+
+
+ i = 0;
+
+ /* Reading the XML */
if(OS_ReadXML(rulepath,&xml) < 0)
{
merror(XML_ERROR, ARGV0, rulepath, xml.err, xml.err_line);
@@ -175,9 +176,9 @@ int Rules_OP_ReadRules(char * rulefile)
/* Debug wrapper */
debug2("%s: DEBUG: read xml for rule.", ARGV0);
-
-
+
+
/* Applying any variable found */
if(OS_ApplyVariables(&xml) != 0)
{
@@ -188,7 +189,7 @@ int Rules_OP_ReadRules(char * rulefile)
/* Debug wrapper */
debug2("%s: DEBUG: XML Variables applied.", ARGV0);
-
+
/* Getting the root elements */
node = OS_GetElementsbyNode(&xml,NULL);
@@ -196,7 +197,7 @@ int Rules_OP_ReadRules(char * rulefile)
{
merror(CONFIG_ERROR, ARGV0, rulepath);
OS_ClearXML(&xml);
- return(-1);
+ return(-1);
}
@@ -243,7 +244,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
- /* Getting the rules now */
+ /* Getting the rules now */
i=0;
while(node[i])
{
@@ -251,7 +252,7 @@ int Rules_OP_ReadRules(char * rulefile)
int j = 0;
- /* Getting all rules for a global group */
+ /* Getting all rules for a global group */
rule = OS_GetElementsbyNode(&xml,node[i]);
if(rule == NULL)
{
@@ -264,7 +265,7 @@ int Rules_OP_ReadRules(char * rulefile)
while(rule[j])
{
RuleInfo *config_ruleinfo = NULL;
-
+
/* Checking if the rule element is correct */
if((!rule[j]->element)||
@@ -286,17 +287,17 @@ int Rules_OP_ReadRules(char * rulefile)
return(-1);
}
-
+
/* Attribute block */
{
int id = -1,level = -1,maxsize = 0,timeframe = 0;
int frequency = 0, accuracy = 1, noalert = 0, ignore_time = 0;
int overwrite = 0;
-
+
/* Getting default time frame */
timeframe = default_timeframe;
-
+
if(getattributes(rule[j]->attributes,rule[j]->values,
&id,&level,&maxsize,&timeframe,
&frequency,&accuracy,&noalert,
@@ -306,7 +307,7 @@ int Rules_OP_ReadRules(char * rulefile)
OS_ClearXML(&xml);
return(-1);
}
-
+
if((id == -1) || (level == -1))
{
merror("%s: No rule id or level specified for "
@@ -315,19 +316,26 @@ int Rules_OP_ReadRules(char * rulefile)
return(-1);
}
+ if(overwrite != 1 && doesRuleExist(id, NULL))
+ {
+ merror("%s: Duplicate rule ID:%d",ARGV0, id);
+ OS_ClearXML(&xml);
+ return(-1);
+ }
+
/* Allocating memory and initializing structure */
config_ruleinfo = zerorulemember(id, level, maxsize,
- frequency,timeframe,
+ frequency,timeframe,
noalert, ignore_time, overwrite);
-
+
/* If rule is 0, set it to level 99 to have high priority.
- * set it to 0 again later
+ * set it to 0 again later
*/
if(config_ruleinfo->level == 0)
config_ruleinfo->level = 99;
-
+
/* Each level now is going to be multiplied by 100.
* If the accuracy is set to 0 we don't multiply,
* so it will be at the end of the list. We will
@@ -345,7 +353,7 @@ int Rules_OP_ReadRules(char * rulefile)
config_ruleinfo->alert_opts |= DO_EXTRAINFO;
}
}
-
+
} /* end attributes/memory allocation block */
@@ -354,7 +362,7 @@ int Rules_OP_ReadRules(char * rulefile)
* be fine
*/
os_strdup(node[i]->values[0], config_ruleinfo->group);
-
+
/* Rule elements block */
{
@@ -375,7 +383,7 @@ int Rules_OP_ReadRules(char * rulefile)
char *hostname = NULL;
char *extra_data = NULL;
char *program_name = NULL;
-
+
XML_NODE rule_opt = NULL;
rule_opt = OS_GetElementsbyNode(&xml,rule[j]);
if(rule_opt == NULL)
@@ -385,9 +393,9 @@ int Rules_OP_ReadRules(char * rulefile)
"other problems for the system. Exiting.",
ARGV0, config_ruleinfo->sigid);
OS_ClearXML(&xml);
- return(-1);
+ return(-1);
}
-
+
while(rule_opt[k])
{
if((!rule_opt[k]->element)||(!rule_opt[k]->content))
@@ -406,15 +414,15 @@ int Rules_OP_ReadRules(char * rulefile)
}
else if(strcasecmp(rule_opt[k]->element, xml_decoded)==0)
{
- config_ruleinfo->decoded_as =
+ config_ruleinfo->decoded_as =
getDecoderfromlist(rule_opt[k]->content);
-
+
if(config_ruleinfo->decoded_as == 0)
{
merror("%s: Invalid decoder name: '%s'.",
ARGV0, rule_opt[k]->content);
OS_ClearXML(&xml);
- return(-1);
+ return(-1);
}
}
else if(strcasecmp(rule_opt[k]->element,xml_cve)==0)
@@ -427,7 +435,7 @@ int Rules_OP_ReadRules(char * rulefile)
else
{
for (last_info_detail = config_ruleinfo->info_details;
- last_info_detail->next != NULL;
+ last_info_detail->next != NULL;
last_info_detail = last_info_detail->next)
{
count_info_detail++;
@@ -454,13 +462,13 @@ int Rules_OP_ReadRules(char * rulefile)
if(config_ruleinfo->info_details == NULL)
{
- config_ruleinfo->info_details = zeroinfodetails(info_type,
+ config_ruleinfo->info_details = zeroinfodetails(info_type,
rule_opt[k]->content);
}
else
{
for (last_info_detail = config_ruleinfo->info_details;
- last_info_detail->next != NULL;
+ last_info_detail->next != NULL;
last_info_detail = last_info_detail->next) {
count_info_detail++;
}
@@ -478,7 +486,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
else if(strcasecmp(rule_opt[k]->element,xml_day_time)==0)
{
- config_ruleinfo->day_time =
+ config_ruleinfo->day_time =
OS_IsValidTime(rule_opt[k]->content);
if(!config_ruleinfo->day_time)
{
@@ -493,9 +501,9 @@ int Rules_OP_ReadRules(char * rulefile)
}
else if(strcasecmp(rule_opt[k]->element,xml_week_day)==0)
{
- config_ruleinfo->week_day =
+ config_ruleinfo->week_day =
OS_IsValidDay(rule_opt[k]->content);
-
+
if(!config_ruleinfo->week_day)
{
merror(INVALID_CONFIG, ARGV0,
@@ -521,7 +529,7 @@ int Rules_OP_ReadRules(char * rulefile)
{
*newline = ' ';
}
-
+
config_ruleinfo->comment=
loadmemory(config_ruleinfo->comment,
rule_opt[k]->content);
@@ -529,27 +537,27 @@ int Rules_OP_ReadRules(char * rulefile)
else if(strcasecmp(rule_opt[k]->element,xml_srcip)==0)
{
int ip_s = 0;
-
+
/* Getting size of source ip list */
- while(config_ruleinfo->srcip &&
+ while(config_ruleinfo->srcip &&
config_ruleinfo->srcip[ip_s])
{
ip_s++;
}
-
- config_ruleinfo->srcip =
+
+ config_ruleinfo->srcip =
realloc(config_ruleinfo->srcip,
(ip_s + 2) * sizeof(os_ip *));
-
-
+
+
/* Allocating memory for the individual entries */
- os_calloc(1, sizeof(os_ip),
+ os_calloc(1, sizeof(os_ip),
config_ruleinfo->srcip[ip_s]);
config_ruleinfo->srcip[ip_s +1] = NULL;
-
-
+
+
/* Checking if the ip is valid */
- if(!OS_IsValidIP(rule_opt[k]->content,
+ if(!OS_IsValidIP(rule_opt[k]->content,
config_ruleinfo->srcip[ip_s]))
{
merror(INVALID_IP, ARGV0, rule_opt[k]->content);
@@ -629,7 +637,7 @@ int Rules_OP_ReadRules(char * rulefile)
status =
loadmemory(status,
rule_opt[k]->content);
-
+
if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
config_ruleinfo->alert_opts |= DO_EXTRAINFO;
}
@@ -638,7 +646,7 @@ int Rules_OP_ReadRules(char * rulefile)
hostname =
loadmemory(hostname,
rule_opt[k]->content);
-
+
if(!(config_ruleinfo->alert_opts & DO_EXTRAINFO))
config_ruleinfo->alert_opts |= DO_EXTRAINFO;
}
@@ -660,7 +668,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
else if(strcasecmp(rule_opt[k]->element,xml_action)==0)
{
- config_ruleinfo->action =
+ config_ruleinfo->action =
loadmemory(config_ruleinfo->action,
rule_opt[k]->content);
}
@@ -689,12 +697,12 @@ int Rules_OP_ReadRules(char * rulefile)
lookup_type = LR_ADDRESS_NOT_MATCH;
else if(strcasecmp(rule_opt[k]->values[list_att_num],xml_address_key_value)==0)
lookup_type = LR_ADDRESS_MATCH_VALUE;
- else
+ else
{
- merror(INVALID_CONFIG, ARGV0,
- rule_opt[k]->element,
+ merror(INVALID_CONFIG, ARGV0,
+ rule_opt[k]->element,
rule_opt[k]->content);
- merror("%s: List match lookup=\"%s\" is not valid.",
+ merror("%s: List match lookup=\"%s\" is not valid.",
ARGV0,rule_opt[k]->values[list_att_num]);
return(-1);
}
@@ -723,12 +731,12 @@ int Rules_OP_ReadRules(char * rulefile)
rule_type = RULE_STATUS;
else if (strcasecmp(rule_opt[k]->values[list_att_num],xml_action)==0)
rule_type = RULE_ACTION;
- else
+ else
{
- merror(INVALID_CONFIG, ARGV0,
- rule_opt[k]->element,
+ merror(INVALID_CONFIG, ARGV0,
+ rule_opt[k]->element,
rule_opt[k]->content);
- merror("%s: List match field=\"%s\" is not valid.",
+ merror("%s: List match field=\"%s\" is not valid.",
ARGV0,rule_opt[k]->values[list_att_num]);
return(-1);
}
@@ -738,12 +746,12 @@ int Rules_OP_ReadRules(char * rulefile)
os_calloc(1, sizeof(OSMatch), matcher);
if(!OSMatch_Compile(rule_opt[k]->values[list_att_num], matcher, 0))
{
- merror(INVALID_CONFIG, ARGV0,
- rule_opt[k]->element,
+ merror(INVALID_CONFIG, ARGV0,
+ rule_opt[k]->element,
rule_opt[k]->content);
- merror(REGEX_COMPILE,
- ARGV0,
- rule_opt[k]->values[list_att_num],
+ merror(REGEX_COMPILE,
+ ARGV0,
+ rule_opt[k]->values[list_att_num],
matcher->error);
return(-1);
}
@@ -752,7 +760,7 @@ int Rules_OP_ReadRules(char * rulefile)
{
merror("%s:List feild=\"%s\" is not valid",ARGV0,
rule_opt[k]->values[list_att_num]);
- merror(INVALID_CONFIG, ARGV0,
+ merror(INVALID_CONFIG, ARGV0,
rule_opt[k]->element, rule_opt[k]->content);
return(-1);
}
@@ -761,15 +769,15 @@ int Rules_OP_ReadRules(char * rulefile)
if(rule_type == 0)
{
merror("%s:List requires the field=\"\" Attrubute",ARGV0);
- merror(INVALID_CONFIG, ARGV0,
+ merror(INVALID_CONFIG, ARGV0,
rule_opt[k]->element, rule_opt[k]->content);
return(-1);
}
/* Wow it's all ready - this seams too complex to get to this point */
config_ruleinfo->lists = OS_AddListRule(config_ruleinfo->lists,
- lookup_type,
- rule_type,
+ lookup_type,
+ rule_type,
rule_opt[k]->content,
matcher);
if (config_ruleinfo->lists == NULL)
@@ -782,12 +790,12 @@ int Rules_OP_ReadRules(char * rulefile)
{
merror("%s:List must have a correctly formatted feild attribute",
ARGV0);
- merror(INVALID_CONFIG,
- ARGV0,
- rule_opt[k]->element,
+ merror(INVALID_CONFIG,
+ ARGV0,
+ rule_opt[k]->element,
rule_opt[k]->content);
return(-1);
- }
+ }
/* xml_list eval is done */
}
else if(strcasecmp(rule_opt[k]->element,xml_url)==0)
@@ -802,7 +810,7 @@ int Rules_OP_ReadRules(char * rulefile)
while(compiled_rules_name[it_id])
{
- if(strcmp(compiled_rules_name[it_id],
+ if(strcmp(compiled_rules_name[it_id],
rule_opt[k]->content) == 0)
break;
it_id++;
@@ -811,9 +819,9 @@ int Rules_OP_ReadRules(char * rulefile)
/* checking if the name is valid. */
if(!compiled_rules_name[it_id])
{
- merror("%s: ERROR: Compiled rule not found: '%s'",
- ARGV0, rule_opt[k]->content);
- merror(INVALID_CONFIG, ARGV0,
+ merror("%s: ERROR: Compiled rule not found: '%s'",
+ ARGV0, rule_opt[k]->content);
+ merror(INVALID_CONFIG, ARGV0,
rule_opt[k]->element, rule_opt[k]->content);
return(-1);
@@ -871,9 +879,9 @@ int Rules_OP_ReadRules(char * rulefile)
{
if(!OS_StrIsNum(rule_opt[k]->content))
{
- merror(INVALID_CONFIG, ARGV0,
+ merror(INVALID_CONFIG, ARGV0,
"if_level",
- rule_opt[k]->content);
+ rule_opt[k]->content);
return(-1);
}
@@ -914,7 +922,7 @@ int Rules_OP_ReadRules(char * rulefile)
rule_opt[k]->content);
return(-1);
}
- config_ruleinfo->if_matched_sid =
+ config_ruleinfo->if_matched_sid =
atoi(rule_opt[k]->content);
}
@@ -927,7 +935,7 @@ int Rules_OP_ReadRules(char * rulefile)
xml_same_src_port)==0)
{
config_ruleinfo->context_opts|= SAME_SRCPORT;
-
+
if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
}
@@ -943,7 +951,7 @@ int Rules_OP_ReadRules(char * rulefile)
xml_same_dst_port) == 0)
{
config_ruleinfo->context_opts|= SAME_DSTPORT;
-
+
if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
}
@@ -960,7 +968,7 @@ int Rules_OP_ReadRules(char * rulefile)
xml_different_url) == 0)
{
config_ruleinfo->context_opts|= DIFFERENT_URL;
-
+
if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
}
@@ -977,7 +985,7 @@ int Rules_OP_ReadRules(char * rulefile)
xml_same_user)==0)
{
config_ruleinfo->context_opts|= SAME_USER;
-
+
if(!(config_ruleinfo->alert_opts & SAME_EXTRAINFO))
config_ruleinfo->alert_opts |= SAME_EXTRAINFO;
}
@@ -1001,7 +1009,7 @@ int Rules_OP_ReadRules(char * rulefile)
else if(strcasecmp(rule_opt[k]->element,
xml_options) == 0)
{
- if(strcmp("alert_by_email",
+ if(strcmp("alert_by_email",
rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_MAILALERT))
@@ -1017,7 +1025,7 @@ int Rules_OP_ReadRules(char * rulefile)
config_ruleinfo->alert_opts&=0xfff-DO_MAILALERT;
}
}
- else if(strcmp("log_alert",
+ else if(strcmp("log_alert",
rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_LOGALERT))
@@ -1040,7 +1048,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
}
else
- {
+ {
merror(XML_VALUEERR, ARGV0, xml_options,
rule_opt[k]->content);
@@ -1049,7 +1057,7 @@ int Rules_OP_ReadRules(char * rulefile)
config_ruleinfo->sigid);
OS_ClearXML(&xml);
return(-1);
- }
+ }
}
else if(strcasecmp(rule_opt[k]->element,
xml_ignore) == 0)
@@ -1085,7 +1093,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
if(!config_ruleinfo->ignore)
{
- merror("%s: Wrong ignore option: '%s'",
+ merror("%s: Wrong ignore option: '%s'",
ARGV0,
rule_opt[k]->content);
return(-1);
@@ -1125,7 +1133,7 @@ int Rules_OP_ReadRules(char * rulefile)
}
if(!config_ruleinfo->ckignore)
{
- merror("%s: Wrong check_if_ignored option: '%s'",
+ merror("%s: Wrong check_if_ignored option: '%s'",
ARGV0,
rule_opt[k]->content);
return(-1);
@@ -1144,7 +1152,7 @@ int Rules_OP_ReadRules(char * rulefile)
/* Checking for a valid use of frequency */
- if((config_ruleinfo->context_opts ||
+ if((config_ruleinfo->context_opts ||
config_ruleinfo->frequency) &&
!config_ruleinfo->context)
{
@@ -1154,42 +1162,42 @@ int Rules_OP_ReadRules(char * rulefile)
OS_ClearXML(&xml);
return(-1);
}
-
+
/* If if_matched_group we must have a if_sid or if_group */
if(if_matched_group)
{
if(!config_ruleinfo->if_sid && !config_ruleinfo->if_group)
{
- os_strdup(if_matched_group,
- config_ruleinfo->if_group);
+ os_strdup(if_matched_group,
+ config_ruleinfo->if_group);
}
}
/* If_matched_sid, we need to get the if_sid */
- if(config_ruleinfo->if_matched_sid &&
+ if(config_ruleinfo->if_matched_sid &&
!config_ruleinfo->if_sid &&
!config_ruleinfo->if_group)
{
os_calloc(16, sizeof(char), config_ruleinfo->if_sid);
- snprintf(config_ruleinfo->if_sid, 15, "%d",
+ snprintf(config_ruleinfo->if_sid, 15, "%d",
config_ruleinfo->if_matched_sid);
}
-
+
/* Checking the regexes */
if(regex)
{
os_calloc(1, sizeof(OSRegex), config_ruleinfo->regex);
if(!OSRegex_Compile(regex, config_ruleinfo->regex, 0))
{
- merror(REGEX_COMPILE, ARGV0, regex,
+ merror(REGEX_COMPILE, ARGV0, regex,
config_ruleinfo->regex->error);
return(-1);
}
free(regex);
regex = NULL;
}
-
+
/* Adding in match */
if(match)
{
@@ -1203,14 +1211,14 @@ int Rules_OP_ReadRules(char * rulefile)
free(match);
match = NULL;
}
-
+
/* Adding in id */
if(id)
{
os_calloc(1, sizeof(OSMatch), config_ruleinfo->id);
if(!OSMatch_Compile(id, config_ruleinfo->id, 0))
{
- merror(REGEX_COMPILE, ARGV0, id,
+ merror(REGEX_COMPILE, ARGV0, id,
config_ruleinfo->id->error);
return(-1);
}
@@ -1224,7 +1232,7 @@ int Rules_OP_ReadRules(char * rulefile)
os_calloc(1, sizeof(OSMatch), config_ruleinfo->srcport);
if(!OSMatch_Compile(srcport, config_ruleinfo->srcport, 0))
{
- merror(REGEX_COMPILE, ARGV0, srcport,
+ merror(REGEX_COMPILE, ARGV0, srcport,
config_ruleinfo->id->error);
return(-1);
}
@@ -1238,7 +1246,7 @@ int Rules_OP_ReadRules(char * rulefile)
os_calloc(1, sizeof(OSMatch), config_ruleinfo->dstport);
if(!OSMatch_Compile(dstport, config_ruleinfo->dstport, 0))
{
- merror(REGEX_COMPILE, ARGV0, dstport,
+ merror(REGEX_COMPILE, ARGV0, dstport,
config_ruleinfo->id->error);
return(-1);
}
@@ -1278,7 +1286,7 @@ int Rules_OP_ReadRules(char * rulefile)
if(extra_data)
{
os_calloc(1, sizeof(OSMatch), config_ruleinfo->extra_data);
- if(!OSMatch_Compile(extra_data,
+ if(!OSMatch_Compile(extra_data,
config_ruleinfo->extra_data, 0))
{
merror(REGEX_COMPILE, ARGV0, extra_data,
@@ -1303,7 +1311,7 @@ int Rules_OP_ReadRules(char * rulefile)
free(program_name);
program_name = NULL;
}
-
+
/* Adding in user */
if(user)
{
@@ -1317,28 +1325,28 @@ int Rules_OP_ReadRules(char * rulefile)
free(user);
user = NULL;
}
-
+
/* Adding in url */
if(url)
{
os_calloc(1, sizeof(OSMatch), config_ruleinfo->url);
if(!OSMatch_Compile(url, config_ruleinfo->url, 0))
{
- merror(REGEX_COMPILE, ARGV0, url,
+ merror(REGEX_COMPILE, ARGV0, url,
config_ruleinfo->url->error);
return(-1);
}
free(url);
url = NULL;
}
-
+
/* Adding matched_group */
if(if_matched_group)
{
- os_calloc(1, sizeof(OSMatch),
+ os_calloc(1, sizeof(OSMatch),
config_ruleinfo->if_matched_group);
-
- if(!OSMatch_Compile(if_matched_group,
+
+ if(!OSMatch_Compile(if_matched_group,
config_ruleinfo->if_matched_group,
0))
{
@@ -1349,16 +1357,16 @@ int Rules_OP_ReadRules(char * rulefile)
free(if_matched_group);
if_matched_group = NULL;
}
-
+
/* Adding matched_regex */
if(if_matched_regex)
{
- os_calloc(1, sizeof(OSRegex),
+ os_calloc(1, sizeof(OSRegex),
config_ruleinfo->if_matched_regex);
- if(!OSRegex_Compile(if_matched_regex,
+ if(!OSRegex_Compile(if_matched_regex,
config_ruleinfo->if_matched_regex, 0))
{
- merror(REGEX_COMPILE, ARGV0, if_matched_regex,
+ merror(REGEX_COMPILE, ARGV0, if_matched_regex,
config_ruleinfo->if_matched_regex->error);
return(-1);
}
@@ -1378,9 +1386,9 @@ int Rules_OP_ReadRules(char * rulefile)
if(config_ruleinfo->context)
{
int ii = 0;
- os_calloc(MAX_LAST_EVENTS + 1, sizeof(char *),
+ os_calloc(MAX_LAST_EVENTS + 1, sizeof(char *),
config_ruleinfo->last_events);
-
+
/* Zeroing each entry */
for(;ii<=MAX_LAST_EVENTS;ii++)
{
@@ -1388,19 +1396,19 @@ int Rules_OP_ReadRules(char * rulefile)
}
}
-
+
/* Adding the rule to the rules list.
* Only the template rules are supposed
* to be at the top level. All others
* will be a "child" of someone.
*/
if(config_ruleinfo->sigid < 10)
- {
+ {
OS_AddRule(config_ruleinfo);
}
else if(config_ruleinfo->alert_opts & DO_OVERWRITE)
{
- if(!OS_AddRuleInfo(NULL, config_ruleinfo,
+ if(!OS_AddRuleInfo(NULL, config_ruleinfo,
config_ruleinfo->sigid))
{
merror("%s: Overwrite rule '%d' not found.",
@@ -1424,13 +1432,13 @@ int Rules_OP_ReadRules(char * rulefile)
/* Setting the event_search pointer */
if(config_ruleinfo->if_matched_sid)
{
- config_ruleinfo->event_search =
+ config_ruleinfo->event_search =
(void *)Search_LastSids;
-
+
/* Marking rules that match this id */
- OS_MarkID(NULL, config_ruleinfo);
+ OS_MarkID(NULL, config_ruleinfo);
}
-
+
/* Marking the rules that match if_matched_group */
else if(config_ruleinfo->if_matched_group)
{
@@ -1445,19 +1453,19 @@ int Rules_OP_ReadRules(char * rulefile)
OS_MarkGroup(NULL, config_ruleinfo);
/* Setting function pointer */
- config_ruleinfo->event_search =
+ config_ruleinfo->event_search =
(void *)Search_LastGroups;
}
else if(config_ruleinfo->context)
{
- if((config_ruleinfo->context == 1) &&
+ if((config_ruleinfo->context == 1) &&
(config_ruleinfo->context_opts & SAME_DODIFF))
{
config_ruleinfo->context = 0;
}
else
{
- config_ruleinfo->event_search =
+ config_ruleinfo->event_search =
(void *)Search_LastEvents;
}
}
@@ -1465,7 +1473,7 @@ int Rules_OP_ReadRules(char * rulefile)
} /* while(rule[j]) */
OS_ClearNode(rule);
i++;
-
+
} /* while (node[i]) */
/* Cleaning global node */
@@ -1530,25 +1538,25 @@ char *loadmemory(char *at, char *str)
int strsize = strlen(str);
int atsize = strlen(at);
int finalsize = atsize+strsize+1;
-
+
if((atsize > OS_SIZE_2048) || (strsize > OS_SIZE_2048))
{
merror(SIZE_ERROR,ARGV0,str);
return(NULL);
}
-
+
at = realloc(at, (finalsize)*sizeof(char));
-
+
if(at == NULL)
{
merror(MEM_ERROR,ARGV0);
return(NULL);
}
-
+
strncat(at,str,strsize);
-
+
at[finalsize-1]='\0';
-
+
return(at);
}
return(NULL);
@@ -1572,19 +1580,19 @@ RuleInfoDetail *zeroinfodetails(int type, char *data)
os_strdup(data, info_details_pt->data);
info_details_pt->next = NULL;
-
+
return(info_details_pt);
}
-RuleInfo *zerorulemember(int id, int level,
+RuleInfo *zerorulemember(int id, int level,
int maxsize, int frequency,
- int timeframe, int noalert,
+ int timeframe, int noalert,
int ignore_time, int overwrite)
{
RuleInfo *ruleinfo_pt = NULL;
-
+
/* Allocation memory for structure */
ruleinfo_pt = (RuleInfo *)calloc(1,sizeof(RuleInfo));
@@ -1592,17 +1600,17 @@ RuleInfo *zerorulemember(int id, int level,
{
ErrorExit(MEM_ERROR,ARGV0);
}
-
+
/* Default values */
ruleinfo_pt->level = level;
/* Default category is syslog */
ruleinfo_pt->category = SYSLOG;
- ruleinfo_pt->ar = NULL;
-
+ ruleinfo_pt->ar = NULL;
+
ruleinfo_pt->context = 0;
-
+
ruleinfo_pt->sigid = id;
ruleinfo_pt->firedtimes = 0;
ruleinfo_pt->maxsize = maxsize;
@@ -1614,11 +1622,11 @@ RuleInfo *zerorulemember(int id, int level,
ruleinfo_pt->ignore_time = ignore_time;
ruleinfo_pt->timeframe = timeframe;
ruleinfo_pt->time_ignored = 0;
-
- ruleinfo_pt->context_opts = 0;
- ruleinfo_pt->alert_opts = 0;
- ruleinfo_pt->ignore = 0;
- ruleinfo_pt->ckignore = 0;
+
+ ruleinfo_pt->context_opts = 0;
+ ruleinfo_pt->alert_opts = 0;
+ ruleinfo_pt->ignore = 0;
+ ruleinfo_pt->ckignore = 0;
if(noalert)
{
@@ -1626,7 +1634,7 @@ RuleInfo *zerorulemember(int id, int level,
}
if(Config.mailbylevel <= level)
ruleinfo_pt->alert_opts |= DO_MAILALERT;
- if(Config.logbylevel <= level)
+ if(Config.logbylevel <= level)
ruleinfo_pt->alert_opts |= DO_LOGALERT;
/* Overwriting a rule */
@@ -1647,16 +1655,16 @@ RuleInfo *zerorulemember(int id, int level,
ruleinfo_pt->info = NULL;
ruleinfo_pt->cve = NULL;
ruleinfo_pt->info_details = NULL;
-
+
ruleinfo_pt->if_sid = NULL;
ruleinfo_pt->if_group = NULL;
ruleinfo_pt->if_level = NULL;
-
+
ruleinfo_pt->if_matched_regex = NULL;
ruleinfo_pt->if_matched_group = NULL;
ruleinfo_pt->if_matched_sid = 0;
-
- ruleinfo_pt->user = NULL;
+
+ ruleinfo_pt->user = NULL;
ruleinfo_pt->srcip = NULL;
ruleinfo_pt->srcport = NULL;
ruleinfo_pt->dstip = NULL;
@@ -1667,7 +1675,7 @@ RuleInfo *zerorulemember(int id, int level,
ruleinfo_pt->hostname = NULL;
ruleinfo_pt->program_name = NULL;
ruleinfo_pt->action = NULL;
-
+
/* Zeroing last matched events */
ruleinfo_pt->__frequency = 0;
ruleinfo_pt->last_events = NULL;
@@ -1675,10 +1683,10 @@ RuleInfo *zerorulemember(int id, int level,
/* zeroing the list of previous matches */
ruleinfo_pt->sid_prev_matched = NULL;
ruleinfo_pt->group_prev_matched = NULL;
-
+
ruleinfo_pt->sid_search = NULL;
ruleinfo_pt->group_search = NULL;
-
+
ruleinfo_pt->event_search = NULL;
ruleinfo_pt->compiled_rule = NULL;
ruleinfo_pt->lists = NULL;
@@ -1697,7 +1705,7 @@ int get_info_attributes(char **attributes, char **values)
{
if (!values[k])
{
- merror("rules_op: Entry info type \"%s\" does not have a value",
+ merror("rules_op: Entry info type \"%s\" does not have a value",
attributes[k]);
return (-1);
}
@@ -1706,7 +1714,7 @@ int get_info_attributes(char **attributes, char **values)
if(strcmp(values[k], "text") == 0)
{
return(RULEINFODETAIL_TEXT);
- }
+ }
else if(strcmp(values[k], "link") == 0)
{
return(RULEINFODETAIL_LINK);
@@ -1726,13 +1734,13 @@ int get_info_attributes(char **attributes, char **values)
/* Get the attributes */
int getattributes(char **attributes, char **values,
- int *id, int *level,
+ int *id, int *level,
int *maxsize, int *timeframe,
- int *frequency, int *accuracy,
+ int *frequency, int *accuracy,
int *noalert, int *ignore_time, int *overwrite)
{
int k=0;
-
+
char *xml_id = "id";
char *xml_level = "level";
char *xml_maxsize = "maxsize";
@@ -1742,8 +1750,8 @@ int getattributes(char **attributes, char **values,
char *xml_noalert = "noalert";
char *xml_ignore_time = "ignore";
char *xml_overwrite = "overwrite";
-
-
+
+
/* Getting attributes */
while(attributes[k])
{
@@ -1840,7 +1848,7 @@ int getattributes(char **attributes, char **values,
merror("rules_op: Invalid accuracy: %s. "
"Must be integer" ,
values[k]);
- return(-1);
+ return(-1);
}
}
/* Rule ignore_time */
@@ -1855,7 +1863,7 @@ int getattributes(char **attributes, char **values,
merror("rules_op: Invalid ignore_time: %s. "
"Must be integer" ,
values[k]);
- return(-1);
+ return(-1);
}
}
/* Rule noalert */
@@ -1901,22 +1909,22 @@ void Rule_AddAR(RuleInfo *rule_config)
int rule_ar_size = 0;
int mark_to_ar = 0;
int rule_real_level = 0;
-
+
OSListNode *my_ars_node;
-
-
- /* Setting the correctly levels
+
+
+ /* Setting the correctly levels
* We play internally with the rules, to set
* the priorities... Rules with 0 of accuracy,
* receive a low level and go down in the list
*/
if(rule_config->level == 9900)
rule_real_level = 0;
-
+
else if(rule_config->level >= 100)
rule_real_level = rule_config->level/100;
-
-
+
+
/* No AR for ignored rules */
if(rule_real_level == 0)
{
@@ -1933,7 +1941,7 @@ void Rule_AddAR(RuleInfo *rule_config)
{
return;
}
-
+
/* Looping on all AR */
my_ars_node = OSList_GetFirstNode(active_responses);
while(my_ars_node)
@@ -1952,7 +1960,7 @@ void Rule_AddAR(RuleInfo *rule_config)
mark_to_ar = 1;
}
}
-
+
/* Checking if group matches */
if(my_ar->rules_group)
{
@@ -1961,7 +1969,7 @@ void Rule_AddAR(RuleInfo *rule_config)
mark_to_ar = 1;
}
}
-
+
/* Checking if rule id matches */
if(my_ar->rules_id)
{
@@ -1984,13 +1992,13 @@ void Rule_AddAR(RuleInfo *rule_config)
else if(isdigit((int)*str_pt))
{
r_id = atoi(str_pt);
-
+
/* mark to ar if id matches */
if(r_id == rule_config->sigid)
{
mark_to_ar = 1;
}
-
+
str_pt = strchr(str_pt, ',');
if(str_pt)
{
@@ -2015,9 +2023,9 @@ void Rule_AddAR(RuleInfo *rule_config)
}
}
} /* eof of rules_id */
-
-
- /* Bind AR to the rule */
+
+
+ /* Bind AR to the rule */
if(mark_to_ar == 1)
{
rule_ar_size++;
@@ -2025,12 +2033,12 @@ void Rule_AddAR(RuleInfo *rule_config)
rule_config->ar = realloc(rule_config->ar,
(rule_ar_size + 1)
*sizeof(active_response *));
-
+
/* Always set the last node to NULL */
rule_config->ar[rule_ar_size - 1] = my_ar;
- rule_config->ar[rule_ar_size] = NULL;
+ rule_config->ar[rule_ar_size] = NULL;
}
-
+
my_ars_node = OSList_GetNextNode(active_responses);
}
@@ -2041,9 +2049,9 @@ void Rule_AddAR(RuleInfo *rule_config)
/* print rule */
void printRuleinfo(RuleInfo *rule, int node)
{
- debug1("%d : rule:%d, level %d, timeout: %d",
+ debug1("%d : rule:%d, level %d, timeout: %d",
node,
- rule->sigid,
+ rule->sigid,
rule->level,
rule->ignore_time);
}
@@ -2060,8 +2068,8 @@ int AddHash_Rule(RuleNode *node)
snprintf(_id_key, 14, "%d", node->ruleinfo->sigid);
os_strdup(_id_key, id_key);
-
-
+
+
/* Adding key to hash. */
OSHash_Add(Config.g_rules_hash, id_key, node->ruleinfo);
if(node->child)
@@ -2090,10 +2098,10 @@ int _setlevels(RuleNode *node, int nnode)
node->ruleinfo->level/=100;
l_size++;
-
+
/* Rule information */
printRuleinfo(node->ruleinfo, nnode);
-
+
if(node->child)
{
int chl_size = 0;
@@ -2108,5 +2116,36 @@ int _setlevels(RuleNode *node, int nnode)
return(l_size);
}
+/* test if a rule id exists
+ * return 1 when exists
+ * return 0 when not
+ */
+int doesRuleExist(int sid, RuleNode *r_node)
+{
+ /* start from the beginning of the list by default */
+ if(!r_node)
+ r_node = OS_GetFirstRule();
+
+ while(r_node)
+ {
+ /* Checking if the sigid matches */
+ if(r_node->ruleinfo->sigid == sid)
+ return (1);
+
+ /* Checking if the rule has a child */
+ if(r_node->child)
+ {
+ /* check recursive */
+ if(doesRuleExist(sid, r_node->child))
+ return (1);
+ }
+
+ /* go to the next rule */
+ r_node = r_node->next;
+ }
+
+ return (0);
+}
+
/* EOF */
diff --git a/src/analysisd/rules.h b/src/analysisd/rules.h
index fa6844e..03204cf 100755
--- a/src/analysisd/rules.h
+++ b/src/analysisd/rules.h
@@ -95,7 +95,7 @@ typedef struct _RuleInfo
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
@@ -105,7 +105,7 @@ typedef struct _RuleInfo
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
@@ -127,7 +127,7 @@ typedef struct _RuleInfo
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
@@ -149,13 +149,13 @@ typedef struct _RuleInfo
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
RuleInfoDetail *info_details;
ListRule *lists;
-
+
char *if_sid;
char *if_level;
char *if_group;
@@ -163,7 +163,7 @@ typedef struct _RuleInfo
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void *(*compiled_rule)(void *lf);
active_response **ar;
@@ -184,11 +184,11 @@ RuleInfoDetail *zeroinfodetails(int type, char *data);
int get_info_attributes(char **attributes, char **values);
/* RuleInfo functions */
-RuleInfo *zerorulemember(int id,
+RuleInfo *zerorulemember(int id,
int level,
- int maxsize,
+ int maxsize,
int frequency,
- int timeframe,
+ int timeframe,
int noalert,
int ignore_time,
int overwrite);
@@ -222,10 +222,10 @@ RuleNode *OS_GetFirstRule();
/** Defition of the internal rule IDS **
** These SIGIDs cannot be used **
** **/
-
+
#define STATS_MODULE 11
#define FTS_MODULE 12
-#define SYSCHECK_MODULE 13
+#define SYSCHECK_MODULE 13
#define HOSTINFO_MODULE 15
diff --git a/src/analysisd/rules_list.c b/src/analysisd/rules_list.c
index 2a2f5d2..3e4a335 100755
--- a/src/analysisd/rules_list.c
+++ b/src/analysisd/rules_list.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rules.h"
@@ -34,17 +34,17 @@ void OS_CreateRuleList()
RuleNode *OS_GetFirstRule()
{
RuleNode *rulenode_pt = rulenode;
-
- return(rulenode_pt);
+
+ return(rulenode_pt);
}
/* Search all rules, including childs */
-int _AddtoRule(int sid, int level, int none, char *group,
+int _AddtoRule(int sid, int level, int none, char *group,
RuleNode *r_node, RuleInfo *read_rule)
{
int r_code = 0;
-
+
/* If we don't have the first node, start from
* the beginning of the list
*/
@@ -57,14 +57,14 @@ int _AddtoRule(int sid, int level, int none, char *group,
{
/* Checking if the sigid matches */
if(sid)
- {
+ {
if(r_node->ruleinfo->sigid == sid)
{
- /* Assign the category of this rule to the child
+ /* Assign the category of this rule to the child
* as they must match
*/
read_rule->category = r_node->ruleinfo->category;
-
+
/* If no context for rule, check if the parent has
* and use it.
@@ -73,17 +73,17 @@ int _AddtoRule(int sid, int level, int none, char *group,
{
read_rule->last_events = r_node->ruleinfo->last_events;
}
-
+
r_node->child=
_OS_AddRule(r_node->child, read_rule);
return(1);
}
}
-
+
/* Checking if the group matches */
else if(group)
{
- if(OS_WordMatch(group, r_node->ruleinfo->group) &&
+ if(OS_WordMatch(group, r_node->ruleinfo->group) &&
(r_node->ruleinfo->sigid != read_rule->sigid))
{
/* If no context for rule, check if the parent has
@@ -104,7 +104,7 @@ int _AddtoRule(int sid, int level, int none, char *group,
/* Checking if the level matches */
else if(level)
{
- if((r_node->ruleinfo->level >= level) &&
+ if((r_node->ruleinfo->level >= level) &&
(r_node->ruleinfo->sigid != read_rule->sigid))
{
r_node->child=
@@ -112,10 +112,10 @@ int _AddtoRule(int sid, int level, int none, char *group,
r_code = 1;
}
}
-
-
+
+
/* If we are not searching for the sid/group, the category must
- * be the same.
+ * be the same.
*/
else if(read_rule->category != r_node->ruleinfo->category)
{
@@ -123,7 +123,7 @@ int _AddtoRule(int sid, int level, int none, char *group,
continue;
}
-
+
/* If none of them is set, add for the category */
else
{
@@ -145,8 +145,8 @@ int _AddtoRule(int sid, int level, int none, char *group,
r_node = r_node->next;
}
-
- return(r_code);
+
+ return(r_code);
}
@@ -159,14 +159,14 @@ int OS_AddChild(RuleInfo *read_rule)
return(1);
}
- /* Adding for if_sid */
+ /* Adding for if_sid */
if(read_rule->if_sid)
{
int val = 0;
char *sid;
-
+
sid = read_rule->if_sid;
-
+
/* Loop to read all the rules (comma or space separated */
do
{
@@ -218,7 +218,7 @@ int OS_AddChild(RuleInfo *read_rule)
}
}
- /* Adding for if_group */
+ /* Adding for if_group */
else if(read_rule->if_group)
{
if(!_AddtoRule(0, 0, 0, read_rule->if_group, NULL, read_rule))
@@ -227,7 +227,7 @@ int OS_AddChild(RuleInfo *read_rule)
"found. Invalid 'if_group'.", read_rule->if_group);
}
}
-
+
/* Just add based on the category */
else
{
@@ -248,14 +248,14 @@ int OS_AddChild(RuleInfo *read_rule)
RuleNode *_OS_AddRule(RuleNode *_rulenode, RuleInfo *read_rule)
{
RuleNode *tmp_rulenode = _rulenode;
-
+
if(tmp_rulenode != NULL)
{
int middle_insertion = 0;
RuleNode *prev_rulenode = NULL;
RuleNode *new_rulenode = NULL;
-
+
while(tmp_rulenode != NULL)
{
if(read_rule->level > tmp_rulenode->ruleinfo->level)
@@ -266,7 +266,7 @@ RuleNode *_OS_AddRule(RuleNode *_rulenode, RuleInfo *read_rule)
prev_rulenode = tmp_rulenode;
tmp_rulenode = tmp_rulenode->next;
}
-
+
new_rulenode = (RuleNode *)calloc(1,sizeof(RuleNode));
if(!new_rulenode)
@@ -284,21 +284,21 @@ RuleNode *_OS_AddRule(RuleNode *_rulenode, RuleInfo *read_rule)
{
prev_rulenode->next = new_rulenode;
}
-
+
new_rulenode->next = tmp_rulenode;
new_rulenode->ruleinfo = read_rule;
new_rulenode->child = NULL;
}
-
+
else
{
prev_rulenode->next = new_rulenode;
prev_rulenode->next->ruleinfo = read_rule;
- prev_rulenode->next->next = NULL;
- prev_rulenode->next->child = NULL;
+ prev_rulenode->next->next = NULL;
+ prev_rulenode->next->child = NULL;
}
}
-
+
else
{
_rulenode = (RuleNode *)calloc(1,sizeof(RuleNode));
@@ -454,7 +454,7 @@ int OS_MarkGroup(RuleNode *r_node, RuleInfo *orig_rule)
while(r_node)
{
- if(OSMatch_Execute(r_node->ruleinfo->group,
+ if(OSMatch_Execute(r_node->ruleinfo->group,
strlen(r_node->ruleinfo->group),
orig_rule->if_matched_group))
{
@@ -466,18 +466,18 @@ int OS_MarkGroup(RuleNode *r_node, RuleInfo *orig_rule)
rule_g++;
}
}
-
- os_realloc(r_node->ruleinfo->group_prev_matched,
+
+ os_realloc(r_node->ruleinfo->group_prev_matched,
(rule_g + 2)*sizeof(OSList *),
- r_node->ruleinfo->group_prev_matched);
-
+ r_node->ruleinfo->group_prev_matched);
+
r_node->ruleinfo->group_prev_matched[rule_g] = NULL;
r_node->ruleinfo->group_prev_matched[rule_g +1] = NULL;
-
+
/* Setting the size */
r_node->ruleinfo->group_prev_matched_sz = rule_g +1;
-
- r_node->ruleinfo->group_prev_matched[rule_g] =
+
+ r_node->ruleinfo->group_prev_matched[rule_g] =
orig_rule->group_search;
}
diff --git a/src/analysisd/stats.c b/src/analysisd/stats.c
index 9ad8b27..764b5ed 100755
--- a/src/analysisd/stats.c
+++ b/src/analysisd/stats.c
@@ -1,6 +1,6 @@
/* @(#) $Id: ./src/analysisd/stats.c, 2011/09/08 dcid Exp $
*/
-
+
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
@@ -29,7 +29,7 @@ char *(weekdays[])={"Sunday","Monday","Tuesday","Wednesday","Thursday",
"Friday","Saturday"};
char *(l_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
"Sep","Oct","Nov","Dec"};
-
+
/* Global vars */
@@ -63,7 +63,7 @@ void print_totals()
char logfile[OS_FLSIZE +1];
FILE *flog;
-
+
/* Creating the path for the logs */
snprintf(logfile, OS_FLSIZE,"%s/%d/", STATSAVED, prev_year);
if(IsDir(logfile) == -1)
@@ -97,7 +97,7 @@ void print_totals()
merror(FOPEN_ERROR, ARGV0, logfile);
return;
}
-
+
/* Printing the hourly stats */
for(i=0;i<=23;i++)
{
@@ -105,7 +105,7 @@ void print_totals()
totals+=_CHour[i];
}
fprintf(flog,"Total events for day:%d\n", totals);
-
+
fclose(flog);
}
@@ -113,7 +113,7 @@ void print_totals()
/* gethour: v0.2
* Return the parameter (event_number + 20 % of it)
* If event_number < mindiff, return mindiff
- * If event_number > maxdiff, return maxdiff
+ * If event_number > maxdiff, return maxdiff
*/
int gethour(int event_number)
{
@@ -122,12 +122,12 @@ int gethour(int event_number)
event_diff = (event_number * percent_diff)/100;
event_diff++;
-
+
if(event_diff < mindiff)
return(event_number + mindiff);
else if(event_diff > maxdiff)
return(event_number + maxdiff);
-
+
return(event_number + event_diff);
}
@@ -137,24 +137,24 @@ void Update_Hour()
{
int i,j;
int inter;
-
-
+
+
/* Print total number of logs received per hour */
print_totals();
-
-
+
+
/* Hourly update */
_RHour[24]++;
inter = _RHour[24];
if(inter > 7)
inter = 7;
-
+
for(i=0;i<=24;i++)
{
char _hourly[128]; /* _hourly file */
-
+
FILE *fp;
-
+
if(i != 24)
{
/* If saved hourly = 0, just copy the current hourly rate */
@@ -171,7 +171,7 @@ void Update_Hour()
{
_RHour[i]=(((3*_CHour[i])+(inter*_RHour[i]))/(inter+3))+25;
}
-
+
else
{
/* The average is going to be the number of interactions +
@@ -180,7 +180,7 @@ void Update_Hour()
}
}
}
-
+
snprintf(_hourly,128,"%s/%d",STATQUEUE,i);
fp = fopen(_hourly, "w");
if(fp)
@@ -193,7 +193,7 @@ void Update_Hour()
{
merror(FOPEN_ERROR, "logstats", _hourly);
}
-
+
_CHour[i] = 0; /* Zeroing the currently hour */
}
@@ -207,7 +207,7 @@ void Update_Hour()
inter = _CWHour[i][24];
if(inter > 7)
inter = 7;
-
+
for(j=0;j<=24;j++)
{
if(j != 24)
@@ -230,7 +230,7 @@ void Update_Hour()
}
}
}
-
+
snprintf(_weekly,128,"%s/%d/%d",STATWQUEUE,i,j);
fp = fopen(_weekly, "w");
if(fp)
@@ -242,9 +242,9 @@ void Update_Hour()
{
merror(FOPEN_ERROR, "logstats", _weekly);
}
-
+
_CWHour[i][j] = 0;
- }
+ }
}
_daily_errors = 0;
@@ -287,8 +287,8 @@ int Check_Hour(Eventinfo *lf)
" between %d:00 and %d:00 is %d. We "
"reached %d.",__crt_hour,__crt_hour+1,
_RHour[__crt_hour],_CHour[__crt_hour]);
-
-
+
+
_fired = 1;
_daily_errors++;
return(1);
@@ -300,13 +300,13 @@ int Check_Hour(Eventinfo *lf)
/* We need to have at least 3 days of stats */
if(_RWHour[__crt_wday][24] <= 2)
return(0);
-
+
/* checking for the hour during a specific day of the week */
if(_RWHour[__crt_wday][__crt_hour] != 0)
{
if(_CWHour[__crt_wday][__crt_hour] > _RWHour[__crt_wday][__crt_hour])
{
- if(_CWHour[__crt_wday][__crt_hour] >
+ if(_CWHour[__crt_wday][__crt_hour] >
gethour(_RWHour[__crt_wday][__crt_hour]))
{
snprintf(__stats_comment, 191,
@@ -316,8 +316,8 @@ int Check_Hour(Eventinfo *lf)
weekdays[__crt_wday],
_RWHour[__crt_wday][__crt_hour],
_CWHour[__crt_wday][__crt_hour]);
-
-
+
+
_fired = 1;
_daily_errors++;
return(1);
@@ -355,7 +355,7 @@ int Start_Hour()
maxdiff = getDefine_Int("analysisd",
"stats_maxdiff",
10, 99999);
-
+
mindiff = getDefine_Int("analysisd",
"stats_mindiff",
10, 99999);
@@ -372,22 +372,22 @@ int Start_Hour()
_lastmsg = NULL;
_prevlast = NULL;
_pprevlast = NULL;
-
-
+
+
/* They should not be null */
os_strdup(" ", _lastmsg);
os_strdup(" ", _prevlast);
os_strdup(" ", _pprevlast);
-
-
- /* Creating the stat queue directories */
+
+
+ /* Creating the stat queue directories */
if(IsDir(STATWQUEUE) == -1)
if(mkdir(STATWQUEUE,0770) == -1)
{
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATWQUEUE);
return(-1);
- }
+ }
if(IsDir(STATQUEUE) == -1)
if(mkdir(STATQUEUE,0770) == -1)
@@ -395,7 +395,7 @@ int Start_Hour()
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATQUEUE);
return(-1);
- }
+ }
/* Creating store dir */
if(IsDir(STATSAVED) == -1)
@@ -415,7 +415,7 @@ int Start_Hour()
_CHour[i]=0;
if(File_DateofChange(_hourly) < 0)
_RHour[i] = 0;
-
+
else
{
FILE *fp;
@@ -428,7 +428,7 @@ int Start_Hour()
_RHour[i] = 0;
if(_RHour[i] < 0)
- _RHour[i] = 0;
+ _RHour[i] = 0;
fclose(fp);
}
}
@@ -465,7 +465,7 @@ int Start_Hour()
_RWHour[i][j] = 0;
if(_RWHour[i][j] < 0)
- _RWHour[i][j] = 0;
+ _RWHour[i][j] = 0;
fclose(fp);
}
}
@@ -497,7 +497,7 @@ int LastMsg_Stats(char *log)
/* LastMsg_Change: v0.3: 2006/03/21
* v0.3: 2006/03/21: Some performance fixes.
- * v0.2: 2005/03/17
+ * v0.2: 2005/03/17
* If the message is not repeated, rearrange the last
* received messages
*/
@@ -505,12 +505,12 @@ void LastMsg_Change(char *log)
{
/* Removing the last one */
free(_pprevlast);
-
+
/* Moving the second to third and the last to second */
_pprevlast = _prevlast;
-
+
_prevlast = _lastmsg;
-
+
os_strdup(log, _lastmsg);
return;
diff --git a/src/analysisd/testrule.c b/src/analysisd/testrule.c
index 4579783..d2f5b25 100755
--- a/src/analysisd/testrule.c
+++ b/src/analysisd/testrule.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -17,7 +17,7 @@
/* Part of the OSSEC
* Available at http://www.ossec.net
*/
-
+
/* ossec-analysisd.
* Responsible for correlation and log decoding.
@@ -123,7 +123,7 @@ int main(int argc, char **argv)
{
int t_config = 0;
int c = 0, m_queue = 0;
- char *ut_str = NULL;
+ char *ut_str = NULL;
char *dir = DEFAULTDIR;
char *user = USER;
@@ -176,6 +176,7 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
@@ -183,9 +184,9 @@ int main(int argc, char **argv)
break;
case 'a':
alert_only = 1;
- break;
+ break;
case 'v':
- full_output = 1;
+ full_output = 1;
break;
default:
logtest_help(ARGV0);
@@ -204,14 +205,14 @@ int main(int argc, char **argv)
}
debug1(READ_CONFIG, ARGV0);
-
-
+
+
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
- strncpy(__shost, OSSEC_SERVER, 512 -1);
+ strncpy(__shost, OSSEC_SERVER, 512 -1);
}
else
{
@@ -222,7 +223,7 @@ int main(int argc, char **argv)
if(_ltmp)
*_ltmp = '\0';
}
-
+
if(chdir(dir) != 0)
@@ -230,18 +231,18 @@ int main(int argc, char **argv)
/*
- * Anonymous Section: Load rules, decoders, and lists
+ * Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
- * are created with blank database structs, and need to be filled in after
- * completion of all rules and lists.
+ * are created with blank database structs, and need to be filled in after
+ * completion of all rules and lists.
*/
{
{ /* Lad decders */
/* Initializing the decoders list */
OS_CreateOSDecoderList();
- if(!Config.decoders)
+ if(!Config.decoders)
{ /* Legacy loading */
/* Reading decoders */
if(!ReadDecodeXML("etc/decoder.xml"))
@@ -271,9 +272,9 @@ int main(int argc, char **argv)
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
if(!ReadDecodeXML(*decodersfiles))
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
-
- free(*decodersfiles);
- decodersfiles++;
+
+ free(*decodersfiles);
+ decodersfiles++;
}
}
@@ -282,7 +283,7 @@ int main(int argc, char **argv)
}
{ /* Load Lists */
/* Initializing the lists of list struct */
- Lists_OP_CreateLists();
+ Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
@@ -312,31 +313,31 @@ int main(int argc, char **argv)
debug1("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if(Rules_OP_ReadRules(*rulesfiles) < 0)
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
-
- free(*rulesfiles);
- rulesfiles++;
+
+ free(*rulesfiles);
+ rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
-
+
/* Find all rules with that require list lookups and attache the
- * the correct list struct to the rule. This keeps rules from having to
+ * the correct list struct to the rule. This keeps rules from having to
* search thought the list of lists for the correct file during rule evaluation.
*/
OS_ListLoadRules();
}
}
-
+
/* Fixing the levels/accuracy */
{
int total_rules;
RuleNode *tmp_node = OS_GetFirstRule();
total_rules = _setlevels(tmp_node, 0);
- debug1("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
+ debug1("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
@@ -357,7 +358,7 @@ int main(int argc, char **argv)
exit(0);
}
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
@@ -367,7 +368,7 @@ int main(int argc, char **argv)
exit(0);
-
+
}
@@ -383,12 +384,12 @@ void OS_ReadMSG(int m_queue, char *ut_str)
int exit_code = 0;
char *ut_alertlevel = NULL;
char *ut_rulelevel = NULL;
- char *ut_decoder_name = NULL;
+ char *ut_decoder_name = NULL;
if(ut_str)
{
/* XXX Break apart string */
- ut_rulelevel = ut_str;
+ ut_rulelevel = ut_str;
ut_alertlevel = strchr(ut_rulelevel, ':');
if(!ut_alertlevel)
{
@@ -398,7 +399,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
else
{
*ut_alertlevel = '\0';
- ut_alertlevel++;
+ ut_alertlevel++;
}
ut_decoder_name = strchr(ut_alertlevel, ':');
if(!ut_decoder_name)
@@ -430,7 +431,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
{
ErrorExit(FTS_LIST_ERROR, ARGV0);
}
-
+
__crt_ftell = 1;
@@ -441,17 +442,17 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Doing some cleanup */
memset(msg, '\0', OS_MAXSTR +1);
-
+
if(!alert_only)
print_out("%s: Type one log per line.\n", ARGV0);
-
-
+
+
/* Daemon loop */
while(1)
{
lf = (Eventinfo *)calloc(1,sizeof(Eventinfo));
-
+
/* This shouldn't happen .. */
if(lf == NULL)
{
@@ -461,9 +462,9 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Fixing the msg. */
snprintf(msg, 15, "1:stdin:");
-
-
-
+
+
+
/* Receive message from queue */
if(fgets(msg +8, OS_MAXSTR, stdin))
{
@@ -483,10 +484,10 @@ void OS_ReadMSG(int m_queue, char *ut_str)
{
continue;
}
-
-
+
+
if(!alert_only)print_out("\n");
-
+
/* Default values for the log info */
Zero_Eventinfo(lf);
@@ -515,17 +516,17 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Decoding event. */
DecodeEvent(lf);
-
+
/* Looping all the rules */
rulenode_pt = OS_GetFirstRule();
- if(!rulenode_pt)
+ if(!rulenode_pt)
{
ErrorExit("%s: Rules in an inconsistent state. Exiting.",
ARGV0);
}
-
+
#ifdef TESTRULE
if(full_output && !alert_only)
print_out("\n**Rule debugging:");
@@ -544,9 +545,9 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* We go ahead in here and process the alert. */
currently_rule = lf->generated_rule;
}
-
+
/* The categories must match */
- else if(rulenode_pt->ruleinfo->category !=
+ else if(rulenode_pt->ruleinfo->category !=
lf->decoder_info->type)
{
continue;
@@ -554,7 +555,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Checking each rule. */
- else if((currently_rule = OS_CheckIfRuleMatch(lf, rulenode_pt))
+ else if((currently_rule = OS_CheckIfRuleMatch(lf, rulenode_pt))
== NULL)
{
continue;
@@ -568,13 +569,13 @@ void OS_ReadMSG(int m_queue, char *ut_str)
print_out(" Rule id: '%d'", currently_rule->sigid);
print_out(" Level: '%d'", currently_rule->level);
print_out(" Description: '%s'",currently_rule->comment);
- for (last_info_detail = currently_rule->info_details; last_info_detail != NULL; last_info_detail = last_info_detail->next)
+ for (last_info_detail = currently_rule->info_details; last_info_detail != NULL; last_info_detail = last_info_detail->next)
{
print_out(" Info - %s: '%s'", ruleinfodetail_text[last_info_detail->type], last_info_detail->data);
}
}
#endif
-
+
/* Ignore level 0 */
@@ -584,7 +585,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
}
- /* Checking ignore time */
+ /* Checking ignore time */
if(currently_rule->ignore_time)
{
if(currently_rule->time_ignored == 0)
@@ -595,7 +596,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
* is less than the time it should be ignored,
* leave (do not alert again).
*/
- else if((lf->time - currently_rule->time_ignored)
+ else if((lf->time - currently_rule->time_ignored)
< currently_rule->ignore_time)
{
break;
@@ -609,7 +610,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Pointer to the rule that generated it */
lf->generated_rule = currently_rule;
-
+
/* Checking if we should ignore it */
if(currently_rule->ckignore && IGnore(lf))
{
@@ -617,7 +618,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
lf->generated_rule = NULL;
break;
}
-
+
/* Checking if we need to add to ignore list */
if(currently_rule->ignore)
{
@@ -649,19 +650,19 @@ void OS_ReadMSG(int m_queue, char *ut_str)
}
else
{
- lf->sid_node_to_delete =
+ lf->sid_node_to_delete =
currently_rule->sid_prev_matched->last_node;
}
}
/* Group list */
else if(currently_rule->group_prev_matched)
{
- i = 0;
-
+ i = 0;
+
while(i < currently_rule->group_prev_matched_sz)
{
if(!OSList_AddData(
- currently_rule->group_prev_matched[i],
+ currently_rule->group_prev_matched[i],
lf))
{
merror("%s: Unable to add data to grp list.",ARGV0);
@@ -669,7 +670,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
i++;
}
}
-
+
OS_AddEvent(lf);
break;
@@ -701,7 +702,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
/* Only clear the memory if the eventinfo was not
- * added to the stateful memory
+ * added to the stateful memory
* -- message is free inside clean event --
*/
if(lf->generated_rule == NULL)
@@ -710,7 +711,7 @@ void OS_ReadMSG(int m_queue, char *ut_str)
}
else
{
- exit(exit_code);
+ exit(exit_code);
}
}
exit(exit_code);
diff --git a/src/client-agent/._COPYRIGHT b/src/client-agent/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._COPYRIGHT and /dev/null differ
diff --git a/src/client-agent/._Makefile b/src/client-agent/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._Makefile and /dev/null differ
diff --git a/src/client-agent/._VERSION b/src/client-agent/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._VERSION and /dev/null differ
diff --git a/src/client-agent/._agentd.c b/src/client-agent/._agentd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._agentd.c and /dev/null differ
diff --git a/src/client-agent/._agentd.h b/src/client-agent/._agentd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._agentd.h and /dev/null differ
diff --git a/src/client-agent/._config.c b/src/client-agent/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._config.c and /dev/null differ
diff --git a/src/client-agent/._event-forward.c b/src/client-agent/._event-forward.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._event-forward.c and /dev/null differ
diff --git a/src/client-agent/._intcheck_op.c b/src/client-agent/._intcheck_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._intcheck_op.c and /dev/null differ
diff --git a/src/client-agent/._main.c b/src/client-agent/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._main.c and /dev/null differ
diff --git a/src/client-agent/._notify.c b/src/client-agent/._notify.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._notify.c and /dev/null differ
diff --git a/src/client-agent/._receiver-win.c b/src/client-agent/._receiver-win.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._receiver-win.c and /dev/null differ
diff --git a/src/client-agent/._receiver.c b/src/client-agent/._receiver.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._receiver.c and /dev/null differ
diff --git a/src/client-agent/._sendmsg.c b/src/client-agent/._sendmsg.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._sendmsg.c and /dev/null differ
diff --git a/src/client-agent/._start_agent.c b/src/client-agent/._start_agent.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/client-agent/._start_agent.c and /dev/null differ
diff --git a/src/client-agent/agentd.c b/src/client-agent/agentd.c
index 1e08e19..ca33dd5 100755
--- a/src/client-agent/agentd.c
+++ b/src/client-agent/agentd.c
@@ -29,30 +29,30 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
{
int rc = 0;
int pid = 0;
- int maxfd = 0;
+ int maxfd = 0;
fd_set fdset;
-
+
struct timeval fdtimeout;
-
+
/* Going daemon */
pid = getpid();
available_server = 0;
nowDaemon();
goDaemon();
-
+
/* Setting group ID */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR, ARGV0, group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR, ARGV0, dir);
-
+
nowChroot();
@@ -69,7 +69,7 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
maxfd = logr->m_queue;
logr->sock = -1;
-
+
/* Creating PID file */
@@ -79,11 +79,11 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
/* Reading the private keys */
verbose(ENC_READ, ARGV0);
-
+
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
- /* cmoraes : changed the following call to
+ /* cmoraes : changed the following call to
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
*/
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id,
@@ -93,14 +93,14 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* Initial random numbers */
#ifdef __OpenBSD__
srandomdev();
#else
srandom( time(0) + getpid()+ pid + getppid());
#endif
-
+
random();
@@ -118,7 +118,7 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
{
ErrorExit(UNABLE_CONN, ARGV0);
}
-
+
/* Setting max fd for select */
if(logr->sock > maxfd)
@@ -144,7 +144,7 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
os_setwait();
start_agent(1);
-
+
os_delwait();
@@ -152,15 +152,15 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
intcheck_file(OSSECCONF, dir);
intcheck_file(OSSEC_DEFINES, dir);
-
+
/* Sending first notification */
run_notify();
-
-
+
+
/* Maxfd must be higher socket +1 */
maxfd++;
-
-
+
+
/* monitor loop */
while(1)
{
@@ -172,28 +172,30 @@ void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
fdtimeout.tv_sec = 120;
fdtimeout.tv_usec = 0;
-
+ /* Continuesly send notifications */
+ run_notify();
+
/* Wait for 120 seconds at a maximum for any descriptor */
rc = select(maxfd, &fdset, NULL, NULL, &fdtimeout);
if(rc == -1)
{
ErrorExit(SELECT_ERROR, ARGV0);
}
-
-
+
+
else if(rc == 0)
{
continue;
- }
+ }
+
-
/* For the receiver */
if(FD_ISSET(logr->sock, &fdset))
{
receive_msg();
}
-
+
/* For the forwarder */
if(FD_ISSET(logr->m_queue, &fdset))
{
diff --git a/src/client-agent/agentd.h b/src/client-agent/agentd.h
index 5496a68..87b5c92 100755
--- a/src/client-agent/agentd.h
+++ b/src/client-agent/agentd.h
@@ -40,7 +40,7 @@ void *receive_msg();
/* Receiver messages for Windows */
void *receiver_thread(void *none);
-/* intcheck_file:
+/* intcheck_file:
* Sends integrity checking information about a file to the server.
*/
int intcheck_file(char *file_name, char *dir);
@@ -64,7 +64,7 @@ void run_notify();
/*** Global variables ***/
/* Global variables. Only modified
- * during startup.
+ * during startup.
*/
#include "shared.h"
diff --git a/src/client-agent/config.c b/src/client-agent/config.c
index 529d57d..7d6d151 100755
--- a/src/client-agent/config.c
+++ b/src/client-agent/config.c
@@ -26,7 +26,7 @@
/* ClientConf v0.2, 2005/03/03
* Read the config file (for the remote client)
* v0.2: New OS_XML
- */
+ */
int ClientConf(char *cfgfile)
{
int modules = 0;
diff --git a/src/client-agent/intcheck_op.c b/src/client-agent/intcheck_op.c
index 811212b..a7025c6 100755
--- a/src/client-agent/intcheck_op.c
+++ b/src/client-agent/intcheck_op.c
@@ -43,7 +43,7 @@ int intcheck_file(char *file_name, char *dir)
if(lstat(file_name, &statbuf) < 0)
#endif
{
- snprintf(newsum, 911,"%c:%s:-1 %s%s", SYSCHECK_MQ, SYSCHECK,
+ snprintf(newsum, 911,"%c:%s:-1 %s%s", SYSCHECK_MQ, SYSCHECK,
dir, file_name);
send_msg(0, newsum);
@@ -71,7 +71,7 @@ int intcheck_file(char *file_name, char *dir)
}
}
-
+
snprintf(newsum,911,"%c:%s:%d:%d:%d:%d:%s:%s %s%s",
SYSCHECK_MQ, SYSCHECK,
(int)statbuf.st_size,
diff --git a/src/client-agent/main.c b/src/client-agent/main.c
index ae2e642..bda8ced 100755
--- a/src/client-agent/main.c
+++ b/src/client-agent/main.c
@@ -36,15 +36,15 @@ int main(int argc, char **argv)
{
int c = 0;
int test_config = 0;
-
+
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
-
+
int uid = 0;
int gid = 0;
-
+
/* Setting the name */
OS_SetName(ARGV0);
@@ -71,7 +71,7 @@ int main(int argc, char **argv)
group = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
case 'D':
if(!optarg)
@@ -89,7 +89,7 @@ int main(int argc, char **argv)
ErrorExit(MEM_ERROR, ARGV0);
}
-
+
/* Reading config */
if(ClientConf(DEFAULTCPATH) < 0)
{
@@ -99,7 +99,7 @@ int main(int argc, char **argv)
if(!logr->rip)
{
merror(AG_INV_IP, ARGV0);
- ErrorExit(CLIENT_ERROR,ARGV0);
+ ErrorExit(CLIENT_ERROR,ARGV0);
}
@@ -109,7 +109,7 @@ int main(int argc, char **argv)
ErrorExit(AG_NOKEYS_EXIT, ARGV0);
}
-
+
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
@@ -132,7 +132,7 @@ int main(int argc, char **argv)
/* Agentd Start */
AgentdStart(dir, uid, gid, user, group);
-
+
return(0);
}
diff --git a/src/client-agent/notify.c b/src/client-agent/notify.c
index 1680b6b..e698380 100755
--- a/src/client-agent/notify.c
+++ b/src/client-agent/notify.c
@@ -42,9 +42,9 @@ char *getsharedfiles()
int m_size = 512;
char *ret;
-
+
os_md5 md5sum;
-
+
if(OS_MD5_File(SHAREDCFG_FILE, md5sum) != 0)
{
@@ -64,7 +64,7 @@ char *getsharedfiles()
snprintf(ret, m_size, "%s merged.mg\n", md5sum);
-
+
return(ret);
}
@@ -113,14 +113,14 @@ void run_notify()
return;
}
g_saved_time = curr_time;
-
+
debug1("%s: DEBUG: Sending agent notification.", ARGV0);
/* Send the message.
- * Message is going to be the
- * uname\n checksum file\n checksum file\n
- */
+ * Message is going to be the
+ * uname\n checksum file\n checksum file\n
+ */
/* Getting uname */
uname = getuname();
diff --git a/src/client-agent/receiver-win.c b/src/client-agent/receiver-win.c
index 75022be..33395e4 100755
--- a/src/client-agent/receiver-win.c
+++ b/src/client-agent/receiver-win.c
@@ -20,36 +20,36 @@
-/* receiver_thread:
+/* receiver_thread:
* Receive events from the server.
*/
void *receiver_thread(void *none)
{
int recv_b;
-
+
char file[OS_SIZE_1024 +1];
char buffer[OS_MAXSTR +1];
-
+
char cleartext[OS_MAXSTR + 1];
char *tmp_msg;
-
+
char file_sum[34];
fd_set fdset;
struct timeval selecttime;
-
+
FILE *fp;
/* Setting FP to null, before starting */
fp = NULL;
-
+
memset(cleartext, '\0', OS_MAXSTR +1);
memset(buffer, '\0', OS_MAXSTR +1);
memset(file, '\0', OS_SIZE_1024 +1);
memset(file_sum, '\0', 34);
-
-
+
+
while(1)
{
/* sock must be set. */
@@ -61,13 +61,13 @@ void *receiver_thread(void *none)
FD_ZERO(&fdset);
FD_SET(logr->sock, &fdset);
-
+
/* Wait for 30 seconds. */
selecttime.tv_sec = 30;
selecttime.tv_usec = 0;
-
+
/* Wait for 120 seconds at a maximum for any descriptor */
recv_b = select(0, &fdset, NULL, NULL, &selecttime);
if(recv_b == -1)
@@ -81,7 +81,7 @@ void *receiver_thread(void *none)
continue;
}
- /* Read until no more messages are available */
+ /* Read until no more messages are available */
while((recv_b = recv(logr->sock,buffer,OS_SIZE_1024, 0))>0)
{
/* Id of zero -- only one key allowed */
@@ -98,27 +98,27 @@ void *receiver_thread(void *none)
{
/* This is the only thread that modifies it */
available_server = (int)time(NULL);
-
+
/* Run timeout commands. */
if(logr->execdq >= 0)
WinTimeoutRun(available_server);
-
+
/* If it is an active response message */
if(strncmp(tmp_msg, EXECD_HEADER, strlen(EXECD_HEADER)) == 0)
{
tmp_msg+=strlen(EXECD_HEADER);
-
+
/* Run on windows. */
if(logr->execdq >= 0)
{
WinExecdRun(tmp_msg);
}
-
-
+
+
continue;
- }
+ }
/* Restart syscheck. */
@@ -128,7 +128,7 @@ void *receiver_thread(void *none)
continue;
}
-
+
/* Ack from server */
else if(strcmp(tmp_msg, HC_ACK) == 0)
{
@@ -143,7 +143,7 @@ void *receiver_thread(void *none)
}
/* File update message */
- if(strncmp(tmp_msg, FILE_UPDATE_HEADER,
+ if(strncmp(tmp_msg, FILE_UPDATE_HEADER,
strlen(FILE_UPDATE_HEADER)) == 0)
{
char *validate_file;
@@ -161,7 +161,7 @@ void *receiver_thread(void *none)
/* copying the file sum */
strncpy(file_sum, tmp_msg, 33);
-
+
/* Setting tmp_msg to the beginning of the file name */
validate_file++;
tmp_msg = validate_file;
@@ -178,10 +178,10 @@ void *receiver_thread(void *none)
}
if(tmp_msg[0] == '.')
- tmp_msg[0] = '-';
+ tmp_msg[0] = '-';
-
- snprintf(file, OS_SIZE_1024, "%s/%s",
+
+ snprintf(file, OS_SIZE_1024, "%s/%s",
SHAREDCFG_DIR,
tmp_msg);
@@ -192,7 +192,7 @@ void *receiver_thread(void *none)
}
}
- else if(strncmp(tmp_msg, FILE_CLOSE_HEADER,
+ else if(strncmp(tmp_msg, FILE_CLOSE_HEADER,
strlen(FILE_CLOSE_HEADER)) == 0)
{
/* no error */
@@ -204,7 +204,7 @@ void *receiver_thread(void *none)
fclose(fp);
fp = NULL;
}
-
+
if(file[0] == '\0')
{
/* nada */
@@ -221,7 +221,7 @@ void *receiver_thread(void *none)
if(strcmp(currently_md5, file_sum) != 0)
{
debug1("%s: Failed md5 for: %s -- deleting.",
- ARGV0, file);
+ ARGV0, file);
unlink(file);
}
else
@@ -264,10 +264,10 @@ void *receiver_thread(void *none)
merror("%s: WARN: Unknown message received. No action defined.",
ARGV0);
}
- }
+ }
}
-
+
/* Cleaning up */
if(fp)
{
@@ -275,7 +275,7 @@ void *receiver_thread(void *none)
if(file[0] != '\0')
unlink(file);
}
-
+
return(NULL);
}
diff --git a/src/client-agent/receiver.c b/src/client-agent/receiver.c
index 3493e94..1a35484 100755
--- a/src/client-agent/receiver.c
+++ b/src/client-agent/receiver.c
@@ -30,7 +30,7 @@ char file_sum[34] = "";
char file[OS_SIZE_1024 +1] = "";
-/* receive_msg:
+/* receive_msg:
* Receive events from the server.
*/
void *receive_msg()
@@ -48,7 +48,7 @@ void *receive_msg()
- /* Read until no more messages are available */
+ /* Read until no more messages are available */
while((recv_b = recv(logr->sock, buffer, OS_SIZE_1024, MSG_DONTWAIT)) > 0)
{
buffer[recv_b] = '\0';
@@ -84,7 +84,7 @@ void *receive_msg()
{
if(OS_SendUnix(logr->execdq, tmp_msg, 0) < 0)
{
- merror("%s: Error communicating with execd",
+ merror("%s: Error communicating with execd",
ARGV0);
}
}
@@ -102,7 +102,7 @@ void *receive_msg()
continue;
- }
+ }
/* Restart syscheck. */
@@ -129,7 +129,7 @@ void *receive_msg()
/* File update message */
- if(strncmp(tmp_msg, FILE_UPDATE_HEADER,
+ if(strncmp(tmp_msg, FILE_UPDATE_HEADER,
strlen(FILE_UPDATE_HEADER)) == 0)
{
char *validate_file;
@@ -165,10 +165,10 @@ void *receive_msg()
}
if(tmp_msg[0] == '.')
- tmp_msg[0] = '-';
+ tmp_msg[0] = '-';
- snprintf(file, OS_SIZE_1024, "%s/%s",
+ snprintf(file, OS_SIZE_1024, "%s/%s",
SHAREDCFG_DIR,
tmp_msg);
@@ -180,7 +180,7 @@ void *receive_msg()
}
}
- else if(strncmp(tmp_msg, FILE_CLOSE_HEADER,
+ else if(strncmp(tmp_msg, FILE_CLOSE_HEADER,
strlen(FILE_CLOSE_HEADER)) == 0)
{
/* no error */
@@ -209,7 +209,7 @@ void *receive_msg()
if(strcmp(currently_md5, file_sum) != 0)
{
debug1("%s: ERROR: Failed md5 for: %s -- deleting.",
- ARGV0, file);
+ ARGV0, file);
unlink(file);
}
else
@@ -253,7 +253,7 @@ void *receive_msg()
merror("%s: WARN: Unknown message received. No action defined.",
ARGV0);
}
- }
+ }
return(NULL);
diff --git a/src/client-agent/sendmsg.c b/src/client-agent/sendmsg.c
index ad0be49..f92a457 100755
--- a/src/client-agent/sendmsg.c
+++ b/src/client-agent/sendmsg.c
@@ -15,7 +15,7 @@
#include "agentd.h"
#include "os_net/os_net.h"
-
+
/* Sends a message to the server */
int send_msg(int agentid, char *msg)
diff --git a/src/client-agent/start_agent.c b/src/client-agent/start_agent.c
index 1b211f1..3327d9d 100755
--- a/src/client-agent/start_agent.c
+++ b/src/client-agent/start_agent.c
@@ -45,15 +45,15 @@ int connect_server(int initial_id)
if(logr->rip[1])
{
- verbose("%s: INFO: Closing connection to server (%s:%d).",
+ verbose("%s: INFO: Closing connection to server (%s:%d).",
ARGV0,
logr->rip[rc],
logr->port);
}
-
+
}
-
-
+
+
while(logr->rip[rc])
{
char *tmp_str;
@@ -64,7 +64,7 @@ int connect_server(int initial_id)
{
char *f_ip;
*tmp_str = '\0';
-
+
f_ip = OS_GetHost(logr->rip[rc], 5);
if(f_ip)
{
@@ -72,7 +72,7 @@ int connect_server(int initial_id)
ip_str[127] = '\0';
snprintf(ip_str, 127, "%s/%s", logr->rip[rc], f_ip);
-
+
free(f_ip);
free(logr->rip[rc]);
@@ -82,7 +82,7 @@ int connect_server(int initial_id)
}
else
{
- merror("%s: WARN: Unable to get hostname for '%s'.",
+ merror("%s: WARN: Unable to get hostname for '%s'.",
ARGV0, logr->rip[rc]);
*tmp_str = '/';
tmp_str++;
@@ -92,8 +92,8 @@ int connect_server(int initial_id)
{
tmp_str = logr->rip[rc];
}
-
-
+
+
verbose("%s: INFO: Trying to connect to server (%s:%d).", ARGV0,
logr->rip[rc],
logr->port);
@@ -119,11 +119,11 @@ int connect_server(int initial_id)
if(logr->rip[rc] == NULL)
{
attempts += 10;
-
+
/* Only log that if we have more than 1 server configured. */
if(logr->rip[1])
merror("%s: ERROR: Unable to connect to any server.",ARGV0);
-
+
sleep(attempts);
rc = 0;
}
@@ -137,7 +137,7 @@ int connect_server(int initial_id)
#ifdef WIN32
int bmode = 1;
-
+
/* Setting socket to non-blocking */
ioctlsocket(logr->sock, FIONBIO, (u_long FAR*) &bmode);
#endif
@@ -164,7 +164,7 @@ void start_agent(int is_startup)
char buffer[OS_MAXSTR +1];
char cleartext[OS_MAXSTR +1];
char fmsg[OS_MAXSTR +1];
-
+
memset(msg, '\0', OS_MAXSTR +2);
memset(buffer, '\0', OS_MAXSTR +1);
@@ -176,15 +176,15 @@ void start_agent(int is_startup)
#ifdef ONEWAY
return;
#endif
-
-
+
+
/* Sending start message and waiting for the ack */
while(1)
{
/* Sending start up message */
send_msg(0, msg);
attempts = 0;
-
+
/* Read until our reply comes back */
while(((recv_b = recv(logr->sock, buffer, OS_MAXSTR,
@@ -203,10 +203,10 @@ void start_agent(int is_startup)
{
send_msg(0, msg);
}
-
+
continue;
}
-
+
/* Id of zero -- only one key allowed */
tmp_msg = ReadSecMSG(&keys, buffer, cleartext, 0, recv_b -1);
if(tmp_msg == NULL)
@@ -224,16 +224,16 @@ void start_agent(int is_startup)
{
available_server = time(0);
- verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
+ verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
logr->port);
-
+
if(is_startup)
{
/* Send log message about start up */
- snprintf(msg, OS_MAXSTR, OS_AG_STARTED,
+ snprintf(msg, OS_MAXSTR, OS_AG_STARTED,
keys.keyentries[0]->name,
keys.keyentries[0]->ip->ip);
- snprintf(fmsg, OS_MAXSTR, "%c:%s:%s", LOCALFILE_MQ,
+ snprintf(fmsg, OS_MAXSTR, "%c:%s:%s", LOCALFILE_MQ,
"ossec", msg);
send_msg(0, fmsg);
}
@@ -269,11 +269,11 @@ void start_agent(int is_startup)
{
sleep(g_attempts);
g_attempts+=(attempts * 3);
-
+
connect_server(0);
}
}
-
+
return;
}
diff --git a/src/config/._Makefile b/src/config/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._Makefile and /dev/null differ
diff --git a/src/config/._active-response.c b/src/config/._active-response.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._active-response.c and /dev/null differ
diff --git a/src/config/._active-response.h b/src/config/._active-response.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._active-response.h and /dev/null differ
diff --git a/src/config/._agentlessd-config.c b/src/config/._agentlessd-config.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/config/._agentlessd-config.c and /dev/null differ
diff --git a/src/config/._agentlessd-config.h b/src/config/._agentlessd-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._agentlessd-config.h and /dev/null differ
diff --git a/src/config/._alerts-config.c b/src/config/._alerts-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._alerts-config.c and /dev/null differ
diff --git a/src/config/._client-config.c b/src/config/._client-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._client-config.c and /dev/null differ
diff --git a/src/config/._client-config.h b/src/config/._client-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._client-config.h and /dev/null differ
diff --git a/src/config/._config.c b/src/config/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._config.c and /dev/null differ
diff --git a/src/config/._config.h b/src/config/._config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._config.h and /dev/null differ
diff --git a/src/config/._csyslogd-config.c b/src/config/._csyslogd-config.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/config/._csyslogd-config.c and /dev/null differ
diff --git a/src/config/._csyslogd-config.h b/src/config/._csyslogd-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._csyslogd-config.h and /dev/null differ
diff --git a/src/config/._dbd-config.c b/src/config/._dbd-config.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/config/._dbd-config.c and /dev/null differ
diff --git a/src/config/._dbd-config.h b/src/config/._dbd-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._dbd-config.h and /dev/null differ
diff --git a/src/config/._email-alerts-config.c b/src/config/._email-alerts-config.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/config/._email-alerts-config.c and /dev/null differ
diff --git a/src/config/._global-config.c b/src/config/._global-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._global-config.c and /dev/null differ
diff --git a/src/config/._global-config.h b/src/config/._global-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._global-config.h and /dev/null differ
diff --git a/src/config/._localfile-config.c b/src/config/._localfile-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._localfile-config.c and /dev/null differ
diff --git a/src/config/._localfile-config.h b/src/config/._localfile-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._localfile-config.h and /dev/null differ
diff --git a/src/config/._mail-config.h b/src/config/._mail-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._mail-config.h and /dev/null differ
diff --git a/src/config/._remote-config.c b/src/config/._remote-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._remote-config.c and /dev/null differ
diff --git a/src/config/._remote-config.h b/src/config/._remote-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._remote-config.h and /dev/null differ
diff --git a/src/config/._reports-config.c b/src/config/._reports-config.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/config/._reports-config.c and /dev/null differ
diff --git a/src/config/._reports-config.h b/src/config/._reports-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._reports-config.h and /dev/null differ
diff --git a/src/config/._rootcheck-config.c b/src/config/._rootcheck-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._rootcheck-config.c and /dev/null differ
diff --git a/src/config/._rootcheck-config.h b/src/config/._rootcheck-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._rootcheck-config.h and /dev/null differ
diff --git a/src/config/._rules-config.c b/src/config/._rules-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._rules-config.c and /dev/null differ
diff --git a/src/config/._syscheck-config.c b/src/config/._syscheck-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._syscheck-config.c and /dev/null differ
diff --git a/src/config/._syscheck-config.h b/src/config/._syscheck-config.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/config/._syscheck-config.h and /dev/null differ
diff --git a/src/config/active-response.c b/src/config/active-response.c
index cf9f8de..ee4937d 100755
--- a/src/config/active-response.c
+++ b/src/config/active-response.c
@@ -10,7 +10,10 @@
* Foundation
*/
-
+#ifndef WIN32
+#include <sys/types.h>
+#include <grp.h>
+#endif
#include "shared.h"
#include "os_xml/os_xml.h"
#include "os_regex/os_regex.h"
@@ -55,7 +58,27 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH);
return(-1);
}
- chmod(DEFAULTARPATH, 0444);
+
+#ifndef WIN32
+ struct group *os_group;
+ if((os_group = getgrnam(USER)) == NULL)
+ {
+ merror("Could not get ossec gid.");
+ return(-1);
+ }
+
+ if((chown(DEFAULTARPATH, -1, os_group->gr_gid)) == -1)
+ {
+ merror("Could not change the group to ossec: %d", errno);
+ return(-1);
+ }
+#endif
+
+ if((chmod(DEFAULTARPATH, 0440)) == -1)
+ {
+ merror("Could not chmod to 0440: %d", errno);
+ return(-1);
+ }
/* Allocating for the active-response */
@@ -80,7 +103,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
@@ -95,12 +118,12 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
}
/* Command */
- if(strcmp(node[i]->element, xml_ar_command) == 0)
+ if(strcmp(node[i]->element, xml_ar_command) == 0)
{
tmp_ar->command = strdup(node[i]->content);
}
/* Target */
- else if(strcmp(node[i]->element, xml_ar_location) == 0)
+ else if(strcmp(node[i]->element, xml_ar_location) == 0)
{
tmp_location = strdup(node[i]->content);
}
@@ -124,7 +147,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
return(OS_INVALID);
}
-
+
tmp_ar->level = atoi(node[i]->content);
/* Making sure the level is valid */
@@ -165,7 +188,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
return(OS_INVALID);
}
i++;
- }
+ }
/* Checking if ar is disabled */
if(ar_flag == -1)
@@ -214,14 +237,14 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
}
/* If we didn't set any value for the location */
- if(tmp_ar->location == 0)
+ if(tmp_ar->location == 0)
{
merror(AR_INV_LOC, ARGV0, tmp_location);
return(-1);
}
- /* cleaning tmp_location */
+ /* cleaning tmp_location */
free(tmp_location);
tmp_location = NULL;
@@ -274,13 +297,13 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
{
ErrorExit(MEM_ERROR, ARGV0);
}
- snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
+ snprintf(tmp_ar->name, OS_FLSIZE, "%s%d",
tmp_ar->ar_cmd->name,
- tmp_ar->timeout);
+ tmp_ar->timeout);
/* Adding to shared file */
- fprintf(fp, "%s - %s - %d\n",
+ fprintf(fp, "%s - %s - %d\n",
tmp_ar->name,
tmp_ar->ar_cmd->executable,
tmp_ar->timeout);
@@ -314,7 +337,7 @@ int ReadActiveResponses(XML_NODE node, void *d1, void *d2)
{
ar_flag|= LOCAL_AR;
}
-
+
/* Closing shared file for active response */
fclose(fp);
@@ -355,7 +378,7 @@ int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
tmp_command->timeout_allowed = 0;
- /* Searching for the commands */
+ /* Searching for the commands */
while(node[i])
{
if(!node[i]->element)
@@ -368,11 +391,11 @@ int ReadActiveCommands(XML_NODE node, void *d1, void *d2)
merror(XML_VALUENULL, ARGV0, node[i]->element);
return(OS_INVALID);
}
- if(strcmp(node[i]->element, command_name) == 0)
+ if(strcmp(node[i]->element, command_name) == 0)
{
tmp_command->name = strdup(node[i]->content);
}
- else if(strcmp(node[i]->element, command_expect) == 0)
+ else if(strcmp(node[i]->element, command_expect) == 0)
{
tmp_str = strdup(node[i]->content);
}
diff --git a/src/config/active-response.h b/src/config/active-response.h
index 86f197e..c9ca703 100755
--- a/src/config/active-response.h
+++ b/src/config/active-response.h
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef _CAR__H
#define _CAR__H
@@ -20,7 +20,7 @@ typedef struct _ar_command
{
int expect;
int timeout_allowed;
-
+
char *name;
char *executable;
}ar_command;
@@ -37,7 +37,7 @@ typedef struct _ar
char *agent_id;
char *rules_id;
char *rules_group;
-
+
ar_command *ar_cmd;
}active_response;
diff --git a/src/config/agentlessd-config.c b/src/config/agentlessd-config.c
index abafd51..6694126 100644
--- a/src/config/agentlessd-config.c
+++ b/src/config/agentlessd-config.c
@@ -34,7 +34,7 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
agentlessd_config *lessd_config = (agentlessd_config *)config;
-
+
/* Getting any configured entry. */
if(lessd_config->entries)
{
@@ -42,9 +42,9 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
s++;
}
-
+
/* Allocating the memory for the config. */
- os_realloc(lessd_config->entries, (s + 2) * sizeof(agentlessd_entries *),
+ os_realloc(lessd_config->entries, (s + 2) * sizeof(agentlessd_entries *),
lessd_config->entries);
os_calloc(1, sizeof(agentlessd_entries), lessd_config->entries[s]);
lessd_config->entries[s + 1] = NULL;
@@ -61,7 +61,7 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
lessd_config->entries[s]->port = 0;
lessd_config->entries[s]->error_flag = 0;
-
+
/* Reading the XML. */
while(node[i])
{
@@ -99,7 +99,7 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
{
char s_content[1024 +1];
s_content[1024] = '\0';
-
+
/* Getting any configured entry. */
j = 0;
if(lessd_config->entries[s]->server)
@@ -108,8 +108,8 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
j++;
}
- os_realloc(lessd_config->entries[s]->server, (j + 2) *
- sizeof(char *),
+ os_realloc(lessd_config->entries[s]->server, (j + 2) *
+ sizeof(char *),
lessd_config->entries[s]->server);
if(strncmp(node[i]->content, "use_su ", 7) == 0)
{
@@ -123,8 +123,8 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
{
snprintf(s_content, 1024, " %s", node[i]->content);
}
-
- os_strdup(s_content,
+
+ os_strdup(s_content,
lessd_config->entries[s]->server[j]);
lessd_config->entries[s]->server[j + 1] = NULL;
}
@@ -135,11 +135,11 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
script_path[1024] = '\0';
snprintf(script_path, 1024, "%s/%s", AGENTLESSDIRPATH,
node[i]->content);
-
+
if(File_DateofChange(script_path) <= 0)
{
merror("%s: ERROR: Unable to find '%s' at '%s'.",
- ARGV0, node[i]->content, AGENTLESSDIRPATH);
+ ARGV0, node[i]->content, AGENTLESSDIRPATH);
merror(XML_VALUEERR,ARGV0, node[i]->element, node[i]->content);
return(OS_INVALID);
}
@@ -191,8 +191,8 @@ int Read_CAgentless(XML_NODE node, void *config, void *config2)
merror(XML_INV_MISSOPTS, ARGV0);
return(OS_INVALID);
}
-
-
+
+
if((lessd_config->entries[s]->state == LESSD_STATE_PERIODIC) &&
!lessd_config->entries[s]->frequency)
{
diff --git a/src/config/agentlessd-config.h b/src/config/agentlessd-config.h
index 3c8a611..c69a6b8 100755
--- a/src/config/agentlessd-config.h
+++ b/src/config/agentlessd-config.h
@@ -32,16 +32,16 @@ typedef struct _agentlessd_entries
int current_state;
int port;
int error_flag;
-
+
char *type;
char **server;
char *options;
char *command;
-
+
}agentlessd_entries;
-/* Configuration structure. */
+/* Configuration structure. */
typedef struct _agentlessd_config
{
int queue;
diff --git a/src/config/alerts-config.c b/src/config/alerts-config.c
index d1639e2..353ba46 100755
--- a/src/config/alerts-config.c
+++ b/src/config/alerts-config.c
@@ -24,16 +24,16 @@ int Read_Alerts(XML_NODE node, void *configp, void *mailp)
/* XML definitions */
char *xml_email_level = "email_alert_level";
char *xml_log_level = "log_alert_level";
-
+
#ifdef GEOIP
/* GeoIP */
char *xml_log_geoip = "use_geoip";
#endif
_Config *Config;
-
+
Config = (_Config *)configp;
-
+
while(node[i])
{
diff --git a/src/config/client-config.c b/src/config/client-config.c
index bc36bc4..b2d22f7 100755
--- a/src/config/client-config.c
+++ b/src/config/client-config.c
@@ -16,16 +16,19 @@
#include "os_net/os_net.h"
-int Read_Client(XML_NODE node, void *d1, void *d2)
+int Read_Client(XML_NODE node, void *d1, void *d2)
{
int i = 0;
-
+
/* XML definitions */
char *xml_client_ip = "server-ip";
char *xml_client_hostname = "server-hostname";
char *xml_local_ip = "local_ip";
char *xml_client_port = "port";
char *xml_ar_disabled = "disable-active-response";
+ char *xml_notify_time = "notify_time";
+ char *xml_max_time_reconnect_try = "time-reconnect";
+
/* cmoraes */
char *xml_profile_name = "config-profile";
@@ -33,6 +36,8 @@ int Read_Client(XML_NODE node, void *d1, void *d2)
logr = (agent *)d1;
+ logr->notify_time = 0;
+ logr->max_time_reconnect_try = 0;
while(node[i])
{
@@ -72,7 +77,7 @@ int Read_Client(XML_NODE node, void *d1, void *d2)
os_realloc(logr->rip, (ip_id + 2) * sizeof(char*), logr->rip);
logr->rip[ip_id] = NULL;
logr->rip[ip_id +1] = NULL;
-
+
os_strdup(node[i]->content, logr->rip[ip_id]);
if(OS_IsValidIP(logr->rip[ip_id], NULL) != 1)
{
@@ -100,7 +105,7 @@ int Read_Client(XML_NODE node, void *d1, void *d2)
os_realloc(logr->rip, (ip_id + 2) * sizeof(char*),
logr->rip);
-
+
s_ip = OS_GetHost(node[i]->content, 5);
if(!s_ip)
{
@@ -110,7 +115,7 @@ int Read_Client(XML_NODE node, void *d1, void *d2)
os_strdup("invalid_ip", s_ip);
}
-
+
f_ip[127] = '\0';
snprintf(f_ip, 127, "%s/%s", node[i]->content, s_ip);
@@ -137,6 +142,24 @@ int Read_Client(XML_NODE node, void *d1, void *d2)
return(OS_INVALID);
}
}
+ else if(strcmp(node[i]->element,xml_notify_time) == 0)
+ {
+ if(!OS_StrIsNum(node[i]->content))
+ {
+ merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ return(OS_INVALID);
+ }
+ logr->notify_time = atoi(node[i]->content);
+ }
+ else if(strcmp(node[i]->element,xml_max_time_reconnect_try) == 0)
+ {
+ if(!OS_StrIsNum(node[i]->content))
+ {
+ merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ return(OS_INVALID);
+ }
+ logr->max_time_reconnect_try = atoi(node[i]->content);
+ }
else if(strcmp(node[i]->element,xml_ar_disabled) == 0)
{
if(strcmp(node[i]->content, "yes") == 0)
diff --git a/src/config/client-config.h b/src/config/client-config.h
index ce2f558..c403677 100755
--- a/src/config/client-config.h
+++ b/src/config/client-config.h
@@ -24,6 +24,8 @@ typedef struct _agent
int rip_id;
char *lip;
char **rip; /* remote (server) ip */
+ int notify_time;
+ int max_time_reconnect_try;
char *profile;
}agent;
diff --git a/src/config/config.c b/src/config/config.c
index d67c8e3..57a0afb 100755
--- a/src/config/config.c
+++ b/src/config/config.c
@@ -22,9 +22,9 @@
/* Read the main elements of the configuration.
*/
-int read_main_elements(OS_XML xml, int modules,
- XML_NODE node,
- void *d1,
+int read_main_elements(OS_XML xml, int modules,
+ XML_NODE node,
+ void *d1,
void *d2)
{
int i = 0;
@@ -44,11 +44,11 @@ int read_main_elements(OS_XML xml, int modules,
char *osreports = "reports"; /*Server Config*/
char *osactive_response = "active-response"; /*Agent Config*/
-
+
while(node[i])
{
XML_NODE chld_node = NULL;
-
+
chld_node = OS_GetElementsbyNode(&xml,node[i]);
if(!node[i]->element)
@@ -63,7 +63,7 @@ int read_main_elements(OS_XML xml, int modules,
}
else if(strcmp(node[i]->element, osglobal) == 0)
{
- if(((modules & CGLOBAL) || (modules & CMAIL))
+ if(((modules & CGLOBAL) || (modules & CMAIL))
&& (Read_Global(chld_node, d1, d2) < 0))
return(OS_INVALID);
}
@@ -97,7 +97,7 @@ int read_main_elements(OS_XML xml, int modules,
if((modules & CSYSCHECK) && (Read_Syscheck(chld_node, d1,d2) < 0))
return(OS_INVALID);
if((modules & CGLOBAL) && (Read_GlobalSK(chld_node, d1, d2) < 0))
- return(OS_INVALID);
+ return(OS_INVALID);
}
else if(strcmp(node[i]->element, osrootcheck) == 0)
{
@@ -144,7 +144,7 @@ int read_main_elements(OS_XML xml, int modules,
merror(XML_INVELEM, ARGV0, node[i]->element);
return(OS_INVALID);
}
-
+
//printf("before\n");
OS_ClearNode(chld_node);
//printf("after\n");
@@ -158,7 +158,7 @@ int read_main_elements(OS_XML xml, int modules,
/* ReadConfig(int modules, char *cfgfile)
* Read the config files
*/
-int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
+int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
{
int i;
OS_XML xml;
@@ -176,7 +176,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
char *xml_agent_overwrite = "overwrite";
/* cmoraes */
char *xml_agent_profile = "profile";
-
+
if(OS_ReadXML(cfgfile,&xml) < 0)
{
@@ -192,7 +192,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
}
return(OS_INVALID);
}
-
+
node = OS_GetElementsbyNode(&xml, NULL);
if(!node)
@@ -225,7 +225,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
return(OS_INVALID);
}
- OS_ClearNode(chld_node);
+ OS_ClearNode(chld_node);
}
}
else if((modules & CAGENT_CONFIG) &&
@@ -239,7 +239,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
/* Checking if this is specific to any agent. */
if(node[i]->attributes && node[i]->values)
- {
+ {
while(node[i]->attributes[attrs] && node[i]->values[attrs])
{
/* Checking if there is an "name=" attribute */
@@ -296,12 +296,12 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
{
/* match the profile name of this <agent_config> section
* with a comma separated list of values in agent's
- * <config-profile> tag.
+ * <config-profile> tag.
*/
if(!OS_Match2(node[i]->values[attrs], agentprofile))
{
passed_agent_test = 0;
- debug2("[%s] did not match agent config profile name [%s]",
+ debug2("[%s] did not match agent config profile name [%s]",
node[i]->values[attrs], agentprofile);
}
else
@@ -331,7 +331,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
/* if node does not have any attributes, it is a generic config block.
* check if agent has a profile name
- * if agent does not have profile name, then only read this generic
+ * if agent does not have profile name, then only read this generic
* agent_config block
*/
@@ -351,8 +351,8 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
merror(CONFIG_ERROR, ARGV0, cfgfile);
return(OS_INVALID);
}
-
- OS_ClearNode(chld_node);
+
+ OS_ClearNode(chld_node);
}
}
else
@@ -362,7 +362,7 @@ int ReadConfig(int modules, char *cfgfile, void *d1, void *d2)
}
i++;
}
-
+
/* Clearing node and xml */
OS_ClearNode(node);
OS_ClearXML(&xml);
diff --git a/src/config/config.h b/src/config/config.h
index 4e8e629..83d649a 100755
--- a/src/config/config.h
+++ b/src/config/config.h
@@ -13,7 +13,7 @@
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
#ifndef _HCONFIG__H
#define _HCONFIG__H
@@ -31,7 +31,7 @@
#define CDBD 0002000
#define CSYSLOGD 0004000
#define CAGENTLESS 0020000
-#define CREPORTS 0040000
+#define CREPORTS 0040000
#define CAGENT_CONFIG 0010000
diff --git a/src/config/csyslogd-config.c b/src/config/csyslogd-config.c
index 7ee79ab..77d268e 100644
--- a/src/config/csyslogd-config.c
+++ b/src/config/csyslogd-config.c
@@ -35,7 +35,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
GeneralConfig *gen_config = (GeneralConfig *)config;
SyslogConfig **syslog_config = (SyslogConfig **)gen_config->data;
-
+
/* Getting Granular mail_to size */
if(syslog_config)
{
@@ -43,7 +43,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
s++;
}
-
+
/* Allocating the memory for the config. */
os_realloc(syslog_config, (s + 2) * sizeof(SyslogConfig *), syslog_config);
os_calloc(1, sizeof(SyslogConfig), syslog_config[s]);
@@ -118,24 +118,24 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
else if(isdigit((int)*str_pt))
{
int id_i = 0;
-
+
r_id = atoi(str_pt);
debug1("%s: DEBUG: Adding '%d' to syslog alerting",
ARGV0, r_id);
-
+
if(syslog_config[s]->rule_id)
{
while(syslog_config[s]->rule_id[id_i])
id_i++;
}
-
+
os_realloc(syslog_config[s]->rule_id,
(id_i +2) * sizeof(int),
syslog_config[s]->rule_id);
-
+
syslog_config[s]->rule_id[id_i + i] = 0;
syslog_config[s]->rule_id[id_i] = r_id;
-
+
str_pt = strchr(str_pt, ',');
if(str_pt)
{
@@ -191,7 +191,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
else if(strcmp(node[i]->element, xml_syslog_location) == 0)
{
os_calloc(1, sizeof(OSMatch),syslog_config[s]->location);
- if(!OSMatch_Compile(node[i]->content,
+ if(!OSMatch_Compile(node[i]->content,
syslog_config[s]->location, 0))
{
merror(REGEX_COMPILE, ARGV0, node[i]->content,
@@ -202,7 +202,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
else if(strcmp(node[i]->element, xml_syslog_group) == 0)
{
os_calloc(1, sizeof(OSMatch),syslog_config[s]->group);
- if(!OSMatch_Compile(node[i]->content,
+ if(!OSMatch_Compile(node[i]->content,
syslog_config[s]->group, 0))
{
merror(REGEX_COMPILE, ARGV0, node[i]->content,
@@ -225,7 +225,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2)
merror(XML_INV_CSYSLOG, ARGV0);
return(OS_INVALID);
}
-
+
gen_config->data = syslog_config;
return(0);
diff --git a/src/config/csyslogd-config.h b/src/config/csyslogd-config.h
index fb9fbb6..47a11eb 100755
--- a/src/config/csyslogd-config.h
+++ b/src/config/csyslogd-config.h
@@ -12,7 +12,7 @@
#include "shared.h"
-
+
#ifndef _CSYSLOGCONFIG__H
#define _CSYSLOGCONFIG__H
diff --git a/src/config/dbd-config.c b/src/config/dbd-config.c
index 6b2db09..949ef5d 100644
--- a/src/config/dbd-config.c
+++ b/src/config/dbd-config.c
@@ -33,7 +33,7 @@ int Read_DB(XML_NODE node, void *config1, void *config2)
char *xml_dbsock = "socket";
char *xml_dbtype = "type";
-
+
db_config = (DBConfig *)config2;
if(!db_config)
{
@@ -41,7 +41,7 @@ int Read_DB(XML_NODE node, void *config1, void *config2)
}
- /* Reading the xml */
+ /* Reading the xml */
while(node[i])
{
if(!node[i]->element)
diff --git a/src/config/dbd-config.h b/src/config/dbd-config.h
index 7d317f3..2a3d29a 100755
--- a/src/config/dbd-config.h
+++ b/src/config/dbd-config.h
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef _DBDCONFIG__H
#define _DBDONFIG__H
@@ -31,7 +31,7 @@ typedef struct _DBConfig
char *pass;
char *db;
char *sock;
-
+
void *conn;
void *location_hash;
diff --git a/src/config/email-alerts-config.c b/src/config/email-alerts-config.c
index 22eb1eb..8d61e13 100644
--- a/src/config/email-alerts-config.c
+++ b/src/config/email-alerts-config.c
@@ -34,7 +34,7 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
char *xml_email_donotgroup = "do_not_group";
MailConfig *Mail;
-
+
Mail = (MailConfig *)mailp;
if(!Mail)
{
@@ -57,44 +57,44 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
if(Mail)
{
- os_realloc(Mail->gran_to,
+ os_realloc(Mail->gran_to,
sizeof(char *)*(granto_size +1), Mail->gran_to);
- os_realloc(Mail->gran_id,
+ os_realloc(Mail->gran_id,
sizeof(int *)*(granto_size +1), Mail->gran_id);
- os_realloc(Mail->gran_level,
+ os_realloc(Mail->gran_level,
sizeof(int)*(granto_size +1), Mail->gran_level);
- os_realloc(Mail->gran_set,
+ os_realloc(Mail->gran_set,
sizeof(int)*(granto_size +1), Mail->gran_set);
- os_realloc(Mail->gran_format,
+ os_realloc(Mail->gran_format,
sizeof(int)*(granto_size +1), Mail->gran_format);
- os_realloc(Mail->gran_location,
+ os_realloc(Mail->gran_location,
sizeof(OSMatch)*(granto_size +1), Mail->gran_location);
- os_realloc(Mail->gran_group,
+ os_realloc(Mail->gran_group,
sizeof(OSMatch)*(granto_size +1), Mail->gran_group);
-
+
Mail->gran_to[granto_size -1] = NULL;
Mail->gran_to[granto_size] = NULL;
-
+
Mail->gran_id[granto_size -1] = NULL;
Mail->gran_id[granto_size] = NULL;
-
+
Mail->gran_location[granto_size -1] = NULL;
Mail->gran_location[granto_size] = NULL;
Mail->gran_group[granto_size -1] = NULL;
Mail->gran_group[granto_size] = NULL;
-
+
Mail->gran_level[granto_size -1] = 0;
Mail->gran_level[granto_size] = 0;
-
- Mail->gran_format[granto_size -1] = FULL_FORMAT;
- Mail->gran_format[granto_size] = FULL_FORMAT;
-
+
+ Mail->gran_format[granto_size -1] = FULL_FORMAT;
+ Mail->gran_format[granto_size] = FULL_FORMAT;
+
Mail->gran_set[granto_size -1] = 0;
Mail->gran_set[granto_size] = 0;
}
-
-
+
+
while(node[i])
{
if(!node[i]->element)
@@ -143,11 +143,11 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
else if(isdigit((int)*str_pt))
{
int id_i = 0;
-
+
r_id = atoi(str_pt);
debug1("%s: DEBUG: Adding '%d' to granular e-mail",
ARGV0, r_id);
-
+
if(!Mail->gran_id[granto_size -1])
{
os_calloc(2,sizeof(int),Mail->gran_id[granto_size -1]);
@@ -160,14 +160,14 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
{
id_i++;
}
-
+
os_realloc(Mail->gran_id[granto_size -1],
(id_i +2) * sizeof(int),
- Mail->gran_id[granto_size -1]);
+ Mail->gran_id[granto_size -1]);
Mail->gran_id[granto_size -1][id_i +1] = 0;
}
Mail->gran_id[granto_size -1][id_i] = r_id;
-
+
str_pt = strchr(str_pt, ',');
if(str_pt)
@@ -228,7 +228,7 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
else if(strcmp(node[i]->element, xml_email_location) == 0)
{
os_calloc(1, sizeof(OSMatch),Mail->gran_location[granto_size -1]);
- if(!OSMatch_Compile(node[i]->content,
+ if(!OSMatch_Compile(node[i]->content,
Mail->gran_location[granto_size -1], 0))
{
merror(REGEX_COMPILE, ARGV0, node[i]->content,
@@ -239,7 +239,7 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
else if(strcmp(node[i]->element, xml_email_group) == 0)
{
os_calloc(1, sizeof(OSMatch),Mail->gran_group[granto_size -1]);
- if(!OSMatch_Compile(node[i]->content,
+ if(!OSMatch_Compile(node[i]->content,
Mail->gran_group[granto_size -1], 0))
{
merror(REGEX_COMPILE, ARGV0, node[i]->content,
@@ -266,7 +266,7 @@ int Read_EmailAlerts(XML_NODE node, void *configp, void *mailp)
merror(XML_INV_GRAN_MAIL, ARGV0);
return(OS_INVALID);
}
-
+
return(0);
}
diff --git a/src/config/global-config.c b/src/config/global-config.c
index d7f58d8..41490d1 100755
--- a/src/config/global-config.c
+++ b/src/config/global-config.c
@@ -46,8 +46,8 @@ int Read_GlobalSK(XML_NODE node, void *configp, void *mailp)
_Config *Config;
Config = (_Config *)configp;
-
-
+
+
/* Shouldn't be here if !Config */
if(!Config)
return(0);
@@ -159,6 +159,7 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
char *xml_memorysize = "memory_size";
char *xml_white_list = "white_list";
char *xml_compress_alerts = "compress_alerts";
+ char *xml_custom_alert_output = "custom_alert_output";
char *xml_emailto = "email_to";
char *xml_emailfrom = "email_from";
@@ -173,10 +174,10 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
_Config *Config;
MailConfig *Mail;
-
+
Config = (_Config *)configp;
Mail = (MailConfig *)mailp;
-
+
/* Getting right white_size */
if(Config && Config->white_list)
{
@@ -189,7 +190,7 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
ww++;
}
}
-
+
/* Getting right white_size */
if(Config && Config->hostname_white_list)
{
@@ -202,7 +203,7 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
ww++;
}
}
-
+
/* Getting mail_to size */
if(Mail && Mail->to)
{
@@ -227,17 +228,25 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
merror(XML_VALUENULL, ARGV0, node[i]->element);
return(OS_INVALID);
}
+ else if(strcmp(node[i]->element, xml_custom_alert_output) == 0)
+ {
+ if(Config)
+ {
+ Config->custom_alert_output= 1;
+ os_strdup(node[i]->content, Config->custom_alert_output_format);
+ }
+ }
/* Mail notification */
else if(strcmp(node[i]->element, xml_mailnotify) == 0)
{
if(strcmp(node[i]->content, "yes") == 0)
- {
- if(Config) Config->mailnotify = 1;
+ {
+ if(Config) Config->mailnotify = 1;
if(Mail) Mail->mn = 1;
}
else if(strcmp(node[i]->content, "no") == 0)
- {
- if(Config) Config->mailnotify = 0;
+ {
+ if(Config) Config->mailnotify = 0;
if(Mail) Mail->mn = 0;
}
else
@@ -274,12 +283,12 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
else if(strcmp(node[i]->element, xml_prelude) == 0)
{
if(strcmp(node[i]->content, "yes") == 0)
- {
- if(Config) Config->prelude = 1;
+ {
+ if(Config) Config->prelude = 1;
}
else if(strcmp(node[i]->content, "no") == 0)
- {
- if(Config) Config->prelude = 0;
+ {
+ if(Config) Config->prelude = 0;
}
else
{
@@ -398,11 +407,11 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
char *ip_address_regex =
"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/?"
"([0-9]{0,2}|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$";
-
+
if(Config && OS_PRegex(node[i]->content, ip_address_regex))
{
white_size++;
- Config->white_list =
+ Config->white_list =
realloc(Config->white_list, sizeof(os_ip *)*white_size);
if(!Config->white_list)
{
@@ -412,11 +421,11 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
os_calloc(1, sizeof(os_ip), Config->white_list[white_size -2]);
Config->white_list[white_size -1] = NULL;
-
+
if(!OS_IsValidIP(node[i]->content,
Config->white_list[white_size -2]))
{
- merror(INVALID_IP, ARGV0,
+ merror(INVALID_IP, ARGV0,
node[i]->content);
return(OS_INVALID);
}
@@ -428,20 +437,20 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
Config->hostname_white_list =
realloc(Config->hostname_white_list,
sizeof(OSMatch *)*hostname_white_size);
-
+
if(!Config->hostname_white_list)
{
merror(MEM_ERROR, ARGV0);
return(OS_INVALID);
}
- os_calloc(1,
- sizeof(OSMatch),
+ os_calloc(1,
+ sizeof(OSMatch),
Config->hostname_white_list[hostname_white_size -2]);
Config->hostname_white_list[hostname_white_size -1] = NULL;
if(!OSMatch_Compile(
- node[i]->content,
- Config->hostname_white_list[hostname_white_size -2],
+ node[i]->content,
+ Config->hostname_white_list[hostname_white_size -2],
0))
{
merror(REGEX_COMPILE, ARGV0, node[i]->content,
@@ -450,12 +459,12 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
return(-1);
}
}
-
+
#endif
-
+
}
- /* For the email now
+ /* For the email now
* email_to, email_from, smtp_Server and maxperhour.
* We will use a separate structure for that.
*/
@@ -468,7 +477,7 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
#endif
-
+
if(Mail)
{
mailto_size++;
@@ -506,7 +515,7 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
}
- #endif
+ #endif
}
else if(strcmp(node[i]->element, xml_mailmaxperhour) == 0)
{
diff --git a/src/config/global-config.h b/src/config/global-config.h
index 1833c57..ab9cf23 100755
--- a/src/config/global-config.h
+++ b/src/config/global-config.h
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef _CCONFIG__H
#define _CCONFIG__H
@@ -30,7 +30,7 @@ typedef struct __Config
u_int8_t mailbylevel;
u_int8_t logbylevel;
u_int8_t logfw;
-
+
/* Prelude support */
u_int8_t prelude;
/* which min. level the alert must be sent to prelude */
@@ -47,14 +47,18 @@ typedef struct __Config
/* Mail alerting */
short int mailnotify;
-
- /* For the active response */
+
+ /* Custom Alert output*/
+ short int custom_alert_output;
+ char * custom_alert_output_format;
+
+ /* For the active response */
int ar;
-
+
/* For the correlation */
int memorysize;
-
- /* List of files to ignore (syscheck) */
+
+ /* List of files to ignore (syscheck) */
char **syscheck_ignore;
/* List of ips to never block */
diff --git a/src/config/localfile-config.c b/src/config/localfile-config.c
index 6919333..b9df546 100755
--- a/src/config/localfile-config.c
+++ b/src/config/localfile-config.c
@@ -10,9 +10,9 @@
* Foundation
*/
-
-#include "shared.h"
+
+#include "shared.h"
#include "localfile-config.h"
@@ -20,9 +20,9 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
{
int pl = 0;
int i = 0;
-
- int glob_set = 0;
-
+
+ int glob_set = 0;
+
#ifndef WIN32
int glob_offset = 0;
#endif
@@ -41,7 +41,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
log_config = (logreader_config *)d1;
- /* If config is not set, we need to create it */
+ /* If config is not set, we need to create it */
if(!log_config->config)
{
os_calloc(2, sizeof(logreader), log_config->config);
@@ -62,7 +62,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
{
pl++;
}
-
+
/* Allocating more memory */
os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config);
logf = log_config->config;
@@ -71,7 +71,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
logf[pl +1].alias = NULL;
logf[pl +1].logformat = NULL;
}
-
+
logf[pl].file = NULL;
logf[pl].command = NULL;
logf[pl].alias = NULL;
@@ -81,7 +81,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
logf[pl].djb_program_name = NULL;
logf[pl].ign = 360;
-
+
/* Searching for entries related to files */
i = 0;
while(node[i])
@@ -132,11 +132,11 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
/* Expand variables on Windows. */
if(strchr(node[i]->content, '%'))
{
- int expandreturn = 0;
+ int expandreturn = 0;
char newfile[OS_MAXSTR +1];
newfile[OS_MAXSTR] = '\0';
- expandreturn = ExpandEnvironmentStrings(node[i]->content,
+ expandreturn = ExpandEnvironmentStrings(node[i]->content,
newfile, OS_MAXSTR);
if((expandreturn > 0) && (expandreturn < OS_MAXSTR))
@@ -145,7 +145,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
os_strdup(newfile, node[i]->content);
}
- }
+ }
#endif
@@ -153,17 +153,17 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
* We will call this file multiple times until
* there is no one else available.
*/
- #ifndef WIN32 /* No windows support for glob */
+ #ifndef WIN32 /* No windows support for glob */
if(strchr(node[i]->content, '*') ||
strchr(node[i]->content, '?') ||
strchr(node[i]->content, '['))
{
glob_t g;
-
+
/* Setting ot the first entry of the glob */
if(glob_set == 0)
glob_set = pl +1;
-
+
if(glob(node[i]->content, 0, NULL, &g) != 0)
{
merror(GLOB_ERROR, ARGV0, node[i]->content);
@@ -171,7 +171,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
i++;
continue;
}
-
+
/* Checking for the last entry */
if((g.gl_pathv[glob_offset]) == NULL)
{
@@ -212,7 +212,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
os_strdup(g.gl_pathv[glob_offset], logf[pl].file);
}
-
+
glob_offset++;
globfree(&g);
@@ -220,13 +220,13 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
pl++;
os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config);
logf = log_config->config;
-
+
logf[pl].file = NULL;
logf[pl].alias = NULL;
logf[pl].logformat = NULL;
logf[pl].fp = NULL;
logf[pl].ffile = NULL;
-
+
logf[pl +1].file = NULL;
logf[pl +1].alias = NULL;
logf[pl +1].logformat = NULL;
@@ -236,7 +236,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
}
else if(strchr(node[i]->content, '%'))
#else
- if(strchr(node[i]->content, '%'))
+ if(strchr(node[i]->content, '%'))
#endif /* WIN32 */
/* We need the format file (based on date) */
@@ -259,8 +259,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
os_strdup(node[i]->content, logf[pl].ffile);
os_strdup(node[i]->content, logf[pl].file);
}
-
-
+
+
/* Normal file */
else
{
@@ -328,7 +328,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
while(logf[pl].logformat[0] == ' ')
logf[pl].logformat++;
-
+
if(logf[pl].logformat[0] != ':')
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
@@ -338,8 +338,8 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
while(*logf[pl].logformat == ' ')
logf[pl].logformat++;
-
- while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9')
+
+ while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9')
x++;
while(logf[pl].logformat[x] == ' ')
@@ -378,7 +378,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
if(glob_set)
{
char *format;
-
+
/* Getting log format */
if(logf[pl].logformat)
{
@@ -407,7 +407,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
merror(MISS_FILE, ARGV0);
return(OS_INVALID);
}
-
+
if(logf[i].logformat == NULL)
{
logf[i].logformat = format;
@@ -429,7 +429,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
merror(MISS_FILE, ARGV0);
return(OS_INVALID);
}
-
+
/* Verifying a valid event log config */
if(strcmp(logf[pl].logformat, EVENTLOG) == 0)
{
@@ -444,7 +444,7 @@ int Read_Localfile(XML_NODE node, void *d1, void *d2)
}
if((strcmp(logf[pl].logformat, "command") == 0)||
- (strcmp(logf[pl].logformat, "full_command") == 0))
+ (strcmp(logf[pl].logformat, "full_command") == 0))
{
if(!logf[pl].command)
{
diff --git a/src/config/localfile-config.h b/src/config/localfile-config.h
index 301870d..ee9c38d 100755
--- a/src/config/localfile-config.h
+++ b/src/config/localfile-config.h
@@ -16,7 +16,7 @@
#define __CLOGREADER_H
#define EVENTLOG "eventlog"
-#define VCHECK_FILES 64
+#define VCHECK_FILES 64
#define DATE_MODIFIED 1
@@ -29,20 +29,20 @@ typedef struct _logreader
{
unsigned int size;
int ign;
-
+
#ifdef WIN32
HANDLE h;
int fd;
#else
ino_t fd;
#endif
-
-
- /* ffile - format file is only used when
+
+
+ /* ffile - format file is only used when
* the file has format string to retrieve
* the date,
- */
- char *ffile;
+ */
+ char *ffile;
char *file;
char *logformat;
char *djb_program_name;
diff --git a/src/config/mail-config.h b/src/config/mail-config.h
index 3dfb9d9..8d75c24 100755
--- a/src/config/mail-config.h
+++ b/src/config/mail-config.h
@@ -9,7 +9,7 @@
* Foundation
*/
-
+
#ifndef _MCCONFIG__H
#define _MCCONFIG__H
@@ -35,7 +35,7 @@ typedef struct _MailConfig
int *gran_set;
int *gran_format;
char **gran_to;
-
+
#ifdef GEOIP
/* Use GeoIP */
int geoip;
diff --git a/src/config/remote-config.c b/src/config/remote-config.c
index adae495..e85d625 100755
--- a/src/config/remote-config.c
+++ b/src/config/remote-config.c
@@ -53,8 +53,8 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
while(logr->denyips[deny_size -1])
deny_size++;
}
-
-
+
+
/* conn and port must not be null */
if(!logr->conn)
{
@@ -81,8 +81,8 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
os_calloc(1, sizeof(char *), logr->lip);
logr->lip[0] = NULL;
}
-
-
+
+
/* Cleaning */
while(logr->conn[pl] != 0)
pl++;
@@ -98,19 +98,19 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
{
merror(MEM_ERROR, ARGV0);
}
-
+
logr->port[pl] = 0;
logr->conn[pl] = 0;
logr->proto[pl] = 0;
logr->ipv6[pl] = 0;
logr->lip[pl] = NULL;
-
+
logr->port[pl +1] = 0;
logr->conn[pl +1] = 0;
logr->proto[pl +1] = 0;
logr->ipv6[pl +1] = 0;
logr->lip[pl +1] = NULL;
-
+
while(node[i])
{
if(!node[i]->element)
@@ -199,7 +199,7 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
os_calloc(1, sizeof(os_ip), logr->allowips[allow_size -2]);
logr->allowips[allow_size -1] = NULL;
-
+
if(!OS_IsValidIP(node[i]->content,logr->allowips[allow_size -2]))
{
merror(INVALID_IP, ARGV0, node[i]->content);
@@ -210,7 +210,7 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
{
deny_size++;
logr->denyips = realloc(logr->denyips,sizeof(os_ip *)*deny_size);
- if(!logr->denyips)
+ if(!logr->denyips)
{
merror(MEM_ERROR, ARGV0);
return(OS_INVALID);
@@ -238,14 +238,14 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
merror(CONN_ERROR, ARGV0);
return(OS_INVALID);
}
-
+
/* Set port in here */
if(logr->port[pl] == 0)
{
if(logr->conn[pl] == SECURE_CONN)
logr->port[pl] = DEFAULT_SECURE;
else
- logr->port[pl] = DEFAULT_SYSLOG;
+ logr->port[pl] = DEFAULT_SYSLOG;
}
/* set default protocol */
@@ -259,7 +259,7 @@ int Read_Remote(XML_NODE node, void *d1, void *d2)
{
logr->proto[pl] = UDP_PROTO;
}
-
+
return(0);
}
diff --git a/src/config/remote-config.h b/src/config/remote-config.h
index 6242376..7896830 100755
--- a/src/config/remote-config.h
+++ b/src/config/remote-config.h
@@ -14,7 +14,7 @@
#define __CLOGREMOTE_H
-#define SYSLOG_CONN 1
+#define SYSLOG_CONN 1
#define SECURE_CONN 2
#define UDP_PROTO 6
#define TCP_PROTO 17
@@ -35,7 +35,7 @@ typedef struct _remoted
int m_queue;
int sock;
- socklen_t peer_size;
+ socklen_t peer_size;
}remoted;
#endif
diff --git a/src/config/reports-config.c b/src/config/reports-config.c
index b93bedb..984b268 100644
--- a/src/config/reports-config.c
+++ b/src/config/reports-config.c
@@ -31,7 +31,7 @@ static int _filter_arg(char *mystr)
if((*mystr >= 'a' && *mystr <= 'z') ||
(*mystr >= 'A' && *mystr <= 'Z') ||
(*mystr >= '0' && *mystr <= '9') ||
- *mystr == '-' || *mystr == '_')
+ *mystr == '-' || *mystr == '_' || *mystr == '.')
{
mystr++;
}
@@ -67,7 +67,7 @@ int Read_CReports(XML_NODE node, void *config, void *config2)
monitor_config *mon_config = (monitor_config *)config;
-
+
/* Getting any configured entry. */
if(mon_config->reports)
{
@@ -75,9 +75,9 @@ int Read_CReports(XML_NODE node, void *config, void *config2)
s++;
}
-
+
/* Allocating the memory for the config. */
- os_realloc(mon_config->reports, (s + 2) * sizeof(report_config *),
+ os_realloc(mon_config->reports, (s + 2) * sizeof(report_config *),
mon_config->reports);
os_calloc(1, sizeof(report_config), mon_config->reports[s]);
mon_config->reports[s + 1] = NULL;
@@ -106,7 +106,7 @@ int Read_CReports(XML_NODE node, void *config, void *config2)
mon_config->reports[s]->r_filter.show_alerts = 0;
-
+
/* Reading the XML. */
while(node[i])
{
@@ -204,7 +204,7 @@ int Read_CReports(XML_NODE node, void *config, void *config2)
os_strdup(node[i]->content, ncat);
- if(os_report_configfilter(node[i]->element, ncat,
+ if(os_report_configfilter(node[i]->element, ncat,
&mon_config->reports[s]->r_filter, reportf) < 0)
{
merror("%s: Invalid filter: %s:%s (ignored).", __local_name, node[i]->element, node[i]->content);
@@ -231,7 +231,7 @@ int Read_CReports(XML_NODE node, void *config, void *config2)
if(mon_config->reports[s]->title)
merror("%s: No \"email to\" configured for the report '%s'. Ignoring it.", __local_name, mon_config->reports[s]->title);
else
- merror("%s: No \"email to\" and title configured for report. Ignoring it.", __local_name);
+ merror("%s: No \"email to\" and title configured for report. Ignoring it.", __local_name);
}
if(!mon_config->reports[s]->title)
diff --git a/src/config/reports-config.h b/src/config/reports-config.h
index 6db70aa..202a738 100755
--- a/src/config/reports-config.h
+++ b/src/config/reports-config.h
@@ -27,7 +27,7 @@ typedef struct _report_config
char **emailto;
report_filter r_filter;
}report_config;
-
+
typedef struct _monitor_config
{
short int day_wait;
diff --git a/src/config/rootcheck-config.c b/src/config/rootcheck-config.c
index eeb48f1..51af27e 100755
--- a/src/config/rootcheck-config.c
+++ b/src/config/rootcheck-config.c
@@ -28,12 +28,12 @@ short eval_bool(char *str)
/* Read_Rootcheck: Reads the rootcheck config
*/
-int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
+int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
{
int i = 0;
-
+
rkconfig *rootcheck;
-
+
/* XML Definitions */
char *xml_rootkit_files = "rootkit_files";
char *xml_rootkit_trojans = "rootkit_trojans";
@@ -47,7 +47,7 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
char *xml_disabled = "disabled";
char *xml_base_dir = "base_directory";
char *xml_ignore = "ignore";
-
+
char *xml_check_dev = "check_dev";
char *xml_check_files = "check_files";
char *xml_check_if = "check_if";
@@ -131,12 +131,12 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
int j = 0;
while(rootcheck->unixaudit && rootcheck->unixaudit[j])
j++;
-
- os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2),
+
+ os_realloc(rootcheck->unixaudit, sizeof(char *)*(j+2),
rootcheck->unixaudit);
rootcheck->unixaudit[j] = NULL;
rootcheck->unixaudit[j + 1] = NULL;
-
+
os_strdup(node[i]->content, rootcheck->unixaudit[j]);
}
else if(strcmp(node[i]->element, xml_ignore) == 0)
@@ -144,12 +144,12 @@ int Read_Rootcheck(XML_NODE node, void *configp, void *mailp)
int j = 0;
while(rootcheck->ignore && rootcheck->ignore[j])
j++;
-
- os_realloc(rootcheck->ignore, sizeof(char *)*(j+2),
+
+ os_realloc(rootcheck->ignore, sizeof(char *)*(j+2),
rootcheck->ignore);
rootcheck->ignore[j] = NULL;
rootcheck->ignore[j + 1] = NULL;
-
+
os_strdup(node[i]->content, rootcheck->ignore[j]);
}
else if(strcmp(node[i]->element, xml_winmalware) == 0)
diff --git a/src/config/rootcheck-config.h b/src/config/rootcheck-config.h
index 2fccd7a..7a45baf 100755
--- a/src/config/rootcheck-config.h
+++ b/src/config/rootcheck-config.h
@@ -8,7 +8,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __CROOTCHECK_H
@@ -48,22 +48,22 @@ typedef struct _rkconfig
short rc_ports;
short rc_sys;
short rc_trojans;
-
+
#ifdef WIN32
-
+
short rc_winaudit;
short rc_winmalware;
short rc_winapps;
-
+
#else
-
+
short rc_unixaudit;
-
+
#endif
-
-
+
+
} checks;
-
+
}rkconfig;
#endif
diff --git a/src/config/rules-config.c b/src/config/rules-config.c
index 3d22f35..89c0721 100755
--- a/src/config/rules-config.c
+++ b/src/config/rules-config.c
@@ -19,14 +19,14 @@
-static int cmpr(const void *a, const void *b) {
+static int cmpr(const void *a, const void *b) {
/*printf("%s - %s\n", *(char **)a, *(char **)b);*/
return strcmp(*(char **)a, *(char **)b);
}
static int file_in_list(int list_size, char *f_name, char *d_name, char **alist)
{
- int i = 0;
+ int i = 0;
for(i=0; i<(list_size-1); i++)
{
if((strcmp(alist[i], f_name) == 0 || strcmp(alist[i], d_name) == 0))
@@ -34,7 +34,7 @@ static int file_in_list(int list_size, char *f_name, char *d_name, char **alist)
return(1);
}
}
- return(0);
+ return(0);
}
int Read_Rules(XML_NODE node, void *configp, void *mailp)
@@ -46,14 +46,14 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
int lists_size = 1;
int decoders_size = 1;
-
+
char path[PATH_MAX +2];
char f_name[PATH_MAX +2];
- int start_point = 0;
+ int start_point = 0;
int att_count = 0;
struct dirent *entry;
- DIR *dfd;
- OSRegex regex;
+ DIR *dfd;
+ OSRegex regex;
/* XML definitions */
@@ -65,9 +65,9 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
char *xml_rules_decoders_dir = "decoder_dir";
_Config *Config;
-
+
Config = (_Config *)configp;
-
+
/* initialise OSRegex */
regex.patterns = NULL;
regex.prts_closure = NULL;
@@ -87,11 +87,11 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
/* Mail notification */
- else if((strcmp(node[i]->element, xml_rules_include) == 0) ||
+ else if((strcmp(node[i]->element, xml_rules_include) == 0) ||
(strcmp(node[i]->element, xml_rules_rule) == 0))
{
rules_size++;
- Config->includes = realloc(Config->includes,
+ Config->includes = realloc(Config->includes,
sizeof(char *)*rules_size);
if(!Config->includes)
{
@@ -189,7 +189,7 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
snprintf(f_name, PATH_MAX +1, "%s/%s", node[i]->content, entry->d_name);
/* Just ignore . and .. */
- if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
+ if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
continue;
/* no dups allowed */
@@ -216,7 +216,7 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
debug1("Regex does not match \"%s\"", f_name);
}
}
-
+
closedir(dfd);
/* Sort just then newly added items */
qsort(Config->decoders + start_point , decoders_size- start_point -1, sizeof(char *), cmpr);
@@ -267,7 +267,7 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
snprintf(f_name, PATH_MAX +1, "%s/%s", node[i]->content, entry->d_name);
/* Just ignore . and .. */
- if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
+ if((strcmp(entry->d_name,".") == 0) || (strcmp(entry->d_name,"..") == 0))
continue;
/* no dups allowed */
@@ -294,7 +294,7 @@ int Read_Rules(XML_NODE node, void *configp, void *mailp)
debug1("Regex does not match \"%s\"", f_name);
}
}
-
+
closedir(dfd);
/* Sort just then newly added items */
qsort(Config->includes + start_point , rules_size - start_point -1, sizeof(char *), cmpr);
diff --git a/src/config/syscheck-config.c b/src/config/syscheck-config.c
index 0d9a8b4..31cbede 100755
--- a/src/config/syscheck-config.c
+++ b/src/config/syscheck-config.c
@@ -20,7 +20,7 @@
int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *restrictfile)
{
int pl = 0;
-
+
if(reg == 1)
{
#ifdef WIN32
@@ -28,7 +28,7 @@ int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *
{
os_calloc(2, sizeof(char *), syscheck->registry);
syscheck->registry[pl + 1] = NULL;
- os_strdup(entry, syscheck->registry[pl]);
+ os_strdup(entry, syscheck->registry[pl]);
}
else
{
@@ -36,16 +36,16 @@ int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *
{
pl++;
}
- os_realloc(syscheck->registry, (pl +2) * sizeof(char *),
+ os_realloc(syscheck->registry, (pl +2) * sizeof(char *),
syscheck->registry);
syscheck->registry[pl + 1] = NULL;
os_strdup(entry, syscheck->registry[pl]);
}
#endif
-
+
}
-
+
else
{
if(syscheck->dir == NULL)
@@ -57,7 +57,7 @@ int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *
os_calloc(2, sizeof(int), syscheck->opts);
syscheck->opts[pl + 1] = 0;
syscheck->opts[pl] = vals;
-
+
os_calloc(2, sizeof(OSMatch *), syscheck->filerestrict);
syscheck->filerestrict[pl] = NULL;
syscheck->filerestrict[pl + 1] = NULL;
@@ -68,17 +68,17 @@ int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *
{
pl++;
}
- os_realloc(syscheck->dir, (pl +2) * sizeof(char *),
+ os_realloc(syscheck->dir, (pl +2) * sizeof(char *),
syscheck->dir);
syscheck->dir[pl + 1] = NULL;
os_strdup(entry, syscheck->dir[pl]);
- os_realloc(syscheck->opts, (pl +2) * sizeof(int),
+ os_realloc(syscheck->opts, (pl +2) * sizeof(int),
syscheck->opts);
syscheck->opts[pl + 1] = 0;
- syscheck->opts[pl] = vals;
+ syscheck->opts[pl] = vals;
- os_realloc(syscheck->filerestrict, (pl +2) * sizeof(char *),
+ os_realloc(syscheck->filerestrict, (pl +2) * sizeof(char *),
syscheck->filerestrict);
syscheck->filerestrict[pl] = NULL;
syscheck->filerestrict[pl + 1] = NULL;
@@ -113,7 +113,7 @@ int read_reg(config *syscheck, char *entries)
char **entry;
char *tmp_str;
-
+
/* Getting each entry separately */
entry = OS_StrBreak(',', entries, MAX_DIR_SIZE); /* Max number */
@@ -159,10 +159,10 @@ int read_reg(config *syscheck, char *entries)
{
int str_len_i;
int str_len_dir;
-
+
str_len_dir = strlen(tmp_entry);
str_len_i = strlen(syscheck->registry[i]);
-
+
if(str_len_dir > str_len_i)
{
str_len_dir = str_len_i;
@@ -176,15 +176,15 @@ int read_reg(config *syscheck, char *entries)
}
i++;
}
-
+
/* Adding new entry */
dump_syscheck_entry(syscheck, tmp_entry, 0, 1, NULL);
-
-
+
+
/* Next entry */
- entry++;
+ entry++;
}
-
+
return(1);
}
#endif /* For read_reg */
@@ -192,7 +192,7 @@ int read_reg(config *syscheck, char *entries)
-/* Read directories attributes */
+/* Read directories attributes */
int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
{
char *xml_check_all = "check_all";
@@ -231,7 +231,7 @@ int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
char **attrs = NULL;
char **values = NULL;
-
+
tmp_dir = *dir;
restrictfile = NULL;
@@ -465,18 +465,18 @@ int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
ret = 0;
goto out_free;
}
-
-
+
+
/* Adding directory - looking for the last available */
i = 0;
while(syscheck->dir && syscheck->dir[i])
{
int str_len_i;
int str_len_dir;
-
+
str_len_dir = strlen(tmp_dir);
str_len_i = strlen(syscheck->dir[i]);
-
+
if(str_len_dir > str_len_i)
{
str_len_dir = str_len_i;
@@ -516,13 +516,13 @@ int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
ret = 1;
goto out_free;
}
-
+
while(g.gl_pathv[gindex])
{
dump_syscheck_entry(syscheck, g.gl_pathv[gindex], opts, 0, restrictfile);
gindex++;
}
-
+
globfree(&g);
}
@@ -539,12 +539,12 @@ int read_attr(config *syscheck, char *dirs, char **g_attrs, char **g_values)
free(restrictfile);
restrictfile = NULL;
}
-
-
+
+
/* Next entry */
- dir++;
+ dir++;
}
-
+
ret = 1;
out_free:
@@ -578,17 +578,17 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
char *xml_scan_on_start = "scan_on_start";
char *xml_prefilter_cmd = "prefilter_cmd";
- /* Configuration example
+ /* Configuration example
<directories check_all="yes">/etc,/usr/bin</directories>
- <directories check_owner="yes" check_group="yes" check_perm="yes"
+ <directories check_owner="yes" check_group="yes" check_perm="yes"
check_sum="yes">/var/log</directories>
*/
config *syscheck;
syscheck = (config *)configp;
-
-
+
+
while(node[i])
{
if(!node[i]->element)
@@ -606,16 +606,16 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
else if(strcmp(node[i]->element,xml_directories) == 0)
{
char dirs[OS_MAXSTR];
-
+
#ifdef WIN32
ExpandEnvironmentStrings(node[i]->content, dirs, sizeof(dirs) -1);
#else
strncpy(dirs, node[i]->content, sizeof(dirs) -1);
#endif
-
+
if(!read_attr(syscheck,
- dirs,
- node[i]->attributes,
+ dirs,
+ node[i]->attributes,
node[i]->values))
{
return(OS_INVALID);
@@ -633,7 +633,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
}
/* Getting frequency */
else if(strcmp(node[i]->element,xml_time) == 0)
- {
+ {
if(!OS_StrIsNum(node[i]->content))
{
merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
@@ -663,7 +663,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
}
-
+
/* Getting if xml_scan_on_start. */
else if(strcmp(node[i]->element, xml_scan_on_start) == 0)
{
@@ -677,7 +677,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
}
-
+
/* Getting if disabled. */
else if(strcmp(node[i]->element,xml_disabled) == 0)
{
@@ -691,7 +691,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
}
-
+
/* Getting file/dir ignore */
else if(strcmp(node[i]->element,xml_ignore) == 0)
{
@@ -701,22 +701,22 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
#ifdef WIN32
char *new_ig = NULL;
os_calloc(2048, sizeof(char), new_ig);
-
- ExpandEnvironmentStrings(node[i]->content, new_ig, 2047);
+
+ ExpandEnvironmentStrings(node[i]->content, new_ig, 2047);
free(node[i]->content);
node[i]->content = new_ig;
#endif
-
+
/* Adding if regex */
if(node[i]->attributes && node[i]->values)
{
if(node[i]->attributes[0] && node[i]->values[0] &&
- (strcmp(node[i]->attributes[0], "type") == 0) &&
+ (strcmp(node[i]->attributes[0], "type") == 0) &&
(strcmp(node[i]->values[0], "sregex") == 0))
{
OSMatch *mt_pt;
-
+
if(!syscheck->ignore_regex)
{
os_calloc(2, sizeof(OSMatch *),syscheck->ignore_regex);
@@ -733,7 +733,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
syscheck->ignore_regex);
syscheck->ignore_regex[ign_size +1] = NULL;
}
- os_calloc(1, sizeof(OSMatch),
+ os_calloc(1, sizeof(OSMatch),
syscheck->ignore_regex[ign_size]);
if(!OSMatch_Compile(node[i]->content,
@@ -766,7 +766,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
while(syscheck->ignore[ign_size] != NULL)
ign_size++;
- os_realloc(syscheck->ignore,
+ os_realloc(syscheck->ignore,
sizeof(char *)*(ign_size +2),
syscheck->ignore);
syscheck->ignore[ign_size +1] = NULL;
@@ -807,7 +807,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
syscheck->registry_ignore_regex);
syscheck->registry_ignore_regex[ign_size +1] = NULL;
}
-
+
os_calloc(1, sizeof(OSMatch),
syscheck->registry_ignore_regex[ign_size]);
@@ -828,7 +828,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
}
}
/* We do not add duplicated entries */
- else if(!os_IsStrOnArray(node[i]->content,
+ else if(!os_IsStrOnArray(node[i]->content,
syscheck->registry_ignore))
{
if(!syscheck->registry_ignore)
@@ -893,7 +893,7 @@ int Read_Syscheck(XML_NODE node, void *configp, void *mailp)
return(OS_INVALID);
}
i++;
- }
-
+ }
+
return(0);
}
diff --git a/src/config/syscheck-config.h b/src/config/syscheck-config.h
index f78928c..2417587 100755
--- a/src/config/syscheck-config.h
+++ b/src/config/syscheck-config.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __SYSCHECKC_H
#define __SYSCHECKC_H
@@ -49,10 +49,10 @@ typedef struct _config
int disabled; /* is syscheck disabled? */
int scan_on_start;
int realtime_count;
-
+
int time; /* frequency (secs) for syscheck to run */
int queue; /* file descriptor of socket to write to queue */
-
+
int *opts; /* attributes set in the <directories> tag element */
char *workdir; /* set to the DEFAULTDIR (/var/ossec) */
@@ -61,10 +61,10 @@ typedef struct _config
char *scan_day; /* run syscheck on this day */
char *scan_time; /* run syscheck at this time */
-
+
char **ignore; /* list of files/dirs to ignore */
void **ignore_regex; /* regex of files/dirs to ignore */
-
+
char **dir; /* array of directories to be scanned */
void **filerestrict;
@@ -75,7 +75,7 @@ typedef struct _config
char **registry; /* array of registry entries to be scanned */
FILE *reg_fp;
#endif
-
+
void *fp;
rtfim *realtime;
diff --git a/src/error_messages/._error_messages.h b/src/error_messages/._error_messages.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/error_messages/._error_messages.h and /dev/null differ
diff --git a/src/error_messages/error_messages.h b/src/error_messages/error_messages.h
index 4a6b938..ca36538 100755
--- a/src/error_messages/error_messages.h
+++ b/src/error_messages/error_messages.h
@@ -29,7 +29,7 @@
#define FOPEN_ERROR "%s(1103): ERROR: Unable to open file '%s'."
#define SIZE_ERROR "%s(1104): ERROR: Maximum string size reached for: %s."
#define NULL_ERROR "%s(1105): ERROR: Attempted to use null string. "
-#define FORMAT_ERROR "%s(1106): ERROR: String not correctly formated."
+#define FORMAT_ERROR "%s(1106): ERROR: String not correctly formated."
#define MKDIR_ERROR "%s(1107): ERROR: Unable to create directory: '%s'"
#define PERM_ERROR "%s(1108): ERROR: Permission error. Operation not completed."
#define THREAD_ERROR "%s(1109): ERROR: Unable to create new pthread."
@@ -107,7 +107,7 @@
#define INVALID_RKCL_NAME "%s(1251): ERROR: Invalid rk configuration name: '%s'."
#define INVALID_RKCL_VALUE "%s(1252): ERROR: Invalid rk configuration value: '%s'."
#define INVALID_ROOTDIR "%s(1253): ERROR: Invalid rootdir (unable to retrieve)."
-#define INVALID_RKCL_VAR "%s(1254): ERROR: Invalid rk variable: '%s'."
+#define INVALID_RKCL_VAR "%s(1254): ERROR: Invalid rk variable: '%s'."
/* syscheck */
@@ -148,7 +148,7 @@
#define AR_CMD_MISS "%s(1280): ERROR: Missing command options. " \
"You must specify a 'name', 'executable' and 'expect'."
#define AR_MISS "%s(1281): ERROR: Missing options in the active response " \
- "configuration. "
+ "configuration. "
#define ARQ_ERROR "%s(1301): ERROR: Unable to connect to active response queue."
#define AR_INV_LOC "%s(1302): ERROR: Invalid active response location: '%s'."
#define AR_INV_CMD "%s(1303): ERROR: Invalid command '%s' in the active response."
@@ -199,7 +199,7 @@
#define ENCFILE_CHANGED "%s(1409): INFO: Authentication file changed. Updating."
#define ENC_READ "%s(1410): INFO: Reading authentication keys file."
-
+
/* Regex errors */
#define REGEX_COMPILE "%s(1450): ERROR: Syntax error on regex: '%s': %d."
#define REGEX_SUBS "%s(1451): ERROR: Missing sub_strings on regex: '%s'."
@@ -222,7 +222,7 @@
#define DUP_REGEX "%s(2109): ERROR: Duplicated offsets for same regex: '%s'."
#define INV_DECOPTION "%s(2110): ERROR: Invalid decoder argument for %s: '%s'."
#define DECODE_ADD "%s(2111): ERROR: Additional data to plugin decoder: '%s'."
-
+
#define INV_OFFSET "%s(2120): ERROR: Invalid offset value: '%s'"
#define INV_ATTR "%s(2121): ERROR: Invalid decoder attribute: '%s'"
@@ -252,7 +252,7 @@
/* Rules reading errors */
-#define RL_INV_ROOT "%s(5101): ERROR: Invalid root element: '%s'."
+#define RL_INV_ROOT "%s(5101): ERROR: Invalid root element: '%s'."
#define RL_INV_RULE "%s(5102): ERROR: Invalid rule element: '%s'."
#define RL_INV_ENTRY "%s(5103): ERROR: Invalid rule on '%s'. Missing id/level."
#define RL_EMPTY_ATTR "%s(5104): ERROR: Rule attribute '%s' empty."
@@ -279,7 +279,7 @@
#define DB_MISS_CONFIG "%s(5205): ERROR: Missing database configuration. "\
"It requires host, user, pass and database."
#define DB_CONFIGERR "%s(5206): ERROR: Database configuration error."
-#define DB_COMPILED "%s(5207): ERROR: OSSEC not compiled with support for '%s'."
+#define DB_COMPILED "%s(5207): ERROR: OSSEC not compiled with support for '%s'."
#define DB_MAINERROR "%s(5208): ERROR: Multiple database errors. Exiting."
#define DB_CLOSING "%s(5209): INFO: Closing connection to database."
#define DB_ATTEMPT "%s(5210): INFO: Attempting to reconnect to database."
@@ -296,7 +296,7 @@
#define CONN_TO "%s: INFO: Connected to '%s' (%s queue)"
#define MAIL_DIS "%s: INFO: E-Mail notification disabled. Clean Exit."
-
+
/* Debug Messages */
#define STARTED_MSG "%s: DEBUG: Starting ..."
#define FOUND_USER "%s: DEBUG: Found user/group ..."
diff --git a/src/external/zlib-1.2.3/._COPYRIGHT b/src/external/zlib-1.2.3/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._COPYRIGHT and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._Makefile b/src/external/zlib-1.2.3/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._Makefile and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._README b/src/external/zlib-1.2.3/._README
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._README and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._adler32.c b/src/external/zlib-1.2.3/._adler32.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._adler32.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._algorithm.txt b/src/external/zlib-1.2.3/._algorithm.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._algorithm.txt and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._compress.c b/src/external/zlib-1.2.3/._compress.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._compress.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._crc32.c b/src/external/zlib-1.2.3/._crc32.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._crc32.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._crc32.h b/src/external/zlib-1.2.3/._crc32.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._crc32.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._deflate.c b/src/external/zlib-1.2.3/._deflate.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._deflate.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._deflate.h b/src/external/zlib-1.2.3/._deflate.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._deflate.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._gzio.c b/src/external/zlib-1.2.3/._gzio.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._gzio.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._infback.c b/src/external/zlib-1.2.3/._infback.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._infback.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inffast.c b/src/external/zlib-1.2.3/._inffast.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inffast.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inffast.h b/src/external/zlib-1.2.3/._inffast.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inffast.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inffixed.h b/src/external/zlib-1.2.3/._inffixed.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inffixed.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inflate.c b/src/external/zlib-1.2.3/._inflate.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inflate.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inflate.h b/src/external/zlib-1.2.3/._inflate.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inflate.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inftrees.c b/src/external/zlib-1.2.3/._inftrees.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inftrees.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._inftrees.h b/src/external/zlib-1.2.3/._inftrees.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._inftrees.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._trees.c b/src/external/zlib-1.2.3/._trees.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._trees.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._trees.h b/src/external/zlib-1.2.3/._trees.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._trees.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._uncompr.c b/src/external/zlib-1.2.3/._uncompr.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._uncompr.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._zconf.h b/src/external/zlib-1.2.3/._zconf.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._zconf.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._zconf.in.h b/src/external/zlib-1.2.3/._zconf.in.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._zconf.in.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._zlib.h b/src/external/zlib-1.2.3/._zlib.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._zlib.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._zutil.c b/src/external/zlib-1.2.3/._zutil.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._zutil.c and /dev/null differ
diff --git a/src/external/zlib-1.2.3/._zutil.h b/src/external/zlib-1.2.3/._zutil.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/external/zlib-1.2.3/._zutil.h and /dev/null differ
diff --git a/src/external/zlib-1.2.3/gzio.c b/src/external/zlib-1.2.3/gzio.c
index 73038f4..3b016f6 100755
--- a/src/external/zlib-1.2.3/gzio.c
+++ b/src/external/zlib-1.2.3/gzio.c
@@ -127,7 +127,7 @@ local gzFile gz_open (path, mode, fd)
s->transparent = 0;
path_size = strlen(path) +1;
-
+
s->path = (char*)ALLOC(path_size +1);
if (s->path == NULL) {
return destroy(s), (gzFile)Z_NULL;
@@ -1011,7 +1011,7 @@ const char * ZEXPORT gzerror (file, errnum)
TRYFREE(s->msg);
msg_size = strlen(s->path) + strlen(m) + 4;
-
+
s->msg = (char*)ALLOC(msg_size +1);
if (s->msg == Z_NULL) return (const char*)ERR_MSG(Z_MEM_ERROR);
diff --git a/src/headers/._agent_op.h b/src/headers/._agent_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._agent_op.h and /dev/null differ
diff --git a/src/headers/._ar.h b/src/headers/._ar.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._ar.h and /dev/null differ
diff --git a/src/headers/._debug_op.h b/src/headers/._debug_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._debug_op.h and /dev/null differ
diff --git a/src/headers/._defs.h b/src/headers/._defs.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._defs.h and /dev/null differ
diff --git a/src/headers/._dirtree_op.h b/src/headers/._dirtree_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._dirtree_op.h and /dev/null differ
diff --git a/src/headers/._file-queue.h b/src/headers/._file-queue.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._file-queue.h and /dev/null differ
diff --git a/src/headers/._file_op.h b/src/headers/._file_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._file_op.h and /dev/null differ
diff --git a/src/headers/._hash_op.h b/src/headers/._hash_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._hash_op.h and /dev/null differ
diff --git a/src/headers/._help.h b/src/headers/._help.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._help.h and /dev/null differ
diff --git a/src/headers/._list_op.h b/src/headers/._list_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._list_op.h and /dev/null differ
diff --git a/src/headers/._math_op.h b/src/headers/._math_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._math_op.h and /dev/null differ
diff --git a/src/headers/._mem_op.h b/src/headers/._mem_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._mem_op.h and /dev/null differ
diff --git a/src/headers/._mq_op.h b/src/headers/._mq_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._mq_op.h and /dev/null differ
diff --git a/src/headers/._os_err.h b/src/headers/._os_err.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._os_err.h and /dev/null differ
diff --git a/src/headers/._privsep_op.h b/src/headers/._privsep_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._privsep_op.h and /dev/null differ
diff --git a/src/headers/._pthreads_op.h b/src/headers/._pthreads_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._pthreads_op.h and /dev/null differ
diff --git a/src/headers/._rc.h b/src/headers/._rc.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._rc.h and /dev/null differ
diff --git a/src/headers/._read-agents.h b/src/headers/._read-agents.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._read-agents.h and /dev/null differ
diff --git a/src/headers/._read-alert.h b/src/headers/._read-alert.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._read-alert.h and /dev/null differ
diff --git a/src/headers/._regex_op.h b/src/headers/._regex_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._regex_op.h and /dev/null differ
diff --git a/src/headers/._report_op.h b/src/headers/._report_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._report_op.h and /dev/null differ
diff --git a/src/headers/._rules_op.h b/src/headers/._rules_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._rules_op.h and /dev/null differ
diff --git a/src/headers/._sec.h b/src/headers/._sec.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._sec.h and /dev/null differ
diff --git a/src/headers/._shared.h b/src/headers/._shared.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._shared.h and /dev/null differ
diff --git a/src/headers/._sig_op.h b/src/headers/._sig_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._sig_op.h and /dev/null differ
diff --git a/src/headers/._store_op.h b/src/headers/._store_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._store_op.h and /dev/null differ
diff --git a/src/headers/._string_op.h b/src/headers/._string_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._string_op.h and /dev/null differ
diff --git a/src/headers/._validate_op.h b/src/headers/._validate_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._validate_op.h and /dev/null differ
diff --git a/src/headers/._wait_op.h b/src/headers/._wait_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/headers/._wait_op.h and /dev/null differ
diff --git a/src/headers/agent_op.h b/src/headers/agent_op.h
index a24afd4..fdce89d 100755
--- a/src/headers/agent_op.h
+++ b/src/headers/agent_op.h
@@ -12,7 +12,7 @@
#ifndef __AGENT_OP_H
-#define __AGENT_OP_H
+#define __AGENT_OP_H
diff --git a/src/headers/custom_output_search.h b/src/headers/custom_output_search.h
new file mode 100644
index 0000000..a5af2a9
--- /dev/null
+++ b/src/headers/custom_output_search.h
@@ -0,0 +1,77 @@
+/*
+ * custom_output_search.h
+ *
+ * Created on: 10/10/2012
+ * Author: crosa
+ */
+
+#ifndef CUSTOM_OUTPUT_SEARCH_H_
+#define CUSTOM_OUTPUT_SEARCH_H_
+/** char *searchAndReplace(char* orig, char* search, char*value)
+ * Searchs for 'search' on orig's string and replaces it by value.
+ * Returns NULL on error, otherwise returns the orig string with the replacements.
+ */
+char * searchAndReplace(char* orig, char* search, char*value);
+
+/** char* escape_newlines(char *orig);
+ * Escape the newlines characters
+ * Returns NULL on error, otherwise returns a new allocated string.
+ */
+char* escape_newlines(char *orig);
+
+
+#endif /* CUSTOM_OUTPUT_SEARCH_H_ */
+/*
+ * custom_output_search.h
+ *
+ * Created on: 10/10/2012
+ * Author: crosa
+ */
+
+#ifndef CUSTOM_OUTPUT_SEARCH_H_
+#define CUSTOM_OUTPUT_SEARCH_H_
+/** char *searchAndReplace(char* orig, char* search, char*value)
+ * Searchs for 'search' on orig's string and replaces it by value.
+ * Returns NULL on error, otherwise returns the orig string with the replacements.
+ */
+char * searchAndReplace(char* orig, char* search, char*value);
+
+
+
+#endif /* CUSTOM_OUTPUT_SEARCH_H_ */
+/*
+ * custom_output_search.h
+ *
+ * Created on: 10/10/2012
+ * Author: crosa
+ */
+
+#ifndef CUSTOM_OUTPUT_SEARCH_H_
+#define CUSTOM_OUTPUT_SEARCH_H_
+/** char *searchAndReplace(char* orig, char* search, char*value)
+ * Searchs for 'search' on orig's string and replaces it by value.
+ * Returns NULL on error, otherwise returns the orig string with the replacements.
+ */
+char * searchAndReplace(char* orig, char* search, char*value);
+
+
+
+#endif /* CUSTOM_OUTPUT_SEARCH_H_ */
+/*
+ * custom_output_search.h
+ *
+ * Created on: 10/10/2012
+ * Author: crosa
+ */
+
+#ifndef CUSTOM_OUTPUT_SEARCH_H_
+#define CUSTOM_OUTPUT_SEARCH_H_
+/** char *searchAndReplace(char* orig, char* search, char*value)
+ * Searchs for 'search' on orig's string and replaces it by value.
+ * Returns NULL on error, otherwise returns the orig string with the replacements.
+ */
+char * searchAndReplace(char* orig, char* search, char*value);
+
+
+
+#endif /* CUSTOM_OUTPUT_SEARCH_H_ */
diff --git a/src/headers/debug_op.h b/src/headers/debug_op.h
index 7cc8eed..52b9f18 100755
--- a/src/headers/debug_op.h
+++ b/src/headers/debug_op.h
@@ -58,7 +58,7 @@ void nowDaemon();
int isChroot();
/* Debug analysisd */
-#ifdef DEBUGAD
+#ifdef DEBUGAD
#define DEBUG_MSG(x,y,z) verbose(x,y,z)
#else
#define DEBUG_MSG(x,y,z)
diff --git a/src/headers/defs.h b/src/headers/defs.h
index 3d89b33..880cd8d 100755
--- a/src/headers/defs.h
+++ b/src/headers/defs.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -22,7 +22,7 @@
#define __OS_HEADERS
-/* TRUE / FALSE definitions
+/* TRUE / FALSE definitions
*/
#define TRUE 1
#define FALSE 0
@@ -52,7 +52,7 @@
/* Some Global names */
#define __name "OSSEC HIDS"
-#define __version "v2.7-beta1"
+#define __version "v2.7.1"
#define __author "Trend Micro Inc."
#define __contact "contact at ossec.net"
#define __site "http://www.ossec.net"
@@ -69,17 +69,17 @@ http://www.ossec.net/main/license/\n"
#define MAX_PID 32768
#endif
-
+
/* Max limit of 256 agents */
#ifndef MAX_AGENTS
#define MAX_AGENTS 256
-#endif
+#endif
/* manager notification */
#define NOTIFY_TIME 600 /* every 10 minutes */
-
+
/* User Configuration */
#ifndef MAILUSER
#define MAILUSER "ossecm"
@@ -88,15 +88,15 @@ http://www.ossec.net/main/license/\n"
#ifndef USER
#define USER "ossec"
#endif
-
+
#ifndef REMUSER
#define REMUSER "ossecr"
#endif
-
+
#ifndef GROUPGLOBAL
#define GROUPGLOBAL "ossec"
-#endif
-
+#endif
+
#ifndef DEFAULTDIR
#define DEFAULTDIR "/var/ossec"
#endif
@@ -117,7 +117,7 @@ http://www.ossec.net/main/license/\n"
#define AR_BINDIR "active-response/bin"
#define AGENTCONFIG "shared/agent.conf"
#define AGENTCONFIGINT "shared/agent.conf"
-#endif
+#endif
/* Exec queue */
@@ -132,7 +132,7 @@ http://www.ossec.net/main/license/\n"
#define XML_DECODER "/etc/decoder.xml"
#define XML_LDECODER "/etc/local_decoder.xml"
-
+
/* Agent information location */
#define AGENTINFO_DIR "/queue/agent-info"
@@ -184,14 +184,14 @@ http://www.ossec.net/main/license/\n"
#else
#define SYSCHECK_RESTART "syscheck/.syscheck_run"
#define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run"
-#endif
+#endif
-
-/* Agentless directories. */
+
+/* Agentless directories. */
#define AGENTLESSDIR "/agentless"
#define AGENTLESSPASS "/agentless/.passlist"
#define AGENTLESS_ENTRYDIR "/queue/agentless"
-
+
/* Internal definitions files */
#ifndef WIN32
@@ -236,8 +236,8 @@ http://www.ossec.net/main/license/\n"
#ifndef WIN32
#define SHAREDCFG_DIR "/etc/shared"
#else
- #define SHAREDCFG_DIR "shared"
-#endif
+ #define SHAREDCFG_DIR "shared"
+#endif
/* Built in defines */
#define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE
diff --git a/src/headers/dirtree_op.h b/src/headers/dirtree_op.h
index 64c2540..7563a79 100755
--- a/src/headers/dirtree_op.h
+++ b/src/headers/dirtree_op.h
@@ -12,9 +12,9 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_DIRTREE
#define _OS_DIRTREE
@@ -23,7 +23,7 @@ typedef struct _OSTreeNode
{
struct _OSTreeNode *next;
void *child;
-
+
char *value;
void *data;
}OSTreeNode;
@@ -39,7 +39,7 @@ typedef struct _OSDirTree
OSDirTree *OSDirTree_Create();
void OSDirTree_AddToTree(OSDirTree *tree, char *str, void *data, char sep);
void *OSDirTree_SearchTree(OSDirTree *tree, char *str, char sep);
-
+
#endif
diff --git a/src/headers/file-queue.h b/src/headers/file-queue.h
index f1f7f78..0865a8f 100755
--- a/src/headers/file-queue.h
+++ b/src/headers/file-queue.h
@@ -25,10 +25,10 @@ typedef struct _file_queue
int year;
int day;
int flags;
-
+
char mon[4];
char file_name[MAX_FQUEUE +1];
-
+
FILE *fp;
struct stat f_status;
}file_queue;
diff --git a/src/headers/hash_op.h b/src/headers/hash_op.h
index 3f65c5a..9b0777a 100755
--- a/src/headers/hash_op.h
+++ b/src/headers/hash_op.h
@@ -12,9 +12,9 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_HASHOP
#define _OS_HASHOP
@@ -24,9 +24,9 @@
typedef struct _OSHashNode
{
struct _OSHashNode *next;
-
+
void *key;
- void *data;
+ void *data;
}OSHashNode;
@@ -35,7 +35,7 @@ typedef struct _OSHash
unsigned int rows;
unsigned int initial_seed;
unsigned int constant;
-
+
OSHashNode **table;
}OSHash;
@@ -55,7 +55,7 @@ OSHash *OSHash_Create();
* Frees the memory used by the hash.
*/
void *OSHash_Free(OSHash *self);
-
+
/** void OSHash_Add(OSHash *hash, char *key, void *data)
diff --git a/src/headers/list_op.h b/src/headers/list_op.h
index 3e11e43..d395099 100755
--- a/src/headers/list_op.h
+++ b/src/headers/list_op.h
@@ -29,7 +29,7 @@ typedef struct _OSList
OSListNode *first_node;
OSListNode *last_node;
OSListNode *cur_node;
-
+
int currently_size;
int max_size;
diff --git a/src/headers/math_op.h b/src/headers/math_op.h
index 8bea6a0..e5840d9 100755
--- a/src/headers/math_op.h
+++ b/src/headers/math_op.h
@@ -22,7 +22,7 @@
* Get the first available prime after the provided value.
* Returns 0 on error.
*/
-int os_getprime(int val);
+int os_getprime(int val);
#endif
diff --git a/src/headers/os_err.h b/src/headers/os_err.h
index 7988baf..681ed0a 100755
--- a/src/headers/os_err.h
+++ b/src/headers/os_err.h
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
diff --git a/src/headers/rc.h b/src/headers/rc.h
index 3a68648..f71a0c4 100755
--- a/src/headers/rc.h
+++ b/src/headers/rc.h
@@ -23,7 +23,7 @@
#define IsValidHeader(str) ((str[0] == '#') && \
(str[1] == '!') && \
(str[2] == '-') && \
- (str+=3) )
+ (str+=3) )
/* Exec message */
diff --git a/src/headers/read-agents.h b/src/headers/read-agents.h
index c6feb63..a450b72 100755
--- a/src/headers/read-agents.h
+++ b/src/headers/read-agents.h
@@ -30,7 +30,7 @@ typedef struct _agent_info
/* Print syscheck db (of modified files). */
-int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
+int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
int all_files, int csv_output, int update_counter);
/* Print rootcheck db. */
@@ -52,7 +52,7 @@ char **get_agents(int flag);
/* Free the agent list */
void free_agents(char **agent_list);
-/** char *print_agent_status(int status)
+/** char *print_agent_status(int status)
* Prints the text representation of the agent status.
*/
char *print_agent_status(int status);
@@ -66,7 +66,7 @@ int get_agent_status(char *agent_name, char *agent_ip);
* Get information from an agent.
*/
agent_info *get_agent_info(char *agent_name, char *agent_ip);
-
+
/** int connect_to_remoted()
* Connects to remoted to be able to send messages to the agents.
@@ -77,15 +77,15 @@ int connect_to_remoted();
/** int send_msg_to_agent(int socket, char *msg)
* Sends a message to an agent.
* returns -1 on error.
- */
+ */
int send_msg_to_agent(int msocket, char *msg, char *agt_id, char *exec);
-
+
#define GA_NOTACTIVE 2
#define GA_ACTIVE 3
-#define GA_ALL 5
+#define GA_ALL 5
#define GA_ALL_WSTATUS 7
/* Status */
diff --git a/src/headers/read-alert.h b/src/headers/read-alert.h
index ff45871..48b415f 100755
--- a/src/headers/read-alert.h
+++ b/src/headers/read-alert.h
@@ -15,7 +15,7 @@
#ifndef __CRALERT_H
#define __CRALERT_H
-#define CRALERT_MAIL_SET 0x001
+#define CRALERT_MAIL_SET 0x001
#define CRALERT_EXEC_SET 0x002
#define CRALERT_READ_ALL 0x004
#define CRALERT_FP_SET 0x010
diff --git a/src/headers/report_op.h b/src/headers/report_op.h
index c71b862..a19ec93 100755
--- a/src/headers/report_op.h
+++ b/src/headers/report_op.h
@@ -15,10 +15,10 @@
#define __REPORT_OP_H
-#define REPORT_RELATED 1
+#define REPORT_RELATED 1
#define REPORT_FILTER 2
-
+
#define REPORT_REL_USER 0x001
#define REPORT_REL_SRCIP 0x002
#define REPORT_REL_LEVEL 0x004
@@ -27,7 +27,7 @@
#define REPORT_REL_LOCATION 0x040
#define REPORT_TYPE_DAILY 0x100
#define REPORT_REL_FILE 0x200
-
+
typedef struct _report_filter
@@ -62,13 +62,13 @@ typedef struct _report_filter
int report_type;
int show_alerts;
void *fp;
-
+
}report_filter;
-int os_report_configfilter(char *filter_by, char *filter_value,
+int os_report_configfilter(char *filter_by, char *filter_value,
report_filter *r_filter, int arg_type);
void os_report_printtop(void *topstore, char *hname, int print_related);
void os_ReportdStart(report_filter *r_filter);
diff --git a/src/headers/rules_op.h b/src/headers/rules_op.h
index bb4762f..1b80e08 100755
--- a/src/headers/rules_op.h
+++ b/src/headers/rules_op.h
@@ -12,9 +12,9 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_RULESOP_H
#define _OS_RULESOP_H
@@ -94,7 +94,7 @@ typedef struct _RuleInfo
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
@@ -104,7 +104,7 @@ typedef struct _RuleInfo
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
@@ -126,7 +126,7 @@ typedef struct _RuleInfo
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
@@ -148,11 +148,11 @@ typedef struct _RuleInfo
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
-
+
char *if_sid;
char *if_level;
char *if_group;
@@ -160,14 +160,14 @@ typedef struct _RuleInfo
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void **ar;
}RuleInfo;
/** Prototypes **/
-int OS_ReadXMLRules(char *rulefile,
+int OS_ReadXMLRules(char *rulefile,
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data);
diff --git a/src/headers/sec.h b/src/headers/sec.h
index 4f5c67b..841492f 100755
--- a/src/headers/sec.h
+++ b/src/headers/sec.h
@@ -22,7 +22,7 @@ typedef struct _keyentry
unsigned int local;
unsigned int keyid;
unsigned int global;
-
+
char *id;
char *key;
char *name;
@@ -38,8 +38,8 @@ typedef struct _keystore
{
/* Array with all the keys */
keyentry **keyentries;
-
-
+
+
/* Hashes, based on the id/ip to lookup the keys. */
void *keyhash_id;
void *keyhash_ip;
@@ -67,7 +67,7 @@ void OS_FreeKeys(keystore *keys);
/* Checks if key changed. */
int OS_CheckUpdateKeys(keystore *keys);
-
+
/* Update the keys if they changed on the system. */
int OS_UpdateKeys(keystore *keys);
@@ -98,7 +98,7 @@ int OS_IsAllowedDynamicID(keystore *keys, char *id, char *srcip);
/** Function prototypes -- send/recv messages **/
/* Decrypt and decompress a remote message. */
-char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
+char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
int id, int buffer_size);
/* Creates an ossec message (encrypts and compress) */
@@ -115,7 +115,7 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id);
#endif
#define SENDER_COUNTER "sender_counter"
-#define KEYSIZE 128
+#define KEYSIZE 128
#endif
diff --git a/src/headers/shared.h b/src/headers/shared.h
index a7f7b2f..4add11a 100755
--- a/src/headers/shared.h
+++ b/src/headers/shared.h
@@ -19,7 +19,7 @@
* The stack smashing protector defeats some BoF via: gcc -fstack-protector
* Reference: http://gcc.gnu.org/onlinedocs/gcc-4.1.2/cpp.pdf
*/
-
+
#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 1) && (__GNUC_PATCHLEVEL__ >= 2)) || \
((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2)) || \
(__GNUC__ >= 5))
@@ -178,7 +178,7 @@ char *__local_name;
/*** These functions will exit on error. No need to check return code ***/
/* for calloc: x = calloc(4,sizeof(char)) -> os_calloc(4,sizeof(char),x) */
-#define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, ARGV0)
+#define os_calloc(x,y,z) (z = calloc(x,y))?(void)1:ErrorExit(MEM_ERROR, ARGV0)
#define os_strdup(x,y) (y = strdup(x))?(void)1:ErrorExit(MEM_ERROR, ARGV0)
@@ -193,9 +193,9 @@ char *__local_name;
#ifdef CLIENT
#define isAgent 1
#else
- #define isAgent 0
+ #define isAgent 0
#endif
-
+
#include "debug_op.h"
@@ -225,8 +225,9 @@ char *__local_name;
#include "os_regex/os_regex.h"
#include "error_messages/error_messages.h"
+#include "custom_output_search.h"
#endif /* __SHARED_H */
-
+
/* EOF */
diff --git a/src/headers/store_op.h b/src/headers/store_op.h
index 49014ba..a8e155b 100755
--- a/src/headers/store_op.h
+++ b/src/headers/store_op.h
@@ -42,7 +42,7 @@ typedef struct _OSStore
OSStore *OSStore_Create();
OSStore *OSStore_Free(OSStore *list);
-
+
int OSStore_Put(OSStore *list, char *key, void *data);
int OSStore_Check(OSStore *list, char *key);
int OSStore_NCheck(OSStore *list, char *key);
@@ -51,7 +51,7 @@ int OSStore_GetPosition(OSStore *list, char *key);
void *OSStore_Get(OSStore *list, char *key);
OSStoreNode *OSStore_GetFirstNode(OSStore *list);
int OSStore_Sort(OSStore *list, void*(sort_data_function)(void *d1, void *d2));
-
+
#endif
diff --git a/src/headers/string_op.h b/src/headers/string_op.h
index a07b9f0..2df963e 100755
--- a/src/headers/string_op.h
+++ b/src/headers/string_op.h
@@ -27,9 +27,7 @@ void os_trimcrlf(char *str);
int os_substr(char *dest, const char *src, int position, int length);
/* Remove a character from a string */
-char *os_strip_char(const char *source, char remove);
-
-
+char *os_strip_char(char *source, char remove);
#endif
diff --git a/src/headers/validate_op.h b/src/headers/validate_op.h
index 867150f..ade6afa 100755
--- a/src/headers/validate_op.h
+++ b/src/headers/validate_op.h
@@ -43,7 +43,7 @@ int getDefine_Int(char *high_name, char *low_name, int min, int max);
*/
int OS_IPFound(char *ip_address, os_ip *that_ip);
-
+
/** int OS_IPFoundList(char *ip_address, char **list_of_ips)
* Checks if ip_address is present on the "list_of_ips".
@@ -61,8 +61,8 @@ int OS_IPFoundList(char *ip_address, os_ip **list_of_ips);
* ** On success this function may modify the value of ip_address
*/
int OS_IsValidIP(char *ip_address, os_ip *final_ip);
-
-
+
+
/** Time range validations **/
/** char *OS_IsValidTime(char *time_str)
@@ -78,9 +78,9 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip);
* hh:mm am - hh:mm pm (12 hour format)
* hh am - hh pm (12 hour format)
*/
-char *OS_IsValidTime(char *time_str);
+char *OS_IsValidTime(char *time_str);
-/* Same as above, but only accepts a unique time, not a range. */
+/* Same as above, but only accepts a unique time, not a range. */
char *OS_IsValidUniqueTime(char *time_str);
@@ -104,7 +104,7 @@ int OS_IsAfterTime(char *time_str, char *ossec_time);
* range.
*/
int OS_IsonDay(int week_day, char *ossec_day);
-
+
/** char *OS_IsValidDay(char *day_str)
* Validates if an day is in an acceptable format
@@ -124,7 +124,7 @@ char *OS_IsValidDay(char *day_str);
/* Checks if the ip is a single host, not a network with a netmask */
#define isSingleHost(x) (x->netmask == 0xFFFFFFFF)
-
+
#endif
/* EOF */
diff --git a/src/headers/wait_op.h b/src/headers/wait_op.h
index 5a60926..8d1c4fe 100755
--- a/src/headers/wait_op.h
+++ b/src/headers/wait_op.h
@@ -11,7 +11,7 @@
*/
#ifndef __WAIT_OP_H
-#define __WAIT_OP_H
+#define __WAIT_OP_H
void os_setwait();
diff --git a/src/init/._darwin-addusers.pl b/src/init/._darwin-addusers.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._darwin-addusers.pl and /dev/null differ
diff --git a/src/init/._darwin-init.sh b/src/init/._darwin-init.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._darwin-init.sh and /dev/null differ
diff --git a/src/init/._functions.sh b/src/init/._functions.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._functions.sh and /dev/null differ
diff --git a/src/init/._fw-check.sh b/src/init/._fw-check.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._fw-check.sh and /dev/null differ
diff --git a/src/init/._init.sh b/src/init/._init.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._init.sh and /dev/null differ
diff --git a/src/init/._language.sh b/src/init/._language.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._language.sh and /dev/null differ
diff --git a/src/init/._ossec-client.sh b/src/init/._ossec-client.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-client.sh and /dev/null differ
diff --git a/src/init/._ossec-hids-aix.init b/src/init/._ossec-hids-aix.init
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-aix.init and /dev/null differ
diff --git a/src/init/._ossec-hids-debian.init b/src/init/._ossec-hids-debian.init
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-debian.init and /dev/null differ
diff --git a/src/init/._ossec-hids-gentoo.init b/src/init/._ossec-hids-gentoo.init
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-gentoo.init and /dev/null differ
diff --git a/src/init/._ossec-hids-rh.init b/src/init/._ossec-hids-rh.init
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-rh.init and /dev/null differ
diff --git a/src/init/._ossec-hids-solaris.init b/src/init/._ossec-hids-solaris.init
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-solaris.init and /dev/null differ
diff --git a/src/init/._ossec-hids-suse.init b/src/init/._ossec-hids-suse.init
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids-suse.init and /dev/null differ
diff --git a/src/init/._ossec-hids.init b/src/init/._ossec-hids.init
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-hids.init and /dev/null differ
diff --git a/src/init/._ossec-local.sh b/src/init/._ossec-local.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-local.sh and /dev/null differ
diff --git a/src/init/._ossec-server.sh b/src/init/._ossec-server.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._ossec-server.sh and /dev/null differ
diff --git a/src/init/._osx105-addusers.sh b/src/init/._osx105-addusers.sh
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/init/._osx105-addusers.sh and /dev/null differ
diff --git a/src/init/._shared.sh b/src/init/._shared.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._shared.sh and /dev/null differ
diff --git a/src/init/._update.sh b/src/init/._update.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/init/._update.sh and /dev/null differ
diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh
index f58feda..745ae61 100755
--- a/src/init/ossec-client.sh
+++ b/src/init/ossec-client.sh
@@ -11,7 +11,7 @@ DIR=`dirname $PWD`;
### Do not modify bellow here ###
NAME="OSSEC HIDS"
-VERSION="v2.7-beta1"
+VERSION="v2.7.1"
AUTHOR="Trend Micro Inc."
DAEMONS="ossec-logcollector ossec-syscheckd ossec-agentd ossec-execd"
@@ -140,6 +140,7 @@ start()
if [ $? = 0 ]; then
${DIR}/bin/${i};
if [ $? != 0 ]; then
+ echo "${i} did not start";
unlock;
exit 1;
fi
diff --git a/src/init/ossec-local.sh b/src/init/ossec-local.sh
index 947cf37..ee2227e 100755
--- a/src/init/ossec-local.sh
+++ b/src/init/ossec-local.sh
@@ -22,7 +22,7 @@ fi
NAME="OSSEC HIDS"
-VERSION="v2.7-beta1"
+VERSION="v2.7.1"
AUTHOR="Trend Micro Inc."
DAEMONS="ossec-monitord ossec-logcollector ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
@@ -226,6 +226,7 @@ start()
if [ $? = 0 ]; then
${DIR}/bin/${i} ${DEBUG_CLI};
if [ $? != 0 ]; then
+ echo "${i} did not start correctly.";
unlock;
exit 1;
fi
diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh
index 98eec56..8b41892 100755
--- a/src/init/ossec-server.sh
+++ b/src/init/ossec-server.sh
@@ -22,7 +22,7 @@ fi
NAME="OSSEC HIDS"
-VERSION="v2.7-beta1"
+VERSION="v2.7.1"
AUTHOR="Trend Micro Inc."
DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
@@ -224,6 +224,7 @@ start()
if [ $? = 0 ]; then
${DIR}/bin/${i} ${DEBUG_CLI};
if [ $? != 0 ]; then
+ echo "${i} did not start correctly.";
unlock;
exit 1;
fi
diff --git a/src/init/osx105-addusers.sh b/src/init/osx105-addusers.sh
index b3bf14d..6bc1cab 100644
--- a/src/init/osx105-addusers.sh
+++ b/src/init/osx105-addusers.sh
@@ -1,39 +1,128 @@
-#! /bin/sh
+#! /bin/bash
# By Spransy, Derek" <DSPRANS () emory ! edu> and Charlie Scott
+#
+# alterations by bil hays 2013
+# -Switched to bash
+# -Added some sanity checks
+# -Added routine to find the first 3 contiguous UIDs above 100,
+# starting at 600 puts this in user space
+# -Added lines to append the ossec users to the group ossec
+# so the the list GroupMembership works properly
+#####
+# This checks for an error and exits with a custom message
+# Returns zero on success
+# $1 is the message
+# $2 is the error code
+
+if [[ ! -f "/usr/bin/dscl" ]]
+ then
+ echo "Error, I have no dscl, dying here";
+ exit
+fi
+
+DSCL="/usr/bin/dscl";
+
+function check_errm
+ {
+ if [[ ${?} != "0" ]]
+ then
+ echo "${1}";
+ exit ${2};
+ fi
+ }
+
+# get unique id numbers (uid, gid) that are greater than 100
+unset -v i new_uid new_gid idvar;
+declare -i new_uid=0 new_gid=0 i=100 idvar=0;
+while [[ $idvar -eq 0 ]]; do
+ i=$[i+1]
+ j=$[i+1]
+ k=$[i+2]
+ if [[ -z "$(/usr/bin/dscl . -search /Users uid ${i})" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid ${i})" ]] && \
+ [[ -z "$(/usr/bin/dscl . -search /Users uid ${j})" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid ${j})" ]] && \
+ [[ -z "$(/usr/bin/dscl . -search /Users uid ${k})" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid ${k})" ]];
+ then
+ new_uid=$i
+ new_gid=$i
+ idvar=1
+ #break
+ fi
+done
+
+echo "UIDs available are:";
+echo ${new_uid}
+echo ${j}
+echo ${k}
+
+# Verify that the uid and gid exist and match
+if [[ $new_uid -eq 0 ]] || [[ $new_gid -eq 0 ]];
+ then
+ echo "Getting unique id numbers (uid, gid) failed!";
+ exit 1;
+ fi
+if [[ ${new_uid} != ${new_gid} ]]
+ then
+ echo "I failed to find matching free uid and gid!";
+ exit 5;
+ fi
# Creating the groups.
-sudo dscl localhost -create /Local/Default/Groups/ossec
-sudo dscl localhost -createprop /Local/Default/Groups/ossec PrimaryGroupID 600
-sudo dscl localhost -createprop /Local/Default/Groups/ossec RealName ossec
-sudo dscl localhost -createprop /Local/Default/Groups/ossec RecordName ossec
-sudo dscl localhost -createprop /Local/Default/Groups/ossec RecordType: dsRecTypeStandard:Groups
-sudo dscl localhost -createprop /Local/Default/Groups/ossec Password "*"
+sudo ${DSCL} localhost -create /Local/Default/Groups/ossec
+check_errm "Error creating group ossec" "67"
+sudo ${DSCL} localhost -createprop /Local/Default/Groups/ossec PrimaryGroupID ${new_gid}
+sudo ${DSCL} localhost -createprop /Local/Default/Groups/ossec RealName ossec
+sudo ${DSCL} localhost -createprop /Local/Default/Groups/ossec RecordName ossec
+sudo ${DSCL} localhost -createprop /Local/Default/Groups/ossec RecordType: dsRecTypeStandard:Groups
+sudo ${DSCL} localhost -createprop /Local/Default/Groups/ossec Password "*"
# Creating the users.
-sudo dscl localhost -create /Local/Default/Users/ossec
-sudo dscl localhost -createprop /Local/Default/Users/ossec RecordName ossec
-sudo dscl localhost -createprop /Local/Default/Users/ossec RealName "ossecacct"
-sudo dscl localhost -createprop /Local/Default/Users/ossec NFSHomeDirectory /var/ossec
-sudo dscl localhost -createprop /Local/Default/Users/ossec UniqueID 600
-sudo dscl localhost -createprop /Local/Default/Users/ossec PrimaryGroupID 600
-sudo dscl localhost -createprop /Local/Default/Users/ossec Password "*"
-
-sudo dscl localhost -create /Local/Default/Users/ossecm
-sudo dscl localhost -createprop /Local/Default/Users/ossecm RecordName ossecm
-sudo dscl localhost -createprop /Local/Default/Users/ossecm RealName "ossecmacct"
-sudo dscl localhost -createprop /Local/Default/Users/ossecm NFSHomeDirectory /var/ossec
-sudo dscl localhost -createprop /Local/Default/Users/ossecm UniqueID 601
-sudo dscl localhost -createprop /Local/Default/Users/ossecm PrimaryGroupID 600
-sudo dscl localhost -createprop /Local/Default/Users/ossecm Password "*"
-
-sudo dscl localhost -create /Local/Default/Users/ossecr
-sudo dscl localhost -createprop /Local/Default/Users/ossecr RecordName ossecr
-sudo dscl localhost -createprop /Local/Default/Users/ossecr RealName "ossecracct"
-sudo dscl localhost -createprop /Local/Default/Users/ossecr NFSHomeDirectory /var/ossec
-sudo dscl localhost -createprop /Local/Default/Users/ossecr UniqueID 602
-sudo dscl localhost -createprop /Local/Default/Users/ossecr PrimaryGroupID 600
-sudo dscl localhost -createprop /Local/Default/Users/ossecr Password "*"
+
+if [[ $(dscl . -read /Users/ossecm) ]]
+ then
+ echo "ossecm already exists";
+else
+ sudo ${DSCL} localhost -create /Local/Default/Users/ossecm
+ check_errm "Error creating user ossecm" "87"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm RecordName ossecm
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm RealName "ossecmacct"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm NFSHomeDirectory /var/ossec
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm UniqueID ${j}
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm PrimaryGroupID ${new_gid}
+ sudo ${DSCL} localhost -append /Local/Default/Groups/ossec GroupMembership ossecm
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecm Password "*"
+fi
+
+if [[ $(dscl . -read /Users/ossecr) ]]
+ then
+ echo "ossecr already exists";
+else
+ sudo ${DSCL} localhost -create /Local/Default/Users/ossecr
+ check_errm "Error creating user ossecr" "97"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr RecordName ossecr
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr RealName "ossecracct"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr NFSHomeDirectory /var/ossec
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr UniqueID ${k}
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr PrimaryGroupID ${new_gid}
+ sudo ${DSCL} localhost -append /Local/Default/Groups/ossec GroupMembership ossecr
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossecr Password "*"
+fi
+
+if [[ $(dscl . -read /Users/ossec) ]]
+ then
+ echo "ossec already exists";
+else
+ sudo ${DSCL} localhost -create /Local/Default/Users/ossec
+ check_errm "Error creating user ossec" "77"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec RecordName ossec
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec RealName "ossecacct"
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec NFSHomeDirectory /var/ossec
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec UniqueID ${new_uid}
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec PrimaryGroupID ${new_gid}
+ sudo ${DSCL} localhost -append /Local/Default/Groups/ossec GroupMembership ossec
+ sudo ${DSCL} localhost -createprop /Local/Default/Users/ossec Password "*"
+fi
+
diff --git a/src/init/update.sh b/src/init/update.sh
index bcbf299..0e0b078 100755
--- a/src/init/update.sh
+++ b/src/init/update.sh
@@ -46,10 +46,10 @@ doUpdatecleanup()
fi
# Checking if the directory is valid.
- local _dir_pattern="^/[-a-zA-Z0-9/\.-]{3,128}$"
- echo $DIRECTORY | grep -E "$_dir_pattern" > /dev/null 2>&1
+ _dir_pattern_update="^/[-a-zA-Z0-9/\.-]{3,128}$"
+ echo $DIRECTORY | grep -E "$_dir_pattern_update" > /dev/null 2>&1
if [ ! $? = 0 ]; then
- echo "# ($FUNCNAME) ERROR: directory name ($DIRECTORY) doesn't match the pattern $_dir_pattern" 1>&2
+ echo "# ($FUNCNAME) ERROR: directory name ($DIRECTORY) doesn't match the pattern $_dir_pattern_update" 1>&2
echo "${FALSE}"
return 1;
fi
@@ -133,10 +133,13 @@ UpdateOSSECRules()
cp -pr ${OSSEC_CONF_FILE} "${OSSEC_CONF_FILE}.$$.bak"
# Getting rid of old rules entries
- grep -Ev "</*rules>|<include>|<list>|rules global entry" ${OSSEC_CONF_FILE} > "${OSSEC_CONF_FILE}.$$.tmp"
+ grep -Ev "</*rules>|<include>|<list>|<decoder>|<decoder_dir|<rule_dir>|rules global entry" ${OSSEC_CONF_FILE} > "${OSSEC_CONF_FILE}.$$.tmp"
+
+ # Customer decoder, decoder_dir, rule_dir are carried over during upgrade
+ grep -E '<decoder>|<decoder_dir|<rule_dir>' ${OSSEC_CONF_FILE} | grep -v '<!--' >> "${OSSEC_CONF_FILE}.$$.tmp2"
# Check for custom files that may have been added in <rules> element
- for i in $(grep -E '<include>|<list>' ${OSSEC_CONF_FILE} | grep -v '<!--')
+ for i in `grep -E '<include>|<list>' ${OSSEC_CONF_FILE} | grep -v '<!--'`
do
grep "$i" ${RULES_TEMPLATE}>/dev/null || echo " $i" >> "${OSSEC_CONF_FILE}.$$.tmp2"
done
diff --git a/src/logcollector/._COPYRIGHT b/src/logcollector/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._COPYRIGHT and /dev/null differ
diff --git a/src/logcollector/._Makefile b/src/logcollector/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._Makefile and /dev/null differ
diff --git a/src/logcollector/._VERSION b/src/logcollector/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._VERSION and /dev/null differ
diff --git a/src/logcollector/._config.c b/src/logcollector/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._config.c and /dev/null differ
diff --git a/src/logcollector/._logcollector.c b/src/logcollector/._logcollector.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._logcollector.c and /dev/null differ
diff --git a/src/logcollector/._logcollector.h b/src/logcollector/._logcollector.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._logcollector.h and /dev/null differ
diff --git a/src/logcollector/._main.c b/src/logcollector/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._main.c and /dev/null differ
diff --git a/src/logcollector/._read_command.c b/src/logcollector/._read_command.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_command.c and /dev/null differ
diff --git a/src/logcollector/._read_djb_multilog.c b/src/logcollector/._read_djb_multilog.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_djb_multilog.c and /dev/null differ
diff --git a/src/logcollector/._read_fullcommand.c b/src/logcollector/._read_fullcommand.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_fullcommand.c and /dev/null differ
diff --git a/src/logcollector/._read_mssql_log.c b/src/logcollector/._read_mssql_log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_mssql_log.c and /dev/null differ
diff --git a/src/logcollector/._read_multiline.c b/src/logcollector/._read_multiline.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_multiline.c and /dev/null differ
diff --git a/src/logcollector/._read_mysql_log.c b/src/logcollector/._read_mysql_log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_mysql_log.c and /dev/null differ
diff --git a/src/logcollector/._read_nmapg.c b/src/logcollector/._read_nmapg.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_nmapg.c and /dev/null differ
diff --git a/src/logcollector/._read_ossecalert.c b/src/logcollector/._read_ossecalert.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_ossecalert.c and /dev/null differ
diff --git a/src/logcollector/._read_postgresql_log.c b/src/logcollector/._read_postgresql_log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_postgresql_log.c and /dev/null differ
diff --git a/src/logcollector/._read_snortfull.c b/src/logcollector/._read_snortfull.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_snortfull.c and /dev/null differ
diff --git a/src/logcollector/._read_syslog.c b/src/logcollector/._read_syslog.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_syslog.c and /dev/null differ
diff --git a/src/logcollector/._read_win_el.c b/src/logcollector/._read_win_el.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/logcollector/._read_win_el.c and /dev/null differ
diff --git a/src/logcollector/config.c b/src/logcollector/config.c
index fb66216..8e1aee3 100755
--- a/src/logcollector/config.c
+++ b/src/logcollector/config.c
@@ -10,12 +10,12 @@
* Foundation
*/
-/* v0.3 (2005/08/23): Using the new OS_XML syntax and changing some usage
+/* v0.3 (2005/08/23): Using the new OS_XML syntax and changing some usage
* v0.2 (2005/01/17)
*/
-
-#include "shared.h"
+
+#include "shared.h"
#include "logcollector.h"
@@ -38,7 +38,7 @@ int LogCollectorConfig(char * cfgfile, int accept_remote)
if(ReadConfig(modules, cfgfile, &log_config, NULL) < 0)
return(OS_INVALID);
-
+
#ifdef CLIENT
modules|= CAGENT_CONFIG;
log_config.agent_cfg = 1;
@@ -46,7 +46,7 @@ int LogCollectorConfig(char * cfgfile, int accept_remote)
log_config.agent_cfg = 0;
#endif
- logff = log_config.config;
+ logff = log_config.config;
return(1);
diff --git a/src/logcollector/logcollector.c b/src/logcollector/logcollector.c
index 937990b..e456467 100755
--- a/src/logcollector/logcollector.c
+++ b/src/logcollector/logcollector.c
@@ -49,18 +49,18 @@ void LogCollectorStart()
char keepalive[1024];
-
+
/* To check for inode changes */
struct stat tmp_stat;
-
-
+
+
#ifndef WIN32
-
+
int int_error = 0;
struct timeval fp_timeout;
-
+
#else
-
+
/* Checking if we are on vista. */
checkVista();
@@ -70,12 +70,12 @@ void LogCollectorStart()
{
win_read_vista_sec();
}
-
+
#endif
debug1("%s: DEBUG: Entering LogCollectorStart().", ARGV0);
-
-
+
+
/* Initializing each file and structure */
for(i = 0;;i++)
{
@@ -88,7 +88,7 @@ void LogCollectorStart()
{
if(logff[r].file && strcmp(logff[i].file, logff[r].file) == 0)
{
- merror("%s: WARN: Duplicated log file given: '%s'.",
+ merror("%s: WARN: Duplicated log file given: '%s'.",
ARGV0, logff[i].file);
logff[i].file = NULL;
logff[i].command = NULL;
@@ -102,14 +102,14 @@ void LogCollectorStart()
{
/* do nothing, duplicated entry. */
}
-
+
else if(strcmp(logff[i].logformat,"eventlog") == 0)
{
#ifdef WIN32
-
+
verbose(READING_EVTLOG, ARGV0, logff[i].file);
win_startel(logff[i].file);
-
+
#endif
logff[i].file = NULL;
logff[i].command = NULL;
@@ -135,7 +135,7 @@ void LogCollectorStart()
}
else
{
- merror("%s: ERROR: Missing command argument. Ignoring it.",
+ merror("%s: ERROR: Missing command argument. Ignoring it.",
ARGV0);
}
}
@@ -156,16 +156,16 @@ void LogCollectorStart()
else
{
merror("%s: ERROR: Missing command argument. Ignoring it.",
- ARGV0);
+ ARGV0);
}
}
-
+
else
{
logff[i].command = NULL;
- /* Initializing the files */
+ /* Initializing the files */
if(logff[i].ffile)
{
/* Day must be zero for all files to be initialized */
@@ -178,26 +178,26 @@ void LogCollectorStart()
{
ErrorExit(PARSE_ERROR, ARGV0, logff[i].ffile);
}
-
+
}
else
{
handle_file(i, 1, 1);
}
-
+
verbose(READING_FILE, ARGV0, logff[i].file);
-
+
/* Getting the log type */
if(strcmp("snort-full", logff[i].logformat) == 0)
{
logff[i].read = (void *)read_snortfull;
}
- #ifndef WIN32
+ #ifndef WIN32
if(strcmp("ossecalert", logff[i].logformat) == 0)
{
logff[i].read = (void *)read_ossecalert;
}
- #endif
+ #endif
else if(strcmp("nmapg", logff[i].logformat) == 0)
{
logff[i].read = (void *)read_nmapg;
@@ -266,7 +266,7 @@ void LogCollectorStart()
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
max_file = i -1;
@@ -275,8 +275,8 @@ void LogCollectorStart()
{
max_file = 0;
}
-
-
+
+
/* Daemon loop */
while(1)
{
@@ -284,7 +284,7 @@ void LogCollectorStart()
fp_timeout.tv_sec = loop_timeout;
fp_timeout.tv_usec = 0;
- /* Waiting for the select timeout */
+ /* Waiting for the select timeout */
if ((r = select(0, NULL, NULL, NULL, &fp_timeout)) < 0)
{
merror(SELECT_ERROR, ARGV0);
@@ -297,18 +297,18 @@ void LogCollectorStart()
continue;
}
#else
-
+
/* Windows don't like select that way */
sleep(loop_timeout + 2);
-
+
/* Check for messages in the event viewer */
win_readel();
#endif
-
+
f_check++;
-
+
/* Checking which file is available */
for(i = 0; i <= max_file; i++)
{
@@ -396,7 +396,7 @@ void LogCollectorStart()
logff[i].ign++;
continue;
}
-
+
#ifdef WIN32
logff[i].read(i, &r, 1);
#endif
@@ -408,19 +408,19 @@ void LogCollectorStart()
}
}
-
+
/* Only check bellow if check > VCHECK_FILES */
if(f_check <= VCHECK_FILES)
continue;
-
+
/* Send keep alive message */
rand_keepalive_str(keepalive, 700);
SendMSG(logr_queue, keepalive, "ossec-keepalive", LOCALFILE_MQ);
- /* Zeroing f_check */
+ /* Zeroing f_check */
f_check = 0;
@@ -430,8 +430,8 @@ void LogCollectorStart()
/* These are the windows logs or ignored files */
if(!logff[i].file)
continue;
-
-
+
+
/* Files with date -- check for day change */
if(logff[i].ffile)
{
@@ -456,8 +456,8 @@ void LogCollectorStart()
continue;
}
}
-
-
+
+
/* Check for file change -- if the file is open already */
if(logff[i].fp)
{
@@ -466,7 +466,7 @@ void LogCollectorStart()
{
fclose(logff[i].fp);
logff[i].fp = NULL;
-
+
merror(FILE_ERROR, ARGV0, logff[i].file);
}
@@ -506,21 +506,21 @@ void LogCollectorStart()
snprintf(msg_alert, 512, "ossec: File rotated (inode "
"changed): '%s'.",
logff[i].file);
-
+
/* Send message about log rotated */
- SendMSG(logr_queue, msg_alert,
+ SendMSG(logr_queue, msg_alert,
"ossec-logcollector", LOCALFILE_MQ);
-
+
debug1("%s: DEBUG: File inode changed. %s",
ARGV0, logff[i].file);
-
+
fclose(logff[i].fp);
#ifdef WIN32
CloseHandle(logff[i].h);
CloseHandle(h1);
#endif
-
+
logff[i].fp = NULL;
handle_file(i, 0, 1);
continue;
@@ -536,11 +536,11 @@ void LogCollectorStart()
snprintf(msg_alert, 512, "ossec: File size reduced "
"(inode remained): '%s'.",
logff[i].file);
-
+
/* Send message about log rotated */
- SendMSG(logr_queue, msg_alert,
+ SendMSG(logr_queue, msg_alert,
"ossec-logcollector", LOCALFILE_MQ);
-
+
debug1("%s: DEBUG: File size reduced. %s",
ARGV0, logff[i].file);
@@ -556,7 +556,7 @@ void LogCollectorStart()
CloseHandle(logff[i].h);
CloseHandle(h1);
#endif
-
+
logff[i].fp = NULL;
handle_file(i, 1, 1);
}
@@ -567,9 +567,9 @@ void LogCollectorStart()
}
#endif
}
-
-
- /* Too many errors for the file */
+
+
+ /* Too many errors for the file */
if(logff[i].ign > open_file_attempts)
{
/* 999 Maximum ignore */
@@ -577,7 +577,7 @@ void LogCollectorStart()
{
continue;
}
-
+
merror(LOGC_FILE_ERROR, ARGV0, logff[i].file);
if(logff[i].fp)
{
@@ -586,7 +586,7 @@ void LogCollectorStart()
CloseHandle(logff[i].h);
#endif
}
-
+
logff[i].fp = NULL;
@@ -603,9 +603,9 @@ void LogCollectorStart()
logff[i].ign = 999;
continue;
}
-
-
- /* File not opened */
+
+
+ /* File not opened */
if(!logff[i].fp)
{
if(logff[i].ign >= 999)
@@ -631,13 +631,13 @@ int update_fname(int i)
{
struct tm *p;
time_t __ctime = time(0);
-
+
char lfile[OS_FLSIZE + 1];
size_t ret;
p = localtime(&__ctime);
-
+
/* Handle file */
if(p->tm_mday == _cday)
@@ -652,17 +652,17 @@ int update_fname(int i)
{
ErrorExit(PARSE_ERROR, ARGV0, logff[i].ffile);
}
-
-
+
+
/* Update the file name */
if(strcmp(lfile, logff[i].file) != 0)
{
os_free(logff[i].file);
- os_strdup(lfile, logff[i].file);
+ os_strdup(lfile, logff[i].file);
verbose(VAR_LOG_MON, ARGV0, logff[i].file);
-
+
/* Setting cday to zero because other files may need
* to be changed.
*/
@@ -680,7 +680,7 @@ int handle_file(int i, int do_fseek, int do_log)
{
int fd;
struct stat stat_fd;
-
+
/* We must be able to open the file, fseek and get the
* time of change from it.
*/
@@ -703,10 +703,10 @@ int handle_file(int i, int do_fseek, int do_log)
logff[i].fp = NULL;
return(-1);
}
-
+
logff[i].fd = stat_fd.st_ino;
logff[i].size = stat_fd.st_size;
-
+
#else
BY_HANDLE_FILE_INFORMATION lpFileInformation;
@@ -771,7 +771,7 @@ int handle_file(int i, int do_fseek, int do_log)
}
#endif
}
-
+
/* Setting ignore to zero */
logff[i].ign = 0;
diff --git a/src/logcollector/main.c b/src/logcollector/main.c
index 8f5320b..fe143c2 100755
--- a/src/logcollector/main.c
+++ b/src/logcollector/main.c
@@ -12,9 +12,9 @@
/* v0.4 (2005/11/11): Some cleanup and bug fixes
- * v0.3 (2005/08/26): Reading all files in just one process
+ * v0.3 (2005/08/26): Reading all files in just one process
* v0.2 (2005/04/04):
- */
+ */
/* Logcollector daemon.
@@ -60,7 +60,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
{
@@ -90,10 +90,10 @@ int main(int argc, char **argv)
break;
case 't':
test_config = 1;
- break;
+ break;
default:
help(ARGV0);
- break;
+ break;
}
}
@@ -108,22 +108,22 @@ int main(int argc, char **argv)
/* Reading config file */
if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
-
-
+
+
/* Getting loop timeout */
loop_timeout = getDefine_Int("logcollector",
"loop_timeout",
1, 120);
-
+
open_file_attempts = getDefine_Int("logcollector", "open_attempts",
2, 998);
-
+
debug_flag = getDefine_Int("logcollector",
"debug",
0,2);
accept_manager_commands = getDefine_Int("logcollector", "remote_commands",
0, 1);
-
+
/* Getting debug values */
while(debug_flag != 0)
{
@@ -135,7 +135,7 @@ int main(int argc, char **argv)
/* Exit if test config */
if(test_config)
exit(0);
-
+
/* No file available to monitor -- continue */
if(logff == NULL)
@@ -150,13 +150,13 @@ int main(int argc, char **argv)
merror(NO_FILE, ARGV0);
}
-
+
/* Starting signal handler */
StartSIG(ARGV0);
- if (!run_foreground)
+ if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
@@ -168,21 +168,21 @@ int main(int argc, char **argv)
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR, ARGV0);
-
-
+
+
/* Waiting 6 seconds for the analysisd/agentd to settle */
debug1("%s: DEBUG: Waiting main daemons to settle.", ARGV0);
sleep(6);
-
-
+
+
/* Starting the queue. */
if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
- /* Main loop */
+ /* Main loop */
LogCollectorStart();
-
+
return(0);
}
diff --git a/src/logcollector/read_command.c b/src/logcollector/read_command.c
index 4c66af4..f1de982 100755
--- a/src/logcollector/read_command.c
+++ b/src/logcollector/read_command.c
@@ -44,9 +44,9 @@ void *read_command(int pos, int *rc, int drop_it)
}
- snprintf(str, 256, "ossec: output: '%s': ",
- (NULL != logff[pos].alias)
- ? logff[pos].alias
+ snprintf(str, 256, "ossec: output: '%s': ",
+ (NULL != logff[pos].alias)
+ ? logff[pos].alias
: logff[pos].command);
cmd_size = strlen(str);
@@ -54,7 +54,7 @@ void *read_command(int pos, int *rc, int drop_it)
while(fgets(str + cmd_size, OS_MAXSTR - OS_LOG_HEADER - 256, cmd_output) != NULL)
{
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
}
@@ -70,11 +70,11 @@ void *read_command(int pos, int *rc, int drop_it)
{
continue;
}
-
-
+
+
debug2("%s: DEBUG: Reading command message: '%s'", ARGV0, str);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -95,7 +95,7 @@ void *read_command(int pos, int *rc, int drop_it)
pclose(cmd_output);
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_djb_multilog.c b/src/logcollector/read_djb_multilog.c
index 7c5188d..be4f56f 100755
--- a/src/logcollector/read_djb_multilog.c
+++ b/src/logcollector/read_djb_multilog.c
@@ -24,8 +24,8 @@
char *(djb_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
"Sep","Oct","Nov","Dec"};
-char djb_host[512 +1];
-
+char djb_host[512 +1];
+
/* Initializes multilog. */
@@ -58,7 +58,7 @@ int init_djbmultilog(int pos)
#else
strncpy(djb_host, "win32", 512 -1);
#endif
-
+
/* Multilog must be in the following format: /path/program_name/current */
@@ -66,7 +66,7 @@ int init_djbmultilog(int pos)
if(!tmp_str)
return(0);
-
+
/* Must end with /current and must not be in the beginning of the string. */
if((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file))
{
@@ -85,7 +85,7 @@ int init_djbmultilog(int pos)
return(0);
}
-
+
os_strdup(djbp_name+1, logff[pos].djb_program_name);
tmp_str[0] = '/';
@@ -117,19 +117,19 @@ void *read_djbmultilog(int pos, int *rc, int drop_it)
{
return(NULL);
}
-
+
/* Getting new entry */
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
-
+
/* Getting buffer size */
str_len = strlen(str);
-
+
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
@@ -144,13 +144,13 @@ void *read_djbmultilog(int pos, int *rc, int drop_it)
{
need_clear = 1;
}
-
-
+
+
/* Multilog messages have the following format:
* @40000000463246020c2ca16c xx...
*/
if((str_len > 26) &&
- (str[0] == '@') &&
+ (str[0] == '@') &&
isalnum((int)str[1]) &&
isalnum((int)str[2]) &&
isalnum((int)str[3]) &&
@@ -163,11 +163,11 @@ void *read_djbmultilog(int pos, int *rc, int drop_it)
{
p++;
}
-
-
+
+
/* If message has a valid syslog header, send as is. */
if((str_len > 44) &&
- (p[3] == ' ') &&
+ (p[3] == ' ') &&
(p[6] == ' ') &&
(p[9] == ':') &&
(p[12] == ':') &&
@@ -199,18 +199,18 @@ void *read_djbmultilog(int pos, int *rc, int drop_it)
p);
}
}
-
-
+
+
else
{
debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str);
continue;
}
-
-
+
+
debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -223,11 +223,11 @@ void *read_djbmultilog(int pos, int *rc, int drop_it)
}
}
}
-
+
continue;
}
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_fullcommand.c b/src/logcollector/read_fullcommand.c
index 0979e6a..c79eb22 100755
--- a/src/logcollector/read_fullcommand.c
+++ b/src/logcollector/read_fullcommand.c
@@ -48,8 +48,8 @@ void *read_fullcommand(int pos, int *rc, int drop_it)
snprintf(str, 256, "ossec: output: '%s':\n",
- (NULL != logff[pos].alias)
- ? logff[pos].alias
+ (NULL != logff[pos].alias)
+ ? logff[pos].alias
: logff[pos].command);
cmd_size = strlen(str);
@@ -59,12 +59,12 @@ void *read_fullcommand(int pos, int *rc, int drop_it)
str[cmd_size +n] = '\0';
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
}
-
+
debug2("%s: DEBUG: Reading command message: '%s'", ARGV0, str);
/* Removing empty lines. */
@@ -88,7 +88,7 @@ void *read_fullcommand(int pos, int *rc, int drop_it)
}
strfinal[n] = '\0';
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -107,7 +107,7 @@ void *read_fullcommand(int pos, int *rc, int drop_it)
pclose(cmd_output);
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_mssql_log.c b/src/logcollector/read_mssql_log.c
index 1e85459..ae685bb 100755
--- a/src/logcollector/read_mssql_log.c
+++ b/src/logcollector/read_mssql_log.c
@@ -21,7 +21,7 @@
-/* Send mssql message and check the return code.
+/* Send mssql message and check the return code.
*/
void __send_mssql_msg(int pos, int drop_it, char *buffer)
{
@@ -53,7 +53,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
/* Zeroing buffer and str */
buffer[0] = '\0';
- buffer[OS_MAXSTR] = '\0';
+ buffer[OS_MAXSTR] = '\0';
str[OS_MAXSTR]= '\0';
*rc = 0;
@@ -61,20 +61,20 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
/* Getting new entry */
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
-
+
/* Getting buffer size */
str_len = strlen(str);
-
+
/* Checking str_len size. Very useless, but just to make sure.. */
if(str_len >= sizeof(buffer) -2)
{
str_len = sizeof(buffer) -10;
}
-
+
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
@@ -89,8 +89,8 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
{
need_clear = 1;
}
-
-
+
+
#ifdef WIN32
if ((p = strrchr(str, '\r')) != NULL)
{
@@ -112,7 +112,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
}
#endif
-
+
/* MSSQL messages have the following formats:
* 2009-03-25 04:47:30.01 Server
@@ -120,17 +120,17 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
* 2009-02-06 11:48:59 Server
*/
if((str_len > 19) &&
- (str[4] == '-') &&
- (str[7] == '-') &&
- (str[10] == ' ') &&
- (str[13] == ':') &&
- (str[16] == ':') &&
+ (str[4] == '-') &&
+ (str[7] == '-') &&
+ (str[10] == ' ') &&
+ (str[13] == ':') &&
+ (str[16] == ':') &&
isdigit((int)str[0]) &&
isdigit((int)str[1]) &&
isdigit((int)str[2]) &&
isdigit((int)str[3]))
{
-
+
/* If the saved message is empty, set it and continue. */
if(buffer[0] == '\0')
{
@@ -148,8 +148,8 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
strncpy(buffer, str, str_len + 2);
}
}
-
-
+
+
/* Query logs can be in multiple lines.
* They always start with a tab in the additional ones.
*/
@@ -157,16 +157,16 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
{
/* Size of the buffer */
int buffer_len = strlen(buffer);
-
+
p = str;
-
+
/* Removing extra spaces and tabs */
while(*p == ' ' || *p == '\t')
{
p++;
}
-
-
+
+
/* Adding additional message to the saved buffer. */
if(sizeof(buffer) - buffer_len > str_len +256)
{
@@ -179,7 +179,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
strncat(buffer, str, str_len +3);
}
}
-
+
continue;
}
@@ -189,8 +189,8 @@ void *read_mssql_log(int pos, int *rc, int drop_it)
{
__send_mssql_msg(pos, drop_it, buffer);
}
-
- return(NULL);
+
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_multiline.c b/src/logcollector/read_multiline.c
index d7070ad..02d357e 100755
--- a/src/logcollector/read_multiline.c
+++ b/src/logcollector/read_multiline.c
@@ -46,11 +46,11 @@ void *read_multiline(int pos, int *rc, int drop_it)
linesgot++;
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
}
-
+
/* If we didn't get the new line, because the
* size is large, send what we got so far.
*/
@@ -65,17 +65,17 @@ void *read_multiline(int pos, int *rc, int drop_it)
debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str);
fsetpos(logff[pos].fp, &fp_pos);
break;
- }
-
+ }
+
#ifdef WIN32
if ((p = strrchr(str, '\r')) != NULL)
{
*p = '\0';
}
#endif
-
+
debug2("%s: DEBUG: Reading message: '%s'", ARGV0, str);
-
+
/* Adding to buffer. */
buffer_size = strlen(buffer);
@@ -87,12 +87,12 @@ void *read_multiline(int pos, int *rc, int drop_it)
strncpy(buffer + buffer_size, str, OS_MAXSTR - buffer_size -2);
-
+
if(linesgot < linecount)
{
continue;
}
-
+
/* Sending message to queue */
if(drop_it == 0)
@@ -125,12 +125,12 @@ void *read_multiline(int pos, int *rc, int drop_it)
}
__ms = 0;
}
-
+
fgetpos(logff[pos].fp, &fp_pos);
continue;
}
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_mysql_log.c b/src/logcollector/read_mysql_log.c
index bab58ee..7d76d56 100755
--- a/src/logcollector/read_mysql_log.c
+++ b/src/logcollector/read_mysql_log.c
@@ -41,13 +41,13 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
/* Getting new entry */
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
-
+
/* Getting buffer size */
str_len = strlen(str);
-
+
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
@@ -62,8 +62,8 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
{
need_clear = 1;
}
-
-
+
+
#ifdef WIN32
if ((p = strrchr(str, '\r')) != NULL)
{
@@ -85,14 +85,14 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
}
#endif
-
+
/* Mysql messages have the following format:
* 070823 21:01:30 xx
*/
if((str_len > 18) &&
- (str[6] == ' ') &&
- (str[9] == ':') &&
- (str[12] == ':') &&
+ (str[6] == ' ') &&
+ (str[9] == ':') &&
+ (str[12] == ':') &&
isdigit((int)str[0]) &&
isdigit((int)str[1]) &&
isdigit((int)str[2]) &&
@@ -106,21 +106,21 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
strncpy(__mysql_last_time, str, 16);
__mysql_last_time[15] = '\0';
-
+
/* Removing spaces and tabs */
p = str + 15;
while(*p == ' ' || *p == '\t')
{
p++;
}
-
-
+
+
/* Valid MySQL message */
- snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
+ snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
__mysql_last_time, p);
}
-
-
+
+
/* Multiple events at the same second share the same
* time stamp.
* 0909 2020 2020 2020 20
@@ -143,20 +143,20 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
{
p++;
}
-
- /* Valid MySQL message */
- snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
- __mysql_last_time, p);
+
+ /* Valid MySQL message */
+ snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
+ __mysql_last_time, p);
}
else
{
continue;
}
-
-
+
+
debug2("%s: DEBUG: Reading mysql messages: '%s'", ARGV0, buffer);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -169,11 +169,11 @@ void *read_mysql_log(int pos, int *rc, int drop_it)
}
}
}
-
+
continue;
}
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_nmapg.c b/src/logcollector/read_nmapg.c
index eb7f1cc..c233488 100755
--- a/src/logcollector/read_nmapg.c
+++ b/src/logcollector/read_nmapg.c
@@ -28,7 +28,7 @@ static char *__get_port(char *str, char *proto, char *port, int msize);
-/* Get port and protocol.
+/* Get port and protocol.
*/
static char *__get_port(char *str, char *proto, char *port, int msize)
{
@@ -42,7 +42,7 @@ static char *__get_port(char *str, char *proto, char *port, int msize)
str++;
}
-
+
/* Getting port */
p = strchr(str, '/');
if(!p)
@@ -50,13 +50,13 @@ static char *__get_port(char *str, char *proto, char *port, int msize)
*p = '\0';
p++;
-
+
/* Getting port */
strncpy(port, str, msize);
port[msize -1] = '\0';
-
-
+
+
/* Checking if the port is open */
q = __go_after(p, NMAPG_OPEN);
if(!q)
@@ -70,14 +70,14 @@ static char *__get_port(char *str, char *proto, char *port, int msize)
p = strchr(q, '/');
if(!p)
return(NULL);
- p++;
+ p++;
}
else
{
p = q;
}
-
-
+
+
/* Getting protocol */
str = p;
@@ -89,16 +89,16 @@ static char *__get_port(char *str, char *proto, char *port, int msize)
*p = '\0';
p++;
-
+
strncpy(proto, str, msize);
proto[msize -1] = '\0';
-
-
+
+
/* Setting proto to null if port is not open */
if(filtered)
- proto[0] = '\0';
-
-
+ proto[0] = '\0';
+
+
/* Removing slashes */
if(*p == '/')
{
@@ -113,7 +113,7 @@ static char *__get_port(char *str, char *proto, char *port, int msize)
return(q);
}
-
+
return(NULL);
}
@@ -128,7 +128,7 @@ static char *__go_after(char *x, char *y)
/* X and Y must be not null */
if(!x || !y)
return(NULL);
-
+
x_s = strlen(x);
y_s = strlen(y);
@@ -154,7 +154,7 @@ void *read_nmapg(int pos, int *rc, int drop_it)
{
int final_msg_s;
int need_clear = 0;
-
+
char str[OS_MAXSTR + 1];
char final_msg[OS_MAXSTR + 1];
char buffer[OS_MAXSTR + 1];
@@ -164,7 +164,7 @@ void *read_nmapg(int pos, int *rc, int drop_it)
char *ip = NULL;
char *p;
char *q;
-
+
*rc = 0;
str[OS_MAXSTR] = '\0';
final_msg[OS_MAXSTR] = '\0';
@@ -184,7 +184,7 @@ void *read_nmapg(int pos, int *rc, int drop_it)
}
continue;
}
-
+
/* Removing \n at the end of the string */
if ((q = strchr(str, '\n')) != NULL)
{
@@ -195,22 +195,22 @@ void *read_nmapg(int pos, int *rc, int drop_it)
need_clear = 1;
}
-
+
/* Do not get commented lines */
if((str[0] == '#') || (str[0] == '\0'))
{
continue;
}
-
+
/* Getting host */
q = __go_after(str, NMAPG_HOST);
if(!q)
{
goto file_error;
}
-
-
+
+
/* Getting ip/hostname */
p = strchr(q, ')');
if(!p)
@@ -218,10 +218,10 @@ void *read_nmapg(int pos, int *rc, int drop_it)
goto file_error;
}
-
+
/* Setting the valid ip */
ip = q;
-
+
/* Getting the ports */
@@ -236,8 +236,8 @@ void *read_nmapg(int pos, int *rc, int drop_it)
/* Now fixing p, to have the closing parenthesis */
p++;
*p = '\0';
-
-
+
+
/* q now should point to the ports */
p = __go_after(q, NMAPG_PORT);
if(!p)
@@ -257,7 +257,7 @@ void *read_nmapg(int pos, int *rc, int drop_it)
snprintf(final_msg, OS_MAXSTR, "Host: %s, open ports:",
ip);
final_msg_s = OS_MAXSTR - ((strlen(final_msg) +3));
-
+
/* Getting port and protocol */
do
@@ -267,7 +267,7 @@ void *read_nmapg(int pos, int *rc, int drop_it)
{
break;
}
-
+
p = __get_port(p, proto, port, 9);
if(!p)
{
@@ -275,26 +275,26 @@ void *read_nmapg(int pos, int *rc, int drop_it)
break;
}
-
+
/* Port not open */
if(proto[0] == '\0')
{
continue;
}
-
+
/* Adding ports */
snprintf(buffer, OS_MAXSTR, " %s(%s)", port, proto);
strncat(final_msg, buffer, final_msg_s);
final_msg_s-=(strlen(buffer) +2);
-
+
}while(*p == ',' && (p++));
-
+
if(drop_it == 0)
- {
+ {
/* Sending message to queue */
- if(SendMSG(logr_queue, final_msg, logff[pos].file,
+ if(SendMSG(logr_queue, final_msg, logff[pos].file,
HOSTINFO_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
@@ -305,21 +305,21 @@ void *read_nmapg(int pos, int *rc, int drop_it)
}
}
-
+
/* Getting next */
continue;
-
+
/* Handling errors */
file_error:
-
+
merror("%s: Bad formated nmap grepable file.", ARGV0);
*rc = -1;
return(NULL);
-
+
}
-
+
return(NULL);
}
diff --git a/src/logcollector/read_ossecalert.c b/src/logcollector/read_ossecalert.c
index ade6ea9..5b669dd 100755
--- a/src/logcollector/read_ossecalert.c
+++ b/src/logcollector/read_ossecalert.c
@@ -25,7 +25,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
alert_data *al_data;
char user_msg[256];
char srcip_msg[256];
-
+
char syslog_msg[OS_SIZE_2048 +1];
al_data = GetAlertData(0, logff[pos].fp);
@@ -40,7 +40,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
/* Adding source ip. */
- if(!al_data->srcip ||
+ if(!al_data->srcip ||
((al_data->srcip[0] == '(') &&
(al_data->srcip[1] == 'n') &&
(al_data->srcip[2] == 'o')))
@@ -54,7 +54,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
/* Adding username. */
- if(!al_data->user ||
+ if(!al_data->user ||
((al_data->user[0] == '(') &&
(al_data->user[1] == 'n') &&
(al_data->user[2] == 'o')))
@@ -74,7 +74,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
"ossec: Alert Level: %d; Rule: %d - %s; "
"Location: %s;%s%s %s",
al_data->level, al_data->rule, al_data->comment,
- al_data->location,
+ al_data->location,
srcip_msg,
user_msg,
al_data->log[0]);
@@ -83,7 +83,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
{
char *tmp_msg = NULL;
short int j = 0;
-
+
while(al_data->log[j] != NULL)
{
tmp_msg = os_LoadString(tmp_msg, al_data->log[j]);
@@ -101,12 +101,12 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
tmp_msg[1595] = '.';
tmp_msg[1596] = '.';
tmp_msg[1597] = '\0';
- }
+ }
snprintf(syslog_msg, OS_SIZE_2048,
"ossec: Alert Level: %d; Rule: %d - %s; "
"Location: %s;%s%s %s",
al_data->level, al_data->rule, al_data->comment,
- al_data->location,
+ al_data->location,
srcip_msg,
user_msg,
tmp_msg);
@@ -117,7 +117,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
FreeAlertData(al_data);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -131,7 +131,7 @@ void *read_ossecalert(int pos, int *rc, int drop_it)
}
}
- return(NULL);
+ return(NULL);
}
diff --git a/src/logcollector/read_postgresql_log.c b/src/logcollector/read_postgresql_log.c
index 5e88395..ba29919 100755
--- a/src/logcollector/read_postgresql_log.c
+++ b/src/logcollector/read_postgresql_log.c
@@ -21,7 +21,7 @@
-/* Send pgsql message and check the return code.
+/* Send pgsql message and check the return code.
*/
void __send_pgsql_msg(int pos, int drop_it, char *buffer)
{
@@ -53,7 +53,7 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
/* Zeroing buffer and str */
buffer[0] = '\0';
- buffer[OS_MAXSTR] = '\0';
+ buffer[OS_MAXSTR] = '\0';
str[OS_MAXSTR]= '\0';
*rc = 0;
@@ -61,20 +61,20 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
/* Getting new entry */
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
-
+
/* Getting buffer size */
str_len = strlen(str);
-
+
/* Checking str_len size. Very useless, but just to make sure.. */
if(str_len >= sizeof(buffer) -2)
{
str_len = sizeof(buffer) -10;
}
-
+
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
@@ -89,8 +89,8 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
{
need_clear = 1;
}
-
-
+
+
#ifdef WIN32
if ((p = strrchr(str, '\r')) != NULL)
{
@@ -112,22 +112,22 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
}
#endif
-
+
/* PostgreSQL messages have the following format:
* [2007-08-31 19:17:32.186 ADT] 192.168.2.99:db_name
*/
if((str_len > 32) &&
- (str[0] == '[') &&
- (str[5] == '-') &&
- (str[8] == '-') &&
- (str[11] == ' ') &&
- (str[14] == ':') &&
- (str[17] == ':') &&
+ (str[0] == '[') &&
+ (str[5] == '-') &&
+ (str[8] == '-') &&
+ (str[11] == ' ') &&
+ (str[14] == ':') &&
+ (str[17] == ':') &&
isdigit((int)str[1]) &&
isdigit((int)str[12]))
{
-
+
/* If the saved message is empty, set it and continue. */
if(buffer[0] == '\0')
{
@@ -145,8 +145,8 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
strncpy(buffer, str, str_len + 2);
}
}
-
-
+
+
/* Query logs can be in multiple lines.
* They always start with a tab in the additional ones.
*/
@@ -155,16 +155,16 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
{
/* Size of the buffer */
int buffer_len = strlen(buffer);
-
+
p = str +1;
-
+
/* Removing extra spaces and tabs */
while(*p == ' ' || *p == '\t')
{
p++;
}
-
-
+
+
/* Adding additional message to the saved buffer. */
if(sizeof(buffer) - buffer_len > str_len +256)
{
@@ -177,7 +177,7 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
strncat(buffer, str, str_len +3);
}
}
-
+
continue;
}
@@ -187,8 +187,8 @@ void *read_postgresql_log(int pos, int *rc, int drop_it)
{
__send_pgsql_msg(pos, drop_it, buffer);
}
-
- return(NULL);
+
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_snortfull.c b/src/logcollector/read_snortfull.c
index 9c497c5..cbb3edc 100755
--- a/src/logcollector/read_snortfull.c
+++ b/src/logcollector/read_snortfull.c
@@ -23,15 +23,15 @@
void *read_snortfull(int pos, int *rc, int drop_it)
{
int f_msg_size = OS_MAXSTR;
-
+
char *one = "one";
char *two = "two";
-
+
char *p = NULL;
char *q;
char str[OS_MAXSTR + 1];
char f_msg[OS_MAXSTR +1];
-
+
*rc = 0;
str[OS_MAXSTR]='\0';
f_msg[OS_MAXSTR] = '\0';
@@ -76,7 +76,7 @@ void *read_snortfull(int pos, int *rc, int drop_it)
f_msg_size -= strlen(str)+1;
p = two;
}
-
+
/* If it is a preprocessor message, it will not have
* the classification.
*/
@@ -85,10 +85,10 @@ void *read_snortfull(int pos, int *rc, int drop_it)
strncat(f_msg, "[Classification: Preprocessor] "
"[Priority: 3] ", f_msg_size);
strncat(f_msg, ++q, f_msg_size -40);
-
+
/* Cleaning for next event */
p = NULL;
-
+
/* Sending the message */
if(drop_it == 0)
{
@@ -134,7 +134,7 @@ void *read_snortfull(int pos, int *rc, int drop_it)
}
}
}
-
+
f_msg[0] = '\0';
f_msg_size = OS_MAXSTR;
str[0] = '\0';
diff --git a/src/logcollector/read_syslog.c b/src/logcollector/read_syslog.c
index 84c804b..0d3024a 100755
--- a/src/logcollector/read_syslog.c
+++ b/src/logcollector/read_syslog.c
@@ -40,11 +40,11 @@ void *read_syslog(int pos, int *rc, int drop_it)
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
}
-
+
/* If we didn't get the new line, because the
* size is large, send what we got so far.
*/
@@ -59,8 +59,8 @@ void *read_syslog(int pos, int *rc, int drop_it)
debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str);
fsetpos(logff[pos].fp, &fp_pos);
break;
- }
-
+ }
+
#ifdef WIN32
if ((p = strrchr(str, '\r')) != NULL)
{
@@ -81,10 +81,10 @@ void *read_syslog(int pos, int *rc, int drop_it)
continue;
}
#endif
-
+
debug2("%s: DEBUG: Reading syslog message: '%s'", ARGV0, str);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
@@ -103,7 +103,7 @@ void *read_syslog(int pos, int *rc, int drop_it)
if(__ms)
{
// strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)
- // truncate str before logging to ossec.log
+ // truncate str before logging to ossec.log
#define OUTSIZE 4096
char buf[OUTSIZE + 1];
buf[OUTSIZE] = '\0';
@@ -119,12 +119,12 @@ void *read_syslog(int pos, int *rc, int drop_it)
}
__ms = 0;
}
-
+
fgetpos(logff[pos].fp, &fp_pos);
continue;
}
- return(NULL);
+ return(NULL);
}
/* EOF */
diff --git a/src/logcollector/read_win_el.c b/src/logcollector/read_win_el.c
index 3655825..8442f0e 100755
--- a/src/logcollector/read_win_el.c
+++ b/src/logcollector/read_win_el.c
@@ -10,9 +10,9 @@
* Foundation
*/
-
+
#include "shared.h"
-#include "logcollector.h"
+#include "logcollector.h"
/* This is only for windows */
@@ -47,18 +47,18 @@ void *dll_hash = NULL;
/** int startEL(char *app, os_el *el)
- * Starts the event logging for each el
+ * Starts the event logging for each el
*/
int startEL(char *app, os_el *el)
{
DWORD NumberOfRecords = 0;
-
+
/* Opening the event log */
el->h = OpenEventLog(NULL, app);
if(!el->h)
{
merror(EVTLOG_OPEN, ARGV0, app);
- return(-1);
+ return(-1);
}
el->name = app;
@@ -78,18 +78,18 @@ int startEL(char *app, os_el *el)
el->h = NULL;
return(-1);
}
-
+
if(NumberOfRecords <= 0)
{
return(0);
}
-
+
return((int)NumberOfRecords);
}
-/** char *el_getCategory(int category_id)
+/** char *el_getCategory(int category_id)
* Returns a string related to the category id of the log.
*/
char *el_getCategory(int category_id)
@@ -124,7 +124,7 @@ char *el_getCategory(int category_id)
/** char *el_getEventDLL(char *evt_name, char *source, char *event)
* Returns the event.
*/
-char *el_getEventDLL(char *evt_name, char *source, char *event)
+char *el_getEventDLL(char *evt_name, char *source, char *event)
{
char *ret_str;
HKEY key;
@@ -134,9 +134,9 @@ char *el_getEventDLL(char *evt_name, char *source, char *event)
keyname[511] = '\0';
- snprintf(keyname, 510,
- "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
- evt_name,
+ snprintf(keyname, 510,
+ "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
+ evt_name,
source);
@@ -148,16 +148,16 @@ char *el_getEventDLL(char *evt_name, char *source, char *event)
}
- /* Opening registry */
- if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0,
+ /* Opening registry */
+ if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0,
KEY_ALL_ACCESS, &key) != ERROR_SUCCESS)
{
- return(NULL);
+ return(NULL);
}
ret = MAX_PATH -1;
- if (RegQueryValueEx(key, "EventMessageFile", NULL,
+ if (RegQueryValueEx(key, "EventMessageFile", NULL,
NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS)
{
event[0] = '\0';
@@ -172,24 +172,24 @@ char *el_getEventDLL(char *evt_name, char *source, char *event)
skey = strdup(keyname + 42);
sval = strdup(event);
-
+
if(skey && sval)
{
- OSHash_Add(dll_hash, skey, sval);
+ OSHash_Add(dll_hash, skey, sval);
}
else
{
merror(MEM_ERROR, ARGV0);
}
}
-
+
RegCloseKey(key);
return(event);
}
-/** char *el_vista_getmessage()
+/** char *el_vista_getmessage()
* Returns a descriptive message of the event - Vista only.
*/
char *el_vista_getMessage(int evt_id_int, LPTSTR *el_sstring)
@@ -209,15 +209,15 @@ char *el_vista_getMessage(int evt_id_int, LPTSTR *el_sstring)
/* Getting descriptive message. */
evt_id[15] = '\0';
snprintf(evt_id, 15, "%d", evt_id_int);
-
+
desc_string = OSHash_Get(vista_sec_id_hash, evt_id);
if(!desc_string)
{
return(NULL);
}
-
- if(!FormatMessage(fm_flags, desc_string, 0, 0,
+
+ if(!FormatMessage(fm_flags, desc_string, 0, 0,
(LPTSTR) &message, 0, el_sstring))
{
return(NULL);
@@ -228,11 +228,11 @@ char *el_vista_getMessage(int evt_id_int, LPTSTR *el_sstring)
-/** char *el_getmessage()
+/** char *el_getmessage()
* Returns a descriptive message of the event.
*/
-char *el_getMessage(EVENTLOGRECORD *er, char *name,
- char * source, LPTSTR *el_sstring)
+char *el_getMessage(EVENTLOGRECORD *er, char *name,
+ char * source, LPTSTR *el_sstring)
{
DWORD fm_flags = 0;
char tmp_str[257];
@@ -258,12 +258,12 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
/* Get the file name from the registry (stored on event) */
if(!(curr_str = el_getEventDLL(name, source, event)))
{
- return(NULL);
- }
+ return(NULL);
+ }
- /* If our event has multiple libraries, try each one of them */
+ /* If our event has multiple libraries, try each one of them */
while((next_str = strchr(curr_str, ';')))
{
*next_str = '\0';
@@ -272,10 +272,10 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
/* Reverting back old value. */
*next_str = ';';
-
+
/* Loading library. */
- hevt = LoadLibraryEx(tmp_str, NULL,
+ hevt = LoadLibraryEx(tmp_str, NULL,
DONT_RESOLVE_DLL_REFERENCES |
LOAD_LIBRARY_AS_DATAFILE);
if(hevt)
@@ -283,7 +283,7 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
if(!FormatMessage(fm_flags, hevt, er->EventID, 0,
(LPTSTR) &message, 0, el_sstring))
{
- message = NULL;
+ message = NULL;
}
FreeLibrary(hevt);
@@ -296,20 +296,20 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
curr_str = next_str +1;
}
-
+
/* Getting last value. */
ExpandEnvironmentStrings(curr_str, tmp_str, 255);
- hevt = LoadLibraryEx(tmp_str, NULL,
+ hevt = LoadLibraryEx(tmp_str, NULL,
DONT_RESOLVE_DLL_REFERENCES |
LOAD_LIBRARY_AS_DATAFILE);
if(hevt)
{
- int hr;
- if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
+ int hr;
+ if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring)))
{
- message = NULL;
+ message = NULL;
}
FreeLibrary(hevt);
@@ -325,7 +325,7 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
/** void readel(os_el *el)
* Reads the event log.
- */
+ */
void readel(os_el *el, int printit)
{
DWORD _evtid = 65535;
@@ -353,7 +353,7 @@ void readel(os_el *el, int printit)
LPSTR el_sstring[OS_FLSIZE +1];
/* Er must point to the mbuffer */
- el->er = (EVENTLOGRECORD *) &mbuffer;
+ el->er = (EVENTLOGRECORD *) &mbuffer;
/* Zeroing the values */
el_string[OS_MAXSTR] = '\0';
@@ -370,8 +370,8 @@ void readel(os_el *el, int printit)
return;
}
- /* Reading the event log */
- while(ReadEventLog(el->h,
+ /* Reading the event log */
+ while(ReadEventLog(el->h,
EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
el->er, BUFFER_SIZE -1, &read, &needed))
@@ -383,7 +383,7 @@ void readel(os_el *el, int printit)
continue;
}
-
+
while(read > 0)
{
@@ -396,7 +396,7 @@ void readel(os_el *el, int printit)
/* Getting event id. */
id = (int)el->er->EventID & _evtid;
-
+
/* Initialing domain/user size */
@@ -431,7 +431,7 @@ void readel(os_el *el, int printit)
else
{
merror("%s: Invalid application string (size+)",
- ARGV0);
+ ARGV0);
}
size_left-=str_size + 2;
@@ -445,7 +445,7 @@ void readel(os_el *el, int printit)
if(sstr)
sstr++;
else
- break;
+ break;
}
/* Get a more descriptive message (if available) */
@@ -456,12 +456,12 @@ void readel(os_el *el, int printit)
else
{
- descriptive_msg = el_getMessage(el->er,
- el->name,
- source,
+ descriptive_msg = el_getMessage(el->er,
+ el->name,
+ source,
el_sstring);
}
-
+
if(descriptive_msg != NULL)
{
/* Remove any \n or \r */
@@ -469,7 +469,7 @@ void readel(os_el *el, int printit)
* So whenever we have option:\tvalue\t, it will
* become option: value\t
*/
- tmp_str = descriptive_msg;
+ tmp_str = descriptive_msg;
while(*tmp_str != '\0')
{
if(*tmp_str == '\n')
@@ -481,7 +481,7 @@ void readel(os_el *el, int printit)
tmp_str[1] = ' ';
tmp_str++;
}
-
+
tmp_str++;
}
}
@@ -496,13 +496,13 @@ void readel(os_el *el, int printit)
if(el->er->UserSidLength)
{
SID_NAME_USE account_type;
- if(!LookupAccountSid(NULL,
- (SID *)((LPSTR)el->er +
+ if(!LookupAccountSid(NULL,
+ (SID *)((LPSTR)el->er +
el->er->UserSidOffset),
- el_user,
- &user_size,
- el_domain,
- &domain_size,
+ el_user,
+ &user_size,
+ el_domain,
+ &domain_size,
&account_type))
{
strncpy(el_user, "(no user)", 255);
@@ -522,16 +522,16 @@ void readel(os_el *el, int printit)
break;
case 4634:
uid_array_id = 1;
- break;
+ break;
case 4647:
uid_array_id = 1;
- break;
+ break;
case 4769:
uid_array_id = 0;
break;
}
- if((uid_array_id >= 0) &&
+ if((uid_array_id >= 0) &&
el_sstring[uid_array_id] &&
el_sstring[uid_array_id +1])
{
@@ -544,7 +544,7 @@ void readel(os_el *el, int printit)
strncpy(el_domain, "no domain", 255);
}
}
-
+
else
{
strncpy(el_user, "(no user)", 255);
@@ -555,22 +555,22 @@ void readel(os_el *el, int printit)
if(printit)
{
DWORD _evtid = 65535;
- int id = (int)el->er->EventID & _evtid;
-
- final_msg[OS_MAXSTR - OS_LOG_HEADER] = '\0';
- final_msg[OS_MAXSTR - OS_LOG_HEADER -1] = '\0';
-
- snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER -1,
- "WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s",
+ int id = (int)el->er->EventID & _evtid;
+
+ final_msg[OS_MAXSTR - OS_LOG_HEADER] = '\0';
+ final_msg[OS_MAXSTR - OS_LOG_HEADER -1] = '\0';
+
+ snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER -1,
+ "WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s",
el->name,
- category,
+ category,
id,
source,
el_user,
el_domain,
computer_name,
descriptive_msg != NULL?descriptive_msg:el_string);
-
+
if(SendMSG(logr_queue, final_msg, "WinEvtLog",
LOCALFILE_MQ) < 0)
{
@@ -606,7 +606,7 @@ void readel(os_el *el, int printit)
char msg_alert[512 +1];
msg_alert[512] = '\0';
merror("%s: WARN: Event log cleared: '%s'", ARGV0, el->name);
-
+
/* Send message about cleared */
snprintf(msg_alert, 512, "ossec: Event log cleared: '%s'", el->name);
@@ -620,7 +620,7 @@ void readel(os_el *el, int printit)
/* Reopening. */
if(startEL(el->name, el) < 0)
{
- merror("%s: ERROR: Unable to reopen event log '%s'",
+ merror("%s: ERROR: Unable to reopen event log '%s'",
ARGV0, el->name);
}
}
@@ -661,13 +661,13 @@ void win_read_vista_sec()
exit(1);
}
-
+
/* Reading the whole file and adding to memory. */
while(fgets(buf, OS_MAXSTR, fp) != NULL)
{
char *key;
char *desc;
-
+
/* Getting the last occurence of \n */
if ((p = strrchr(buf, '\n')) != NULL)
{
@@ -689,7 +689,7 @@ void win_read_vista_sec()
while(*p == ' ')
p++;
-
+
/* Allocating memory. */
desc = strdup(p);
key = strdup(buf);
@@ -699,9 +699,9 @@ void win_read_vista_sec()
"description.", ARGV0);
continue;
}
-
-
- /* Inserting on hash. */
+
+
+ /* Inserting on hash. */
OSHash_Add(vista_sec_id_hash, key, desc);
}
@@ -715,7 +715,7 @@ void win_read_vista_sec()
void win_startel(char *evt_log)
{
int entries_count = 0;
-
+
/* Maximum size */
if(el_last == 9)
{
@@ -735,7 +735,7 @@ void win_startel(char *evt_log)
}
}
-
+
/* Starting event log -- going to last available record */
if((entries_count = startEL(evt_log, &el[el_last])) < 0)
{
@@ -750,16 +750,16 @@ void win_startel(char *evt_log)
}
-/** void win_readel()
+/** void win_readel()
* Reads the event logging for windows
*/
void win_readel()
{
int i = 0;
-
+
/* Sleep plus 2 seconds before reading again */
Sleep(2000);
-
+
for(;i<el_last;i++)
readel(&el[i],1);
}
diff --git a/src/monitord/._Makefile b/src/monitord/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._Makefile and /dev/null differ
diff --git a/src/monitord/._compress_log.c b/src/monitord/._compress_log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._compress_log.c and /dev/null differ
diff --git a/src/monitord/._generate_reports.c b/src/monitord/._generate_reports.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._generate_reports.c and /dev/null differ
diff --git a/src/monitord/._main.c b/src/monitord/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._main.c and /dev/null differ
diff --git a/src/monitord/._manage_files.c b/src/monitord/._manage_files.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._manage_files.c and /dev/null differ
diff --git a/src/monitord/._monitor_agents.c b/src/monitord/._monitor_agents.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._monitor_agents.c and /dev/null differ
diff --git a/src/monitord/._monitord.c b/src/monitord/._monitord.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._monitord.c and /dev/null differ
diff --git a/src/monitord/._monitord.h b/src/monitord/._monitord.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._monitord.h and /dev/null differ
diff --git a/src/monitord/._report.c b/src/monitord/._report.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._report.c and /dev/null differ
diff --git a/src/monitord/._sign_log.c b/src/monitord/._sign_log.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/monitord/._sign_log.c and /dev/null differ
diff --git a/src/monitord/compress_log.c b/src/monitord/compress_log.c
index 89cd368..5ebfc68 100755
--- a/src/monitord/compress_log.c
+++ b/src/monitord/compress_log.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -20,18 +20,18 @@ void OS_CompressLog(char *logfile)
{
FILE *log;
gzFile *zlog;
-
+
char logfileGZ[OS_FLSIZE + 1];
int len, err;
-
+
char buf[OS_MAXSTR + 1];
-
+
/* Do not compress */
if(mond.compress == 0)
return;
-
-
+
+
/* Clearing the memory */
memset(logfileGZ,'\0',OS_FLSIZE +1);
memset(buf, '\0', OS_MAXSTR + 1);
@@ -52,7 +52,7 @@ void OS_CompressLog(char *logfile)
/* Do not warn in here, since the alert file may not exist. */
return;
}
-
+
/* Opening compressed file */
zlog = gzopen(logfileGZ, "w");
if(!zlog)
@@ -61,7 +61,7 @@ void OS_CompressLog(char *logfile)
merror(FOPEN_ERROR, ARGV0, logfileGZ);
return;
}
-
+
for(;;)
{
len = fread(buf, 1, OS_MAXSTR, log);
@@ -80,6 +80,6 @@ void OS_CompressLog(char *logfile)
return;
}
-
+
/* EOF */
diff --git a/src/monitord/generate_reports.c b/src/monitord/generate_reports.c
index b858b15..9b5f418 100755
--- a/src/monitord/generate_reports.c
+++ b/src/monitord/generate_reports.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -82,7 +82,7 @@ void generate_reports(int cday, int cmon, int cyear,struct tm *p)
{
merror("%s: INFO: Report '%s' empty.", ARGV0, mond.reports[s]->title);
}
- else if(OS_SendCustomEmail(mond.reports[s]->emailto, mond.reports[s]->title,
+ else if(OS_SendCustomEmail(mond.reports[s]->emailto, mond.reports[s]->title,
mond.smtpserver, mond.emailfrom, mond.reports[s]->r_filter.fp, p) != 0)
{
merror("%s: WARN: Unable to send report email.", ARGV0);
diff --git a/src/monitord/main.c b/src/monitord/main.c
index 61229d6..a4329cd 100755
--- a/src/monitord/main.c
+++ b/src/monitord/main.c
@@ -31,7 +31,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
@@ -61,13 +61,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -155,20 +156,20 @@ int main(int argc, char **argv)
if(test_config)
exit(0);
-
- if (!run_foreground)
+
+ if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
goDaemon();
}
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
@@ -176,8 +177,8 @@ int main(int argc, char **argv)
nowChroot();
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -189,16 +190,16 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real daemon now */
Monitord();
diff --git a/src/monitord/manage_files.c b/src/monitord/manage_files.c
index 283e91b..3a33475 100755
--- a/src/monitord/manage_files.c
+++ b/src/monitord/manage_files.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -28,13 +28,13 @@ void manage_files(int cday, int cmon, int cyear)
#ifndef SOLARIS
struct tm p_old;
#endif
-
+
char elogfile[OS_FLSIZE +1];
char elogfile_old[OS_FLSIZE +1];
-
+
char alogfile[OS_FLSIZE +1];
char alogfile_old[OS_FLSIZE +1];
-
+
char flogfile[OS_FLSIZE +1];
char flogfile_old[OS_FLSIZE +1];
@@ -47,7 +47,7 @@ void manage_files(int cday, int cmon, int cyear)
#else
pp_old = localtime(&tm_old);
#endif
-
+
memset(elogfile, '\0', OS_FLSIZE +1);
memset(elogfile_old, '\0', OS_FLSIZE +1);
@@ -61,7 +61,7 @@ void manage_files(int cday, int cmon, int cyear)
* before compressing the file.
*/
sleep(mond.day_wait);
-
+
/* Event logfile */
snprintf(elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
@@ -89,7 +89,7 @@ void manage_files(int cday, int cmon, int cyear)
months[cmon],
"alerts",
cday);
- /* alert logfile old */
+ /* alert logfile old */
snprintf(alogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
ALERTS,
pp_old->tm_year+1900,
diff --git a/src/monitord/monitor_agents.c b/src/monitord/monitor_agents.c
index 46cef6d..fbaac58 100755
--- a/src/monitord/monitor_agents.c
+++ b/src/monitord/monitor_agents.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -40,7 +40,7 @@ void monitor_agents()
{
int available = 0;
char **tmp_av;
-
+
tmp_av = av_agents;
while(tmp_av && *tmp_av)
{
@@ -56,7 +56,7 @@ void monitor_agents()
if(available == 0)
{
char str[OS_SIZE_1024 +1];
-
+
/* Sending disconnected message */
snprintf(str, OS_SIZE_1024 -1, OS_AG_DISCON, *cr_agents);
if(SendMSG(mond.a_queue, str, ARGV0,
@@ -65,7 +65,7 @@ void monitor_agents()
merror(QUEUE_SEND, ARGV0);
}
}
-
+
cr_agents++;
}
diff --git a/src/monitord/monitord.c b/src/monitord/monitord.c
index 988ea24..8ae5c93 100755
--- a/src/monitord/monitord.c
+++ b/src/monitord/monitord.c
@@ -19,10 +19,10 @@
/* Real monitord global */
void Monitord()
{
- time_t tm;
- struct tm *p;
+ time_t tm;
+ struct tm *p;
- int today = 0;
+ int today = 0;
int thismonth = 0;
int thisyear = 0;
@@ -32,18 +32,18 @@ void Monitord()
sleep(10);
memset(str, '\0', OS_SIZE_1024 +1);
-
-
+
+
/* Getting currently time before starting */
tm = time(NULL);
p = localtime(&tm);
-
+
today = p->tm_mday;
thismonth = p->tm_mon;
thisyear = p->tm_year+1900;
-
-
+
+
/* Connecting to the message queue
* Exit if it fails.
*/
@@ -61,7 +61,7 @@ void Monitord()
merror(QUEUE_SEND, ARGV0);
}
-
+
/* Main monitor loop */
while(1)
{
@@ -74,7 +74,7 @@ void Monitord()
{
monitor_agents();
}
-
+
/* Day changed, deal with log files */
if(today != p->tm_mday)
{
diff --git a/src/monitord/report.c b/src/monitord/report.c
index e6fb92a..5d7547a 100755
--- a/src/monitord/report.c
+++ b/src/monitord/report.c
@@ -57,7 +57,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
r_filter.group = NULL;
r_filter.rule = NULL;
r_filter.level = NULL;
@@ -74,7 +74,7 @@ int main(int argc, char **argv)
r_filter.related_srcip = 0;
r_filter.related_user = 0;
r_filter.related_file = 0;
-
+
r_filter.report_name = NULL;
while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:")) != -1)
@@ -96,8 +96,8 @@ int main(int argc, char **argv)
break;
case 'r':
if(!optarg || !argv[optind])
- ErrorExit("%s: -r needs two argument",ARGV0);
- related_of = optarg;
+ ErrorExit("%s: -r needs two argument",ARGV0);
+ related_of = optarg;
related_values = argv[optind];
if(os_report_configfilter(related_of, related_values,
@@ -113,7 +113,7 @@ int main(int argc, char **argv)
filter_by = optarg;
filter_value = argv[optind];
- if(os_report_configfilter(filter_by, filter_value,
+ if(os_report_configfilter(filter_by, filter_value,
&r_filter, REPORT_FILTER) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
@@ -134,13 +134,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
case 's':
r_filter.show_alerts = 1;
@@ -161,18 +162,18 @@ int main(int argc, char **argv)
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
-
+
/* Exit here if test config is set */
if(test_config)
exit(0);
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
@@ -180,8 +181,8 @@ int main(int argc, char **argv)
nowChroot();
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -193,16 +194,16 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real stuff now */
os_ReportdStart(&r_filter);
exit(0);
diff --git a/src/monitord/sign_log.c b/src/monitord/sign_log.c
index aee528e..40b37b4 100755
--- a/src/monitord/sign_log.c
+++ b/src/monitord/sign_log.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -55,7 +55,7 @@ void OS_SignLog(char *logfile, char *logfile_old, int log_missing)
/* generating sha1 of the old file. */
if(OS_SHA1_File(logfilesum_old, sf_sum_old) < 0)
{
- merror("%s: No previous sha1 checksum found: '%s'. "
+ merror("%s: No previous sha1 checksum found: '%s'. "
"Starting over.", ARGV0, logfilesum_old);
strncpy(sf_sum_old, "none", 6);
}
@@ -65,7 +65,7 @@ void OS_SignLog(char *logfile, char *logfile_old, int log_missing)
if(OS_MD5_File(logfile, mf_sum) < 0)
{
if(log_missing)
- merror("%s: File '%s' not found. MD5 checksum skipped.",
+ merror("%s: File '%s' not found. MD5 checksum skipped.",
ARGV0, logfile);
strncpy(mf_sum, "none", 6);
}
@@ -79,7 +79,7 @@ void OS_SignLog(char *logfile, char *logfile_old, int log_missing)
strncpy(sf_sum, "none", 6);
}
-
+
fp = fopen(logfilesum, "w");
if(!fp)
{
@@ -91,7 +91,7 @@ void OS_SignLog(char *logfile, char *logfile_old, int log_missing)
fprintf(fp, "Current checksum:\n");
fprintf(fp, "MD5 (%s) = %s\n", logfile, mf_sum);
fprintf(fp, "SHA1 (%s) = %s\n\n", logfile, sf_sum);
-
+
fprintf(fp, "Chained checksum:\n");
fprintf(fp, "MD5 (%s) = %s\n", logfilesum_old, mf_sum_old);
fprintf(fp, "SHA1 (%s) = %s\n\n", logfilesum_old, sf_sum_old);
@@ -99,6 +99,6 @@ void OS_SignLog(char *logfile, char *logfile_old, int log_missing)
return;
}
-
+
/* EOF */
diff --git a/src/os_auth/._Makefile b/src/os_auth/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_auth/._Makefile and /dev/null differ
diff --git a/src/os_auth/._auth.h b/src/os_auth/._auth.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_auth/._auth.h and /dev/null differ
diff --git a/src/os_auth/._main-client.c b/src/os_auth/._main-client.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_auth/._main-client.c and /dev/null differ
diff --git a/src/os_auth/._main-server.c b/src/os_auth/._main-server.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_auth/._main-server.c and /dev/null differ
diff --git a/src/os_auth/._ssl-test.c b/src/os_auth/._ssl-test.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/os_auth/._ssl-test.c and /dev/null differ
diff --git a/src/os_auth/._ssl.c b/src/os_auth/._ssl.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_auth/._ssl.c and /dev/null differ
diff --git a/src/os_auth/main-client.c b/src/os_auth/main-client.c
index 424482d..453751e 100755
--- a/src/os_auth/main-client.c
+++ b/src/os_auth/main-client.c
@@ -84,7 +84,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vdhu:g:D:c:m:p:A:")) != -1)
{
switch(c){
@@ -111,13 +111,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
case 'm':
if(!optarg)
@@ -154,25 +155,25 @@ int main(int argc, char **argv)
if(gid < 0)
ErrorExit(USER_ERROR,ARGV0,user,group);
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
#endif
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
@@ -188,7 +189,7 @@ int main(int argc, char **argv)
agentname = lhostname;
}
-
+
/* Starting SSL */
ctx = os_ssl_keys(1, NULL);
@@ -203,7 +204,42 @@ int main(int argc, char **argv)
merror("%s: ERROR: Manager IP not set.", ARGV0);
exit(1);
}
-
+
+
+ /* Check to see if manager is an IP */
+ int is_ip = 1;
+ struct sockaddr_in iptest;
+ memset(&iptest, 0, sizeof(iptest));
+
+ if(inet_pton(AF_INET, manager, &iptest.sin_addr) != 1)
+ is_ip = 0; /* This is not an IPv4 address */
+
+ /* Not IPv4, IPv6 maybe? */
+ if(is_ip == 0)
+ {
+ struct sockaddr_in6 iptest6;
+ memset(&iptest6, 0, sizeof(iptest6));
+ if(inet_pton(AF_INET6, manager, &iptest6.sin6_addr) != 1)
+ is_ip = 0;
+ else
+ is_ip = 1; /* This is an IPv6 address */
+ }
+
+
+ /* If it isn't an ip, try to resolve the IP */
+ if(is_ip == 0)
+ {
+ char *ipaddress;
+ ipaddress = OS_GetHost(manager, 3);
+ if(ipaddress != NULL)
+ strncpy(manager, ipaddress, 16);
+ else
+ {
+ printf("Could not resolve hostname: %s\n", manager);
+ return(1);
+ }
+ }
+
/* Connecting via TCP */
sock = OS_ConnectTCP(port, manager, 0);
@@ -228,7 +264,7 @@ int main(int argc, char **argv)
exit(1);
}
-
+
printf("INFO: Connected to %s:%d\n", manager, port);
printf("INFO: Using agent name as: %s\n", agentname);
@@ -274,7 +310,7 @@ int main(int argc, char **argv)
exit(1);
}
*tmpstr = '\0';
- entry = OS_StrBreak(' ', key, 4);
+ entry = OS_StrBreak(' ', key, 4);
if(!OS_IsValidID(entry[0]) || !OS_IsValidName(entry[1]) ||
!OS_IsValidName(entry[2]) || !OS_IsValidName(entry[3]))
{
diff --git a/src/os_auth/main-server.c b/src/os_auth/main-server.c
index 850bac2..07ad753 100755
--- a/src/os_auth/main-server.c
+++ b/src/os_auth/main-server.c
@@ -105,6 +105,7 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
@@ -197,19 +198,23 @@ int main(int argc, char **argv)
while(1)
{
- // no need to completely pin the cpu
- usleep(0);
- for (i = 0; i < POOL_SIZE; i++)
- {
- int rv = 0;
- status = 0;
- if (process_pool[i])
+ // no need to completely pin the cpu, 100ms should be fast enough
+ usleep(100*1000);
+
+ // Only check process-pool if we have active processes
+ if(active_processes > 0){
+ for (i = 0; i < POOL_SIZE; i++)
{
- rv = waitpid(process_pool[i], &status, WNOHANG);
- if (rv != 0){
- debug1("%s: DEBUG: Process %d exited", ARGV0, process_pool[i]);
- process_pool[i] = 0;
- active_processes = active_processes - 1;
+ int rv = 0;
+ status = 0;
+ if (process_pool[i])
+ {
+ rv = waitpid(process_pool[i], &status, WNOHANG);
+ if (rv != 0){
+ debug1("%s: DEBUG: Process %d exited", ARGV0, process_pool[i]);
+ process_pool[i] = 0;
+ active_processes = active_processes - 1;
+ }
}
}
}
diff --git a/src/os_auth/ssl-test.c b/src/os_auth/ssl-test.c
index aff5e79..09146d3 100644
--- a/src/os_auth/ssl-test.c
+++ b/src/os_auth/ssl-test.c
@@ -1,5 +1,5 @@
-/*
- *
+/*
+ *
* Copyright (C) 2011 Trend Micro Inc. All rights reserved.
*
* OSSEC HIDS is a free software; you can redistribute it and/or modify
@@ -120,7 +120,7 @@ int main(int argc, char **argv)
printf("ERROR - host not set.\n");
exit(1);
}
-
+
/* Connecting via TCP */
sock = socket(AF_INET,SOCK_STREAM, IPPROTO_TCP);
if(sock < 0)
@@ -154,7 +154,7 @@ int main(int argc, char **argv)
}
printf("Connected!\n");
-
+
ret=SSL_write(ssl,TEST, sizeof(TEST));
if(ret < 0)
diff --git a/src/os_auth/ssl.c b/src/os_auth/ssl.c
index 2388d88..9841861 100755
--- a/src/os_auth/ssl.c
+++ b/src/os_auth/ssl.c
@@ -38,13 +38,13 @@ void *os_ssl_keys(int isclient, char *dir)
SSL_CTX *ctx;
char certf[1024 +1];
char keyf[1024 +1];
-
+
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
bio_err = BIO_new_fp(stderr,BIO_NOCLOSE);
-
+
/* Create our context */
sslmeth = (SSL_METHOD *)SSLv23_method();
ctx = SSL_CTX_new(sslmeth);
@@ -59,7 +59,7 @@ void *os_ssl_keys(int isclient, char *dir)
{
return(NULL);
}
-
+
/* Setting final cert/key files */
certf[1024] = '\0';
@@ -98,7 +98,7 @@ void *os_ssl_keys(int isclient, char *dir)
#if(OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(ctx,1);
#endif
-
+
return ctx;
}
diff --git a/src/os_crypto/._Makefile b/src/os_crypto/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/._Makefile and /dev/null differ
diff --git a/src/os_crypto/blowfish/._Makefile b/src/os_crypto/blowfish/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._Makefile and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_enc.c b/src/os_crypto/blowfish/._bf_enc.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_enc.c and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_locl.h b/src/os_crypto/blowfish/._bf_locl.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_locl.h and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_op.c b/src/os_crypto/blowfish/._bf_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_op.c and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_op.h b/src/os_crypto/blowfish/._bf_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_op.h and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_pi.h b/src/os_crypto/blowfish/._bf_pi.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_pi.h and /dev/null differ
diff --git a/src/os_crypto/blowfish/._bf_skey.c b/src/os_crypto/blowfish/._bf_skey.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._bf_skey.c and /dev/null differ
diff --git a/src/os_crypto/blowfish/._blowfish.h b/src/os_crypto/blowfish/._blowfish.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._blowfish.h and /dev/null differ
diff --git a/src/os_crypto/blowfish/._main.c b/src/os_crypto/blowfish/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/blowfish/._main.c and /dev/null differ
diff --git a/src/os_crypto/blowfish/bf_enc.c b/src/os_crypto/blowfish/bf_enc.c
index bbe5b05..6467ee7 100755
--- a/src/os_crypto/blowfish/bf_enc.c
+++ b/src/os_crypto/blowfish/bf_enc.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
diff --git a/src/os_crypto/blowfish/bf_locl.h b/src/os_crypto/blowfish/bf_locl.h
index 0567cb5..ea7399e 100755
--- a/src/os_crypto/blowfish/bf_locl.h
+++ b/src/os_crypto/blowfish/bf_locl.h
@@ -10,21 +10,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -39,10 +39,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -54,7 +54,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
diff --git a/src/os_crypto/blowfish/bf_op.c b/src/os_crypto/blowfish/bf_op.c
index 6cbff2f..d7a1118 100755
--- a/src/os_crypto/blowfish/bf_op.c
+++ b/src/os_crypto/blowfish/bf_op.c
@@ -27,7 +27,7 @@
typedef unsigned char uchar;
-int OS_BF_Str(char *input, char *output, char *charkey,
+int OS_BF_Str(char *input, char *output, char *charkey,
long size, short int action)
{
BF_KEY key;
diff --git a/src/os_crypto/blowfish/bf_op.h b/src/os_crypto/blowfish/bf_op.h
index 58e98ab..4a4b2b1 100755
--- a/src/os_crypto/blowfish/bf_op.h
+++ b/src/os_crypto/blowfish/bf_op.h
@@ -21,7 +21,7 @@
#define OS_DECRYPT 0
-int OS_BF_Str(char * input, char *output, char *charkey,
+int OS_BF_Str(char * input, char *output, char *charkey,
long size, short int action);
#endif
diff --git a/src/os_crypto/blowfish/bf_pi.h b/src/os_crypto/blowfish/bf_pi.h
index 9949513..79d23db 100755
--- a/src/os_crypto/blowfish/bf_pi.h
+++ b/src/os_crypto/blowfish/bf_pi.h
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -64,262 +64,262 @@ static const BF_KEY bf_init= {
0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
0x9216d5d9L, 0x8979fb1b
},{
- 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
- 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
- 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
- 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
- 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
- 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
- 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
- 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
- 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
- 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
- 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
- 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
- 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
- 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
- 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
- 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
- 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
- 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
- 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
- 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
- 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
- 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
- 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
- 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
- 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
- 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
- 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
- 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
- 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
- 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
- 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
- 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
- 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
- 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
- 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
- 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
- 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
- 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
- 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
- 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
- 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
- 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
- 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
- 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
- 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
- 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
- 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
- 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
- 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
- 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
- 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
- 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
- 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
- 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
- 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
- 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
- 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
- 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
- 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
- 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
- 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
- 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
- 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
- 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
- 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
- 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
- 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
- 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
- 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
- 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
- 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
- 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
- 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
- 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
- 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
- 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
- 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
- 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
- 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
- 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
- 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
- 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
- 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
- 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
- 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
- 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
- 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
- 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
- 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
- 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
- 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
- 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
- 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
- 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
- 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
- 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
- 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
- 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
- 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
- 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
- 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
- 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
- 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
- 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
- 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
- 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
- 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
- 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
- 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
- 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
- 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
- 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
- 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
- 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
- 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
- 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
- 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
- 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
- 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
- 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
- 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
- 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
- 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
- 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
- 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
- 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
- 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
- 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
- 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
- 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
- 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
- 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
- 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
- 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
- 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
- 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
- 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
- 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
- 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
- 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
- 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
- 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
- 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
- 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
- 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
- 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
- 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
- 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
- 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
- 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
- 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
- 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
- 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
- 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
- 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
- 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
- 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
- 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
- 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
- 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
- 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
- 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
- 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
- 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
- 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
- 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
- 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
- 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
- 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
- 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
- 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
- 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
- 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
- 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
- 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
- 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
- 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
- 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
- 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
- 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
- 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
- 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
- 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
- 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
- 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
- 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
- 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
- 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
- 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
- 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
- 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
- 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
- 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
- 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
- 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
- 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
- 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
- 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
- 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
- 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
- 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
- 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
- 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
- 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
- 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
- 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
- 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
- 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
- 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
- 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
- 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
- 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
- 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
- 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
- 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
- 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
- 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
- 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
- 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
- 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
- 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
- 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
- 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
- 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
- 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
- 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
- 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
- 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
- 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
- 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
- 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
- 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
- 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
- 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
- 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
- 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
- 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
- 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
- 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
- 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
- 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
- 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
- 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
- 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
- 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
- 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
- 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
- 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
- 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
- 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
- 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
- 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
- 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
- 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
- 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
- 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
+ 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
+ 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
+ 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
+ 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
+ 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
+ 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
+ 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
+ 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
+ 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
+ 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
+ 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
+ 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
+ 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
+ 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
+ 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
+ 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
+ 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
+ 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
+ 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
+ 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
+ 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
+ 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
+ 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
+ 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
+ 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
+ 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
+ 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
+ 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
+ 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
+ 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
+ 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
+ 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
+ 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
+ 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
+ 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
+ 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
+ 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
+ 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
+ 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
+ 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
+ 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
+ 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
+ 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
+ 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
+ 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
+ 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
+ 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
+ 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
+ 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
+ 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
+ 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
+ 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
+ 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
+ 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
+ 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
+ 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
+ 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
+ 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
+ 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
+ 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
+ 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
+ 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
+ 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
+ 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
+ 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
+ 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
+ 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
+ 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
+ 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
+ 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
+ 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
+ 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
+ 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
+ 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
+ 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
+ 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
+ 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
+ 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
+ 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
+ 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
+ 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
+ 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
+ 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
+ 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
+ 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
+ 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
+ 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
+ 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
+ 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
+ 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
+ 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
+ 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
+ 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
+ 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
+ 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
+ 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
+ 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
+ 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
+ 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
+ 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
+ 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
+ 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
+ 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
+ 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
+ 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
+ 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
+ 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
+ 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
+ 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
+ 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
+ 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
+ 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
+ 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
+ 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
+ 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
+ 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
+ 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
+ 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
+ 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
+ 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
+ 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
+ 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
+ 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
+ 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
+ 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
+ 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
+ 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
+ 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
+ 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
+ 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
+ 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
+ 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
+ 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
+ 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
+ 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
+ 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
+ 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
+ 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
+ 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
+ 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
+ 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
+ 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
+ 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
+ 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
+ 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
+ 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
+ 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
+ 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
+ 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
+ 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
+ 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
+ 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
+ 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
+ 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
+ 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
+ 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
+ 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
+ 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
+ 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
+ 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
+ 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
+ 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
+ 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
+ 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
+ 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
+ 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
+ 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
+ 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
+ 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
+ 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
+ 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
+ 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
+ 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
+ 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
+ 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
+ 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
+ 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
+ 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
+ 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
+ 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
+ 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
+ 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
+ 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
+ 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
+ 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
+ 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
+ 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
+ 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
+ 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
+ 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
+ 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
+ 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
+ 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
+ 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
+ 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
+ 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
+ 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
+ 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
+ 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
+ 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
+ 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
+ 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
+ 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
+ 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
+ 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
+ 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
+ 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
+ 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
+ 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
+ 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
+ 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
+ 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
+ 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
+ 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
+ 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
+ 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
+ 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
+ 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
+ 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
+ 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
+ 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
+ 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
+ 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
+ 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
+ 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
+ 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
+ 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
+ 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
+ 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
+ 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
+ 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
+ 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
+ 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
+ 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
+ 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
+ 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
+ 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
+ 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
+ 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
+ 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
+ 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
+ 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
+ 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
+ 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
+ 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
+ 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
+ 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
+ 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
+ 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
+ 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
+ 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
+ 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
+ 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
+ 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
+ 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
+ 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
}
};
diff --git a/src/os_crypto/blowfish/bf_skey.c b/src/os_crypto/blowfish/bf_skey.c
index d3cba58..f38a4ce 100755
--- a/src/os_crypto/blowfish/bf_skey.c
+++ b/src/os_crypto/blowfish/bf_skey.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
diff --git a/src/os_crypto/blowfish/blowfish.h b/src/os_crypto/blowfish/blowfish.h
index ad6ce95..180442a 100755
--- a/src/os_crypto/blowfish/blowfish.h
+++ b/src/os_crypto/blowfish/blowfish.h
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -104,7 +104,7 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
-
+
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/os_crypto/blowfish/main.c b/src/os_crypto/blowfish/main.c
index 0b34a02..6a3277c 100755
--- a/src/os_crypto/blowfish/main.c
+++ b/src/os_crypto/blowfish/main.c
@@ -19,13 +19,13 @@ int main(int argc, char ** argv)
printf("%s: string key\n", argv[0]);
exit(1);
}
-
+
if((strlen(argv[1]) > 1020) || (strlen(argv[2]) > 512))
{
printf("%s: size err\n", argv[0]);
exit(1);
}
-
+
/* Encrypt */
OS_BF_Str(argv[1], output, argv[2], strlen(argv[1]), OS_ENCRYPT);
diff --git a/src/os_crypto/md5/._Makefile b/src/os_crypto/md5/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._Makefile and /dev/null differ
diff --git a/src/os_crypto/md5/._main.c b/src/os_crypto/md5/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._main.c and /dev/null differ
diff --git a/src/os_crypto/md5/._md5.c b/src/os_crypto/md5/._md5.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._md5.c and /dev/null differ
diff --git a/src/os_crypto/md5/._md5.h b/src/os_crypto/md5/._md5.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._md5.h and /dev/null differ
diff --git a/src/os_crypto/md5/._md5_op.c b/src/os_crypto/md5/._md5_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._md5_op.c and /dev/null differ
diff --git a/src/os_crypto/md5/._md5_op.h b/src/os_crypto/md5/._md5_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5/._md5_op.h and /dev/null differ
diff --git a/src/os_crypto/md5/main.c b/src/os_crypto/md5/main.c
index 8265fa6..5eab951 100755
--- a/src/os_crypto/md5/main.c
+++ b/src/os_crypto/md5/main.c
@@ -20,21 +20,21 @@ int main(int argc, char ** argv)
if(argc < 3)
usage(argv);
-
-
+
+
if(strcmp(argv[1],"file") == 0)
{
OS_MD5_File(argv[2], filesum);
}
-
+
else if(strcmp(argv[1],"str") == 0)
{
OS_MD5_Str(argv[2], filesum);
}
-
+
else
usage(argv);
-
+
printf("MD5Sum for \"%s\" is: %s\n",argv[2],filesum);
return(0);
}
diff --git a/src/os_crypto/md5/md5.c b/src/os_crypto/md5/md5.c
index f2eb619..769e1fb 100755
--- a/src/os_crypto/md5/md5.c
+++ b/src/os_crypto/md5/md5.c
@@ -24,7 +24,7 @@
#ifdef __BYTE_ORDER
#if __BYTE_ORDER == __BIG_ENDIAN
#define HIGHFIRST
-#endif /* BIG ENDIAN */
+#endif /* BIG ENDIAN */
#endif /* byte order */
@@ -114,7 +114,7 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
}
/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
+ * Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
diff --git a/src/os_crypto/md5/md5_op.c b/src/os_crypto/md5/md5_op.c
index 9e3dc5d..6785697 100755
--- a/src/os_crypto/md5/md5_op.c
+++ b/src/os_crypto/md5/md5_op.c
@@ -29,25 +29,25 @@ int OS_MD5_File(char * fname, char * output)
unsigned char buf[1024 +1];
unsigned char digest[16];
int n;
-
+
memset(output,0, 33);
buf[1024] = '\0';
-
+
fp = fopen(fname,"r");
if(!fp)
{
return(-1);
}
-
+
MD5Init(&ctx);
while((n = fread(buf, 1, sizeof(buf) -1, fp)) > 0)
{
buf[n] = '\0';
MD5Update(&ctx,buf,n);
}
-
+
MD5Final(digest, &ctx);
-
+
for(n = 0;n < 16; n++)
{
snprintf(output, 3, "%02x", digest[n]);
@@ -56,7 +56,7 @@ int OS_MD5_File(char * fname, char * output)
/* Closing it */
fclose(fp);
-
+
return(0);
}
@@ -64,17 +64,17 @@ int OS_MD5_File(char * fname, char * output)
int OS_MD5_Str(char * str, char * output)
{
unsigned char digest[16];
-
+
int n;
-
+
MD5_CTX ctx;
MD5Init(&ctx);
-
+
MD5Update(&ctx,(unsigned char *)str,strlen(str));
-
+
MD5Final(digest, &ctx);
-
+
output[32] = '\0';
for(n = 0;n < 16;n++)
{
diff --git a/src/os_crypto/md5_sha1/._Makefile b/src/os_crypto/md5_sha1/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5_sha1/._Makefile and /dev/null differ
diff --git a/src/os_crypto/md5_sha1/._main.c b/src/os_crypto/md5_sha1/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5_sha1/._main.c and /dev/null differ
diff --git a/src/os_crypto/md5_sha1/._md5_sha1_op.c b/src/os_crypto/md5_sha1/._md5_sha1_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5_sha1/._md5_sha1_op.c and /dev/null differ
diff --git a/src/os_crypto/md5_sha1/._md5_sha1_op.h b/src/os_crypto/md5_sha1/._md5_sha1_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/md5_sha1/._md5_sha1_op.h and /dev/null differ
diff --git a/src/os_crypto/md5_sha1/main.c b/src/os_crypto/md5_sha1/main.c
index 15d91b5..12723dc 100755
--- a/src/os_crypto/md5_sha1/main.c
+++ b/src/os_crypto/md5_sha1/main.c
@@ -23,16 +23,16 @@ int main(int argc, char ** argv)
if(argc < 4)
usage(argv);
-
-
+
+
if(strcmp(argv[2],"file") == 0)
{
OS_MD5_SHA1_File(argv[3], argv[1], filesum1, filesum2);
}
-
+
else
usage(argv);
-
+
printf("MD5Sha1Sum for \"%s\" is: %s - %s\n",argv[2], filesum1, filesum2);
return(0);
}
diff --git a/src/os_crypto/md5_sha1/md5_sha1_op.c b/src/os_crypto/md5_sha1/md5_sha1_op.c
index 8bec676..b3471f4 100755
--- a/src/os_crypto/md5_sha1/md5_sha1_op.c
+++ b/src/os_crypto/md5_sha1/md5_sha1_op.c
@@ -20,7 +20,7 @@
#include "headers/defs.h"
-
+
int OS_MD5_SHA1_File(char *fname, char *prefilter_cmd, char *md5output, char *sha1output)
{
int n;
@@ -34,7 +34,7 @@ int OS_MD5_SHA1_File(char *fname, char *prefilter_cmd, char *md5output, char *sh
SHA_CTX sha1_ctx;
MD5_CTX md5_ctx;
-
+
/* Clearing the memory. */
md5output[0] = '\0';
sha1output[0] = '\0';
diff --git a/src/os_crypto/sha1/._Makefile b/src/os_crypto/sha1/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._Makefile and /dev/null differ
diff --git a/src/os_crypto/sha1/._main.c b/src/os_crypto/sha1/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._main.c and /dev/null differ
diff --git a/src/os_crypto/sha1/._md32_common.h b/src/os_crypto/sha1/._md32_common.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._md32_common.h and /dev/null differ
diff --git a/src/os_crypto/sha1/._sha.h b/src/os_crypto/sha1/._sha.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._sha.h and /dev/null differ
diff --git a/src/os_crypto/sha1/._sha1_op.c b/src/os_crypto/sha1/._sha1_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._sha1_op.c and /dev/null differ
diff --git a/src/os_crypto/sha1/._sha1_op.h b/src/os_crypto/sha1/._sha1_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._sha1_op.h and /dev/null differ
diff --git a/src/os_crypto/sha1/._sha_locl.h b/src/os_crypto/sha1/._sha_locl.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/sha1/._sha_locl.h and /dev/null differ
diff --git a/src/os_crypto/sha1/main.c b/src/os_crypto/sha1/main.c
index 4373f47..e6dda51 100755
--- a/src/os_crypto/sha1/main.c
+++ b/src/os_crypto/sha1/main.c
@@ -20,8 +20,8 @@ int main(int argc, char ** argv)
if(argc < 2)
usage(argv);
-
-
+
+
if(OS_SHA1_File(argv[1], filesum) == 0)
{
printf("SHA1Sum for \"%s\" is: %s\n",argv[1],filesum);
diff --git a/src/os_crypto/sha1/md32_common.h b/src/os_crypto/sha1/md32_common.h
index 6fd454f..1f9b1ab 100755
--- a/src/os_crypto/sha1/md32_common.h
+++ b/src/os_crypto/sha1/md32_common.h
@@ -11,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -621,7 +621,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
* *either* case. Now declaring 'em long excuses the compiler
* from keeping 32 MSBs zeroed resulting in 13% performance
* improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents*
+ * Well, to be honest it should say that this *prevents*
* performance degradation.
* <appro at fy.chalmers.se>
* Apparently there're LP64 compilers that generate better
@@ -632,4 +632,4 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
#endif
-#endif /* _MD32_COMMON__H */
+#endif /* _MD32_COMMON__H */
diff --git a/src/os_crypto/sha1/sha.h b/src/os_crypto/sha1/sha.h
index ec5b62e..be021fa 100755
--- a/src/os_crypto/sha1/sha.h
+++ b/src/os_crypto/sha1/sha.h
@@ -10,21 +10,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -39,10 +39,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -54,7 +54,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
diff --git a/src/os_crypto/sha1/sha1_op.c b/src/os_crypto/sha1/sha1_op.c
index 97588d1..99d74ec 100755
--- a/src/os_crypto/sha1/sha1_op.c
+++ b/src/os_crypto/sha1/sha1_op.c
@@ -15,20 +15,20 @@
#include <string.h>
#include "sha1_op.h"
-/* Openssl sha1
+/* Openssl sha1
* Only use if open ssl is not available.
#ifndef USE_OPENSSL
#include "sha.h"
#include "sha_locl.h"
#else
-#include <openssl/sha.h>
+#include <openssl/sha.h>
#endif
*/
#include "sha_locl.h"
-
+
int OS_SHA1_File(char * fname, char * output)
{
SHA_CTX c;
@@ -36,32 +36,32 @@ int OS_SHA1_File(char * fname, char * output)
unsigned char buf[2048 +2];
unsigned char md[SHA_DIGEST_LENGTH];
int n;
-
+
memset(output,0, 65);
buf[2049] = '\0';
-
+
fp = fopen(fname,"r");
if(!fp)
return(-1);
-
+
SHA1_Init(&c);
while((n = fread(buf, 1, 2048, fp)) > 0)
{
buf[n] = '\0';
SHA1_Update(&c,buf,(unsigned long)n);
}
-
+
SHA1_Final(&(md[0]),&c);
-
+
for (n=0; n<SHA_DIGEST_LENGTH; n++)
{
snprintf(output, 3, "%02x", md[n]);
output+=2;
}
-
+
/* Closing it */
fclose(fp);
-
+
return(0);
}
diff --git a/src/os_crypto/sha1/sha_locl.h b/src/os_crypto/sha1/sha_locl.h
index 019f1eb..d4b919e 100755
--- a/src/os_crypto/sha1/sha_locl.h
+++ b/src/os_crypto/sha1/sha_locl.h
@@ -10,21 +10,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -39,10 +39,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -54,7 +54,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -180,9 +180,9 @@ int HASH_INIT (SHA_CTX *c)
* I've just become aware of another tweak to be made, again from Wei Dai,
* in F_40_59, (x&a)|(y&a) -> (x|y)&a
*/
-#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
#define F_60_79(b,c,d) F_20_39(b,c,d)
#ifndef OPENSSL_SMALL_FOOTPRINT
@@ -345,7 +345,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
- c->h0=(c->h0+E)&0xffffffffL;
+ c->h0=(c->h0+E)&0xffffffffL;
c->h1=(c->h1+T)&0xffffffffL;
c->h2=(c->h2+A)&0xffffffffL;
c->h3=(c->h3+B)&0xffffffffL;
@@ -472,7 +472,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
- c->h0=(c->h0+E)&0xffffffffL;
+ c->h0=(c->h0+E)&0xffffffffL;
c->h1=(c->h1+T)&0xffffffffL;
c->h2=(c->h2+A)&0xffffffffL;
c->h3=(c->h3+B)&0xffffffffL;
@@ -548,7 +548,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
for (i=4;i<24;i++)
{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
- c->h0=(c->h0+A)&0xffffffffL;
+ c->h0=(c->h0+A)&0xffffffffL;
c->h1=(c->h1+B)&0xffffffffL;
c->h2=(c->h2+C)&0xffffffffL;
c->h3=(c->h3+D)&0xffffffffL;
@@ -594,7 +594,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
for (i=4;i<24;i++)
{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
- c->h0=(c->h0+A)&0xffffffffL;
+ c->h0=(c->h0+A)&0xffffffffL;
c->h1=(c->h1+B)&0xffffffffL;
c->h2=(c->h2+C)&0xffffffffL;
c->h3=(c->h3+D)&0xffffffffL;
diff --git a/src/os_crypto/shared/._Makefile b/src/os_crypto/shared/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/shared/._Makefile and /dev/null differ
diff --git a/src/os_crypto/shared/._keys.c b/src/os_crypto/shared/._keys.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/shared/._keys.c and /dev/null differ
diff --git a/src/os_crypto/shared/._msgs.c b/src/os_crypto/shared/._msgs.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_crypto/shared/._msgs.c and /dev/null differ
diff --git a/src/os_crypto/shared/keys.c b/src/os_crypto/shared/keys.c
index 434782b..587f083 100755
--- a/src/os_crypto/shared/keys.c
+++ b/src/os_crypto/shared/keys.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -24,7 +24,7 @@
-/* __memclear: Clears keys entries.
+/* __memclear: Clears keys entries.
*/
void __memclear(char *id, char *name, char *ip, char *key, int size)
{
@@ -41,10 +41,10 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
{
os_md5 filesum1;
os_md5 filesum2;
-
- char *tmp_str;
+
+ char *tmp_str;
char _finalstr[KEYSIZE];
-
+
/* Allocating for the whole structure */
keys->keyentries =(keyentry **)realloc(keys->keyentries,
@@ -54,32 +54,32 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
ErrorExit(MEM_ERROR, __local_name);
}
os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
-
-
+
+
/* Setting configured values for id */
os_strdup(id, keys->keyentries[keys->keysize]->id);
- OSHash_Add(keys->keyhash_id,
- keys->keyentries[keys->keysize]->id,
+ OSHash_Add(keys->keyhash_id,
+ keys->keyentries[keys->keysize]->id,
keys->keyentries[keys->keysize]);
-
-
+
+
/* agent ip */
os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip);
if(OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0)
{
ErrorExit(INVALID_IP, __local_name, ip);
}
-
+
/* We need to remove the "/" from the cidr */
if((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL)
{
*tmp_str = '\0';
}
- OSHash_Add(keys->keyhash_ip,
- keys->keyentries[keys->keysize]->ip->ip,
+ OSHash_Add(keys->keyhash_ip,
+ keys->keyentries[keys->keysize]->ip->ip,
keys->keyentries[keys->keysize]);
-
+
/* agent name */
os_strdup(name, keys->keyentries[keys->keysize]->name);
@@ -91,15 +91,15 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
keys->keyentries[keys->keysize]->fp = NULL;
-
+
/** Generating final symmetric key **/
-
+
/* MD5 from name, id and key */
OS_MD5_Str(name, filesum1);
OS_MD5_Str(id, filesum2);
- /* Generating new filesum1 */
+ /* Generating new filesum1 */
snprintf(_finalstr, sizeof(_finalstr)-1, "%s%s", filesum1, filesum2);
@@ -112,7 +112,7 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
/* Second md is just the key */
OS_MD5_Str(key, filesum2);
-
+
/* Generating final key */
memset(_finalstr,'\0', sizeof(_finalstr));
snprintf(_finalstr, 49, "%s%s", filesum2, filesum1);
@@ -128,14 +128,14 @@ void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
/* ready for next */
keys->keysize++;
-
-
+
+
return;
}
-/* int OS_CheckKeys():
- * Checks if the authentication key file is present
+/* int OS_CheckKeys():
+ * Checks if the authentication key file is present
*/
int OS_CheckKeys()
{
@@ -172,15 +172,15 @@ int OS_CheckKeys()
void OS_ReadKeys(keystore *keys)
{
FILE *fp;
-
+
char buffer[OS_BUFFER_SIZE +1];
-
+
char name[KEYSIZE +1];
char ip[KEYSIZE +1];
char id[KEYSIZE +1];
char key[KEYSIZE +1];
-
-
+
+
/* Checking if the keys file is present and we can read it. */
if((keys->file_change = File_DateofChange(KEYS_FILE)) < 0)
{
@@ -222,7 +222,7 @@ void OS_ReadKeys(keystore *keys)
{
char *tmp_str;
char *valid_str;
-
+
if((buffer[0] == '#') || (buffer[0] == ' '))
continue;
@@ -245,7 +245,7 @@ void OS_ReadKeys(keystore *keys)
{
continue;
}
-
+
/* Getting name */
valid_str = tmp_str;
tmp_str = strchr(tmp_str, ' ');
@@ -258,7 +258,7 @@ void OS_ReadKeys(keystore *keys)
tmp_str++;
strncpy(name, valid_str, KEYSIZE -1);
-
+
/* Getting ip address */
valid_str = tmp_str;
tmp_str = strchr(tmp_str, ' ');
@@ -271,7 +271,7 @@ void OS_ReadKeys(keystore *keys)
tmp_str++;
strncpy(ip, valid_str, KEYSIZE -1);
-
+
/* Getting key */
valid_str = tmp_str;
tmp_str = strchr(tmp_str, '\n');
@@ -288,8 +288,8 @@ void OS_ReadKeys(keystore *keys)
/* Clearing the memory */
- __memclear(id, name, ip, key, KEYSIZE +1);
-
+ __memclear(id, name, ip, key, KEYSIZE +1);
+
/* Checking for maximum agent size */
if(keys->keysize >= (MAX_AGENTS -2))
@@ -297,11 +297,11 @@ void OS_ReadKeys(keystore *keys)
merror(AG_MAX_ERROR, __local_name, MAX_AGENTS -2);
ErrorExit(CONFIG_ERROR, __local_name, KEYS_FILE);
}
-
+
continue;
}
-
-
+
+
/* Closing key file. */
fclose(fp);
@@ -344,12 +344,12 @@ void OS_FreeKeys(keystore *keys)
keys->keysize = 0;
keys->keyhash_id =NULL;
keys->keyhash_ip = NULL;
-
-
+
+
/* Sleeping to give time to other threads to stop using them. */
sleep(1);
-
-
+
+
/* Freeing the hashes */
OSHash_Free(hashid);
OSHash_Free(haship);
@@ -364,16 +364,16 @@ void OS_FreeKeys(keystore *keys)
free(keys->keyentries[i]->ip->ip);
free(keys->keyentries[i]->ip);
}
-
- if(keys->keyentries[i]->id)
+
+ if(keys->keyentries[i]->id)
free(keys->keyentries[i]->id);
-
+
if(keys->keyentries[i]->key)
free(keys->keyentries[i]->key);
if(keys->keyentries[i]->name)
free(keys->keyentries[i]->name);
-
+
/* Closing counter */
if(keys->keyentries[i]->fp)
fclose(keys->keyentries[i]->fp);
@@ -382,7 +382,7 @@ void OS_FreeKeys(keystore *keys)
keys->keyentries[i] = NULL;
}
}
-
+
/* Freeing structure */
free(keys->keyentries);
keys->keyentries = NULL;
@@ -412,20 +412,20 @@ int OS_UpdateKeys(keystore *keys)
{
merror(ENCFILE_CHANGED, __local_name);
debug1("%s: DEBUG: Freekeys", __local_name);
-
+
OS_FreeKeys(keys);
debug1("%s: DEBUG: OS_ReadKeys", __local_name);
-
+
/* Reading keys */
verbose(ENC_READ, __local_name);
-
+
OS_ReadKeys(keys);
debug1("%s: DEBUG: OS_StartCounter", __local_name);
-
+
OS_StartCounter(keys);
debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);
-
+
return(1);
}
return(0);
@@ -433,7 +433,7 @@ int OS_UpdateKeys(keystore *keys)
/* OS_IsAllowedIP()
- * Checks if an IP address is allowed to connect.
+ * Checks if an IP address is allowed to connect.
*/
int OS_IsAllowedIP(keystore *keys, char *srcip)
{
@@ -441,7 +441,7 @@ int OS_IsAllowedIP(keystore *keys, char *srcip)
if(srcip == NULL)
return(-1);
-
+
entry = OSHash_Get(keys->keyhash_ip, srcip);
if(entry)
{
@@ -477,7 +477,7 @@ int OS_IsAllowedID(keystore *keys, char *id)
if(id == NULL)
return(-1);
-
+
entry = OSHash_Get(keys->keyhash_id, id);
if(entry)
{
@@ -492,10 +492,10 @@ int OS_IsAllowedID(keystore *keys, char *id)
int OS_IsAllowedDynamicID(keystore *keys, char *id, char *srcip)
{
keyentry *entry;
-
+
if(id == NULL)
return(-1);
-
+
entry = OSHash_Get(keys->keyhash_id, id);
if(entry)
{
diff --git a/src/os_crypto/shared/msgs.c b/src/os_crypto/shared/msgs.c
index 99a8229..eab2a52 100755
--- a/src/os_crypto/shared/msgs.c
+++ b/src/os_crypto/shared/msgs.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -51,11 +51,11 @@ void OS_StartCounter(keystore *keys)
char rids_file[OS_FLSIZE +1];
rids_file[OS_FLSIZE] = '\0';
-
+
debug1("%s: OS_StartCounter: keysize: %d", __local_name, keys->keysize);
-
-
+
+
/* Starting receiving counter */
for(i = 0; i<=keys->keysize; i++)
{
@@ -84,7 +84,7 @@ void OS_StartCounter(keystore *keys)
if(!keys->keyentries[i]->fp)
{
int my_error = errno;
-
+
/* Just in case we run out of file descriptiors */
if((keys->keyentries[i -1]->fp) && (i > 10))
{
@@ -96,7 +96,7 @@ void OS_StartCounter(keystore *keys)
}
}
- merror("%s: Unable to open agent file. errno: %d",
+ merror("%s: Unable to open agent file. errno: %d",
__local_name, my_error);
ErrorExit(FOPEN_ERROR, __local_name, rids_file);
}
@@ -113,10 +113,10 @@ void OS_StartCounter(keystore *keys)
else
{
verbose("%s: INFO: No previous counter available for '%s'.",
- __local_name,
+ __local_name,
keys->keyentries[i]->name);
}
-
+
g_c = 0;
l_c = 0;
}
@@ -132,7 +132,7 @@ void OS_StartCounter(keystore *keys)
{
verbose("%s: INFO: Assigning counter for agent %s: '%d:%d'.",
__local_name, keys->keyentries[i]->name, g_c, l_c);
-
+
keys->keyentries[i]->global = g_c;
keys->keyentries[i]->local = l_c;
}
@@ -196,7 +196,7 @@ void StoreCounter(keystore *keys, int id, int global, int local)
}
-/* CheckSum v0.1: 2005/02/15
+/* CheckSum v0.1: 2005/02/15
* Verify the checksum of the message.
* Returns NULL on error or the message on success.
*/
@@ -217,14 +217,14 @@ char *CheckSum(char *msg)
{
return(NULL);
}
-
+
return(msg);
}
/* ReadSecMSG v0.2: 2005/02/10 */
-char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
+char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
int id, int buffer_size)
{
int cmp_size;
@@ -232,8 +232,8 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
unsigned int msg_local = 0;
char *f_msg;
-
-
+
+
if(*buffer == ':')
{
buffer++;
@@ -243,10 +243,10 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
merror(ENCFORMAT_ERROR, __local_name, keys->keyentries[id]->ip->ip);
return(NULL);
}
-
+
/* Decrypting message */
- if(!OS_BF_Str(buffer, cleartext, keys->keyentries[id]->key,
- buffer_size, OS_DECRYPT))
+ if(!OS_BF_Str(buffer, cleartext, keys->keyentries[id]->key,
+ buffer_size, OS_DECRYPT))
{
merror(ENCKEY_ERROR, __local_name, keys->keyentries[id]->ip->ip);
return(NULL);
@@ -266,7 +266,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
cleartext++;
buffer_size--;
}
-
+
/* Uncompressing */
cmp_size = os_uncompress(cleartext, buffer, buffer_size, OS_MAXSTR);
if(!cmp_size)
@@ -302,7 +302,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
msg_local = atoi(f_msg);
f_msg+=5;
-
+
/* Returning the message if we don't need to verify the counbter. */
if(!_s_verify_counter)
{
@@ -312,7 +312,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
if(rcv_count >= _s_recv_flush)
{
StoreCounter(keys, id, msg_global, msg_local);
- rcv_count = 0;
+ rcv_count = 0;
}
rcv_count++;
return(f_msg);
@@ -320,7 +320,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
if((msg_global > keys->keyentries[id]->global)||
- ((msg_global == keys->keyentries[id]->global) &&
+ ((msg_global == keys->keyentries[id]->global) &&
(msg_local > keys->keyentries[id]->local)))
{
/* Updating currently counts */
@@ -418,7 +418,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
}
/* Checking if it is a duplicated message */
- if((msg_count == keys->keyentries[id]->local) &&
+ if((msg_count == keys->keyentries[id]->local) &&
(msg_time == keys->keyentries[id]->global))
{
return(NULL);
@@ -437,7 +437,7 @@ char *ReadSecMSG(keystore *keys, char *buffer, char *cleartext,
merror(ENCTIME_ERROR, __local_name, keys->keyentries[id]->name);
return(NULL);
}
-
+
merror(ENCFORMAT_ERROR, __local_name, keys->keyentries[id]->ip->ip);
return(NULL);
}
@@ -452,24 +452,24 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
int bfsize;
int msg_size;
int cmp_size;
-
+
u_int16_t rand1;
-
+
char _tmpmsg[OS_MAXSTR + 2];
char _finmsg[OS_MAXSTR + 2];
-
+
os_md5 md5sum;
-
+
msg_size = strlen(msg);
-
-
+
+
/* Checking for invalid msg sizes */
if((msg_size > (OS_MAXSTR - OS_HEADER_SIZE))||(msg_size < 1))
{
merror(ENCSIZE_ERROR, __local_name, msg);
return(0);
}
-
+
/* Random number */
rand1 = (u_int16_t)random();
@@ -477,7 +477,7 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
_tmpmsg[OS_MAXSTR +1] = '\0';
_finmsg[OS_MAXSTR +1] = '\0';
msg_encrypted[OS_MAXSTR] = '\0';
-
+
/* Increasing local and global counters */
if(local_count >= 9997)
@@ -486,25 +486,25 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
global_count++;
}
local_count++;
-
-
+
+
snprintf(_tmpmsg, OS_MAXSTR,"%05hu%010u:%04hu:%s",
rand1, global_count, local_count,
msg);
-
+
/* Generating md5sum of the unencrypted string */
OS_MD5_Str(_tmpmsg, md5sum);
-
+
/* Generating final msg to be compressed */
snprintf(_finmsg, OS_MAXSTR,"%s%s",md5sum,_tmpmsg);
msg_size = strlen(_finmsg);
/* Compressing message.
- * We assing the first 8 bytes for padding.
+ * We assing the first 8 bytes for padding.
*/
cmp_size = os_compress(_finmsg, _tmpmsg + 8, msg_size, OS_MAXSTR - 12);
if(!cmp_size)
@@ -513,7 +513,7 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
return(0);
}
cmp_size++;
-
+
/* Padding the message (needs to be div by 8) */
bfsize = 8 - (cmp_size % 8);
if(bfsize == 8)
@@ -538,7 +538,7 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
{
verbose("%s: INFO: Event count after '%u': %u->%u (%d%%)", __local_name,
evt_count,
- c_orig_size,
+ c_orig_size,
c_comp_size,
(c_comp_size * 100)/c_orig_size);
evt_count = 0;
@@ -546,10 +546,10 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
c_comp_size = 0;
}
evt_count++;
-
+
/* If the ip is dynamic (not single host, append agent id
* to the message.
- */
+ */
if(!isSingleHost(keys->keyentries[id]->ip) && isAgent)
{
snprintf(msg_encrypted, 16, "!%s!:", keys->keyentries[id]->id);
@@ -567,13 +567,13 @@ int CreateSecMSG(keystore *keys, char *msg, char *msg_encrypted, int id)
* appended to the buffer. On dynamic ips, it will
* include the agent id.
*/
-
+
/* Encrypting everything */
- OS_BF_Str(_tmpmsg + (7 - bfsize), msg_encrypted + msg_size,
- keys->keyentries[id]->key,
- cmp_size,
+ OS_BF_Str(_tmpmsg + (7 - bfsize), msg_encrypted + msg_size,
+ keys->keyentries[id]->key,
+ cmp_size,
OS_ENCRYPT);
-
+
/* Storing before leaving */
StoreSenderCounter(keys, global_count, local_count);
diff --git a/src/os_csyslogd/._Makefile b/src/os_csyslogd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._Makefile and /dev/null differ
diff --git a/src/os_csyslogd/._alert.c b/src/os_csyslogd/._alert.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._alert.c and /dev/null differ
diff --git a/src/os_csyslogd/._config.c b/src/os_csyslogd/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._config.c and /dev/null differ
diff --git a/src/os_csyslogd/._csyslogd.c b/src/os_csyslogd/._csyslogd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._csyslogd.c and /dev/null differ
diff --git a/src/os_csyslogd/._csyslogd.h b/src/os_csyslogd/._csyslogd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._csyslogd.h and /dev/null differ
diff --git a/src/os_csyslogd/._main.c b/src/os_csyslogd/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_csyslogd/._main.c and /dev/null differ
diff --git a/src/os_csyslogd/alert.c b/src/os_csyslogd/alert.c
index 33a9907..f271cb5 100755
--- a/src/os_csyslogd/alert.c
+++ b/src/os_csyslogd/alert.c
@@ -117,8 +117,12 @@ int OS_Alert_SendSyslog(alert_data *al_data, SyslogConfig *syslog_config)
/* Remove the double quotes from "dangerous" fields */
- json_safe_comment = os_strip_char(al_data->comment, '"');
- json_safe_message = os_strip_char(al_data->log[0], '"');
+ if( (json_safe_comment = os_strip_char(al_data->comment, '"')) == NULL ) {
+ return(0);
+ }
+ if( (json_safe_message = os_strip_char(al_data->log[0], '"')) == NULL ) {
+ return(0);
+ }
/* Inserting data */
if(syslog_config->format == DEFAULT_CSYSLOG)
@@ -167,6 +171,12 @@ int OS_Alert_SendSyslog(alert_data *al_data, SyslogConfig *syslog_config)
field_add_string(syslog_msg, OS_SIZE_2048, " suser=%s", al_data->user );
field_add_string(syslog_msg, OS_SIZE_2048, " dst=%s", al_data->dstip );
field_add_truncated(syslog_msg, OS_SIZE_2048, " msg=%s", al_data->log[0], 2 );
+ if (al_data->new_md5 && al_data->new_sha1) {
+ field_add_string(syslog_msg, OS_SIZE_2048, " Previous MD5: %s", al_data->old_md5 );
+ field_add_string(syslog_msg, OS_SIZE_2048, " Current MD5: %s", al_data->new_md5 );
+ field_add_string(syslog_msg, OS_SIZE_2048, " Previous SHA1: %s", al_data->old_sha1 );
+ field_add_string(syslog_msg, OS_SIZE_2048, " Current SHA1: %s", al_data->new_sha1 );
+ }
}
else if(syslog_config->format == JSON_CSYSLOG)
{
diff --git a/src/os_csyslogd/config.c b/src/os_csyslogd/config.c
index f5ade46..91770e1 100755
--- a/src/os_csyslogd/config.c
+++ b/src/os_csyslogd/config.c
@@ -19,11 +19,11 @@
#include "config/config.h"
-/** void *OS_SyslogConf(int test_config, char *cfgfile,
+/** void *OS_SyslogConf(int test_config, char *cfgfile,
SyslogConfig **syslog_config)
* Reads configuration.
*/
-void *OS_ReadSyslogConf(int test_config, char *cfgfile,
+void *OS_ReadSyslogConf(int test_config, char *cfgfile,
SyslogConfig **syslog_config)
{
int modules = 0;
@@ -34,15 +34,15 @@ void *OS_ReadSyslogConf(int test_config, char *cfgfile,
modules|= CSYSLOGD;
gen_config.data = syslog_config;
-
+
/* Reading configuration */
if(ReadConfig(modules, cfgfile, &gen_config, NULL) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfgfile);
return(NULL);
- }
+ }
+
-
syslog_config = gen_config.data;
return(syslog_config);
diff --git a/src/os_csyslogd/csyslogd.c b/src/os_csyslogd/csyslogd.c
index d0eff9a..1a5a0aa 100755
--- a/src/os_csyslogd/csyslogd.c
+++ b/src/os_csyslogd/csyslogd.c
@@ -15,16 +15,12 @@
-/* strnlen is a GNU extension */
-#ifdef __linux__
- #define _GNU_SOURCE
- #include <string.h>
-#endif
+#include "shared.h"
+
#include "csyslogd.h"
#include "os_net/os_net.h"
-
/* OS_SyslogD: Monitor the alerts and sends them via syslog.
* Only return in case of error.
*/
@@ -33,6 +29,7 @@ void OS_CSyslogD(SyslogConfig **syslog_config)
int s = 0;
time_t tm;
struct tm *p;
+ int tries = 0;
file_queue *fileq;
alert_data *al_data;
@@ -45,7 +42,17 @@ void OS_CSyslogD(SyslogConfig **syslog_config)
/* Initating file queue - to read the alerts */
os_calloc(1, sizeof(file_queue), fileq);
- Init_FileQueue(fileq, p, 0);
+ while( (Init_FileQueue(fileq, p, 0) ) < 0 ) {
+ tries++;
+ if( tries > OS_CSYSLOGD_MAX_TRIES ) {
+ merror("%s: ERROR: Could not open queue after %d tries, exiting!",
+ ARGV0, tries
+ );
+ exit(1);
+ }
+ sleep(1);
+ }
+ debug1("%s: INFO: File queue connected.", ARGV0 );
/* Connecting to syslog. */
@@ -103,7 +110,7 @@ void OS_CSyslogD(SyslogConfig **syslog_config)
int field_add_string(char *dest, int size, const char *format, const char *value ) {
char buffer[OS_SIZE_2048];
int len = 0;
- int dest_sz = size - strnlen(dest, OS_SIZE_2048);
+ int dest_sz = size - strlen(dest);
if(dest_sz <= 0 ) {
// Not enough room in the buffer
@@ -128,7 +135,7 @@ int field_add_string(char *dest, int size, const char *format, const char *value
int field_add_truncated(char *dest, int size, const char *format, const char *value, int fmt_size ) {
char buffer[OS_SIZE_2048];
- int available_sz = size - strnlen(dest, OS_SIZE_2048);
+ int available_sz = size - strlen(dest);
int total_sz = strlen(value) + strlen(format) - fmt_size;
int field_sz = available_sz - strlen(format) + fmt_size;
@@ -148,24 +155,27 @@ int field_add_truncated(char *dest, int size, const char *format, const char *va
((value[0] != 'u') && (value[1] != 'n') && (value[4] != 'k'))
)
) {
- if( (truncated=malloc(field_sz)) == NULL ) {
- // Memory error
- return -3;
- }
- if( total_sz > available_sz ) {
- // Truncate and add a trailer
- os_substr(truncated, value, 0, field_sz - strlen(trailer) - 1);
- strcat(truncated, trailer);
+ if( (truncated=malloc(field_sz + 1)) != NULL ) {
+ if( total_sz > available_sz ) {
+ // Truncate and add a trailer
+ os_substr(truncated, value, 0, field_sz - strlen(trailer));
+ strcat(truncated, trailer);
+ }
+ else {
+ strncpy(truncated,value,field_sz);
+ }
+
+ len = snprintf(buffer, available_sz, format, truncated);
+ strncat(dest, buffer, available_sz);
}
else {
- strncpy(truncated,value,field_sz);
+ // Memory Error
+ len = -3;
}
-
- len = snprintf(buffer, available_sz, format, truncated);
- strncat(dest, buffer, available_sz);
- free(truncated);
}
+ // Free the temporary pointer
+ free(truncated);
return len;
}
@@ -174,7 +184,7 @@ int field_add_truncated(char *dest, int size, const char *format, const char *va
int field_add_int(char *dest, int size, const char *format, const int value ) {
char buffer[255];
int len = 0;
- int dest_sz = size - strnlen(dest, OS_SIZE_2048);
+ int dest_sz = size - strlen(dest);
if(dest_sz <= 0 ) {
// Not enough room in the buffer
diff --git a/src/os_csyslogd/csyslogd.h b/src/os_csyslogd/csyslogd.h
index 784d903..28435c9 100755
--- a/src/os_csyslogd/csyslogd.h
+++ b/src/os_csyslogd/csyslogd.h
@@ -20,6 +20,7 @@
#include "config/csyslogd-config.h"
+#define OS_CSYSLOGD_MAX_TRIES 10
/** Prototypes **/
diff --git a/src/os_csyslogd/main.c b/src/os_csyslogd/main.c
index 77c0859..5d110f5 100755
--- a/src/os_csyslogd/main.c
+++ b/src/os_csyslogd/main.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -36,7 +36,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1){
switch(c){
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
break;
case 'v':
print_version();
- break;
+ break;
case 'h':
help(ARGV0);
break;
@@ -69,13 +69,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -117,14 +118,14 @@ int main(int argc, char **argv)
if(ltmp)
*ltmp = '\0';
}
-
+
/* Exit here if test config is set */
if(test_config)
exit(0);
-
-
- if (!run_foreground)
+
+
+ if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
@@ -132,7 +133,7 @@ int main(int argc, char **argv)
}
-
+
/* Not configured */
if(!syslog_config || !syslog_config[0])
{
@@ -141,13 +142,13 @@ int main(int argc, char **argv)
exit(0);
}
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
@@ -157,8 +158,8 @@ int main(int argc, char **argv)
nowChroot();
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -170,15 +171,15 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR, ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real daemon now */
OS_CSyslogD(syslog_config);
diff --git a/src/os_dbd/._Makefile b/src/os_dbd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._Makefile and /dev/null differ
diff --git a/src/os_dbd/._README b/src/os_dbd/._README
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/os_dbd/._README and /dev/null differ
diff --git a/src/os_dbd/._alert.c b/src/os_dbd/._alert.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._alert.c and /dev/null differ
diff --git a/src/os_dbd/._config.c b/src/os_dbd/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._config.c and /dev/null differ
diff --git a/src/os_dbd/._db_op.c b/src/os_dbd/._db_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._db_op.c and /dev/null differ
diff --git a/src/os_dbd/._db_op.h b/src/os_dbd/._db_op.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._db_op.h and /dev/null differ
diff --git a/src/os_dbd/._dbd.c b/src/os_dbd/._dbd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._dbd.c and /dev/null differ
diff --git a/src/os_dbd/._dbd.h b/src/os_dbd/._dbd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._dbd.h and /dev/null differ
diff --git a/src/os_dbd/._dbmake.sh b/src/os_dbd/._dbmake.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._dbmake.sh and /dev/null differ
diff --git a/src/os_dbd/._main.c b/src/os_dbd/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._main.c and /dev/null differ
diff --git a/src/os_dbd/._mysql.schema b/src/os_dbd/._mysql.schema
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/os_dbd/._mysql.schema and /dev/null differ
diff --git a/src/os_dbd/._postgresql.schema b/src/os_dbd/._postgresql.schema
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/os_dbd/._postgresql.schema and /dev/null differ
diff --git a/src/os_dbd/._rules.c b/src/os_dbd/._rules.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._rules.c and /dev/null differ
diff --git a/src/os_dbd/._server.c b/src/os_dbd/._server.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_dbd/._server.c and /dev/null differ
diff --git a/src/os_dbd/Makefile b/src/os_dbd/Makefile
index 7b7f44b..31f421b 100755
--- a/src/os_dbd/Makefile
+++ b/src/os_dbd/Makefile
@@ -19,7 +19,7 @@ OBJS = ${OS_CONFIG} ${OS_SHARED} ${OS_NET} ${OS_REGEX} ${OS_XML}
default:
@echo "Compiling DB support with: ${DBCHECK}"
- ${CC} ${CFLAGS} ${OS_LINK} ${DBFLAGS} ${CDB} ${LOCAL} ${OBJS} -o ${NAME}
+ ${CC} ${CFLAGS} ${OS_LINK} ${DBFLAGS} ${LOCAL} ${OBJS} -o ${NAME} ${CDB}
clean:
${CLEAN}
build:
diff --git a/src/os_dbd/alert.c b/src/os_dbd/alert.c
index da33e16..cb3842b 100755
--- a/src/os_dbd/alert.c
+++ b/src/os_dbd/alert.c
@@ -79,7 +79,7 @@ int __DBSelectLocation(char *location, DBConfig *db_config)
int __DBInsertLocation(char *location, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
-
+
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
@@ -118,7 +118,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
/* Clearing the memory before insert */
sql_query[0] = '\0';
sql_query[OS_SIZE_8192] = '\0';
-
+
/* Converting srcip to int */
if(al_data->srcip)
@@ -157,8 +157,8 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
/* We first need to insert the location */
loc_id = OSHash_Get(db_config->location_hash, al_data->location);
-
-
+
+
/* If we dont have location id, we must select and/or insert in the db */
if(!loc_id)
{
@@ -172,7 +172,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
if(!location_id)
{
- merror("%s: Unable to insert location: '%s'.",
+ merror("%s: Unable to insert location: '%s'.",
ARGV0, al_data->location);
return(0);
}
@@ -183,7 +183,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
*loc_id = location_id;
OSHash_Add(db_config->location_hash, al_data->location, loc_id);
}
-
+
i = 0;
while(al_data->log[i])
@@ -191,10 +191,10 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
long len = strlen(al_data->log[i]);
char templog[len+2];
if (al_data->log[i+1]) {
- snprintf(templog, len, "%s\n", al_data->log[i]);
+ snprintf(templog, len+2, "%s\n", al_data->log[i]);
}
else {
- snprintf(templog, len, "%s", al_data->log[i]);
+ snprintf(templog, len+1, "%s", al_data->log[i]);
}
fulllog = os_LoadString(fulllog, templog);
// fulllog = os_LoadString(fulllog, al_data->log[i]);
@@ -217,7 +217,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
"INSERT INTO "
"data(id, server_id, \"user\", full_log) "
"VALUES ('%u', '%u', '%s', '%s') ",
- db_config->alert_id, db_config->server_id,
+ db_config->alert_id, db_config->server_id,
al_data->user, fulllog);
}
else
@@ -226,20 +226,20 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
"INSERT INTO "
"data(id, server_id, user, full_log) "
"VALUES ('%u', '%u', '%s', '%s') ",
- db_config->alert_id, db_config->server_id,
+ db_config->alert_id, db_config->server_id,
al_data->user, fulllog);
}
free(fulllog);
fulllog = NULL;
-
-
+
+
/* Inserting into the db */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
-
+
/* Generating final SQL */
@@ -260,7 +260,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
merror(DB_GENERROR, ARGV0);
}
-
+
db_config->alert_id++;
return(1);
}
diff --git a/src/os_dbd/config.c b/src/os_dbd/config.c
index 6ea78e9..9fed903 100755
--- a/src/os_dbd/config.c
+++ b/src/os_dbd/config.c
@@ -32,7 +32,7 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config)
modules|= CDBD;
modules|= CRULES;
-
+
/* Allocating config just to get the rules. */
os_calloc(1, sizeof(_Config), tmp_config);
@@ -54,7 +54,7 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config)
if(ReadConfig(modules, cfgfile, tmp_config, db_config) < 0)
return(OS_INVALID);
-
+
/* Here, we assign the rules to db_config and free the rest
* of the Config.
*/
@@ -73,7 +73,7 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config)
{
return(0);
}
-
+
/* Checking for a valid config. */
if(!db_config->host ||
@@ -98,7 +98,7 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config)
osdb_close = mysql_osdb_close;
}
#endif
-
+
#ifdef UPOSTGRES
if(db_config->db_type == POSTGDB)
{
@@ -117,17 +117,17 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config)
{
#ifndef UMYSQL
merror(DB_COMPILED, ARGV0, "mysql");
- return(OS_INVALID);
+ return(OS_INVALID);
#endif
}
else if(db_config->db_type == POSTGDB)
{
#ifndef UPOSTGRES
merror(DB_COMPILED, ARGV0, "postgresql");
- return(OS_INVALID);
+ return(OS_INVALID);
#endif
}
-
+
if(osdb_connect == NULL)
{
diff --git a/src/os_dbd/db_op.c b/src/os_dbd/db_op.c
index cfbea52..df73ade 100755
--- a/src/os_dbd/db_op.c
+++ b/src/os_dbd/db_op.c
@@ -12,7 +12,7 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common lib for dealing with databases */
@@ -47,7 +47,7 @@ void osdb_escapestr(char *str)
{
return;
}
-
+
while(*str)
{
if(*str == '\'')
@@ -85,27 +85,27 @@ void osdb_checkerror()
ErrorExit(DB_MAINERROR, ARGV0);
}
-
+
/* If error count is too large, we try to reconnect. */
if(db_config_pt->error_count > 0)
{
int i = 0;
if(db_config_pt->conn)
{
- osdb_close(db_config_pt->conn);
+ osdb_close(db_config_pt->conn);
db_config_pt->conn = NULL;
}
while(i <= db_config_pt->maxreconnect)
{
merror(DB_ATTEMPT, ARGV0);
- db_config_pt->conn = osdb_connect(db_config_pt->host,
+ db_config_pt->conn = osdb_connect(db_config_pt->host,
db_config_pt->user,
- db_config_pt->pass,
+ db_config_pt->pass,
db_config_pt->db,
db_config_pt->port,
db_config_pt->sock);
-
+
/* If we were able to reconnect, keep going. */
if(db_config_pt->conn)
{
@@ -122,11 +122,11 @@ void osdb_checkerror()
{
ErrorExit(DB_MAINERROR, ARGV0);
}
-
-
+
+
verbose("%s: Connected to database '%s' at '%s'.",
ARGV0, db_config_pt->db, db_config_pt->host);
-
+
}
}
@@ -183,8 +183,8 @@ void *mysql_osdb_connect(char *host, char *user, char *pass, char *db,
unsigned int p_type = MYSQL_PROTOCOL_TCP;
mysql_options(conn, MYSQL_OPT_PROTOCOL, (char *)&p_type);
}
- }
- if(mysql_real_connect(conn, host, user, pass, db,
+ }
+ if(mysql_real_connect(conn, host, user, pass, db,
port, sock, 0) == NULL)
{
merror(DBCONN_ERROR, ARGV0, host, db, mysql_error(conn));
@@ -209,7 +209,7 @@ void *mysql_osdb_close(void *db_conn)
/** int mysql_osdb_query_insert(void *db_conn, char *query)
- * Sends insert query to database.
+ * Sends insert query to database.
*/
int mysql_osdb_query_insert(void *db_conn, char *query)
{
@@ -235,7 +235,7 @@ int mysql_osdb_query_select(void *db_conn, char *query)
int result_int = 0;
MYSQL_RES *result_data;
MYSQL_ROW result_row;
-
+
/* Sending the query. It can not fail. */
if(mysql_query(db_conn, query) != 0)
@@ -246,7 +246,7 @@ int mysql_osdb_query_select(void *db_conn, char *query)
return(0);
}
-
+
/* Getting result */
result_data = mysql_use_result(db_conn);
if(result_data == NULL)
@@ -256,7 +256,7 @@ int mysql_osdb_query_select(void *db_conn, char *query)
osdb_seterror();
return(0);
}
-
+
/* Getting row. We only care about the first result. */
result_row = mysql_fetch_row(result_data);
@@ -264,7 +264,7 @@ int mysql_osdb_query_select(void *db_conn, char *query)
{
result_int = atoi(result_row[0]);
}
-
+
mysql_free_result(result_data);
@@ -281,11 +281,11 @@ int mysql_osdb_query_select(void *db_conn, char *query)
#if defined UPOSTGRES
-/** void *postgresql_osdb_connect(char *host, char *user, char *pass, char *db)
- * Create the PostgreSQL database connection.
+/** void *postgresql_osdb_connect(char *host, char *user, char *pass, char *db)
+ * Create the PostgreSQL database connection.
* Return NULL on error
*/
-void *postgresql_osdb_connect(char *host, char *user, char *pass, char *db,
+void *postgresql_osdb_connect(char *host, char *user, char *pass, char *db,
int port, char *sock)
{
PGconn *conn;
@@ -317,13 +317,13 @@ void *postgresql_osdb_close(void *db_conn)
/** int postgresql_osdb_query_insert(void *db_conn, char *query)
- * Sends insert query to database.
+ * Sends insert query to database.
*/
int postgresql_osdb_query_insert(void *db_conn, char *query)
{
PGresult *result;
-
-
+
+
result = PQexec(db_conn,query);
if(!result)
{
@@ -331,8 +331,8 @@ int postgresql_osdb_query_insert(void *db_conn, char *query)
osdb_seterror();
return(0);
}
-
-
+
+
if(PQresultStatus(result) != PGRES_COMMAND_OK)
{
merror(DBQUERY_ERROR, ARGV0, query, PQerrorMessage(db_conn));
@@ -341,7 +341,7 @@ int postgresql_osdb_query_insert(void *db_conn, char *query)
return(0);
}
-
+
PQclear(result);
return(1);
}
@@ -364,7 +364,7 @@ int postgresql_osdb_query_select(void *db_conn, char *query)
osdb_seterror();
return(0);
}
-
+
if((PQresultStatus(result) == PGRES_TUPLES_OK))
{
if(PQntuples(result) == 1)
@@ -396,7 +396,7 @@ int postgresql_osdb_query_select(void *db_conn, char *query)
-void *none_osdb_connect(char *host, char *user, char *pass, char *db,
+void *none_osdb_connect(char *host, char *user, char *pass, char *db,
int port, char *sock)
{
char *tmp;
@@ -404,8 +404,8 @@ void *none_osdb_connect(char *host, char *user, char *pass, char *db,
/* Just to avoid warnings. */
tmp = host; tmp = user; tmp = pass; tmp = db;
-
-
+
+
merror("%s: ERROR: Database support not enabled. Exiting.", ARGV0);
return(NULL);
}
@@ -431,7 +431,7 @@ void *none_osdb_query_select(void *db_conn, char *query)
void *tmp;
tmp = db_conn; tmp = query;
-
+
merror("%s: ERROR: Database support not enabled. Exiting.", ARGV0);
return(0);
}
diff --git a/src/os_dbd/db_op.h b/src/os_dbd/db_op.h
index 2458e80..a6031fc 100755
--- a/src/os_dbd/db_op.h
+++ b/src/os_dbd/db_op.h
@@ -12,7 +12,7 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with databases */
diff --git a/src/os_dbd/dbd.c b/src/os_dbd/dbd.c
index 8bc1ab1..dff139c 100755
--- a/src/os_dbd/dbd.c
+++ b/src/os_dbd/dbd.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -32,8 +32,8 @@
*/
void OS_DBD(DBConfig *db_config)
{
- time_t tm;
- struct tm *p;
+ time_t tm;
+ struct tm *p;
file_queue *fileq;
alert_data *al_data;
diff --git a/src/os_dbd/dbd.h b/src/os_dbd/dbd.h
index 40ef2bf..0defbfb 100755
--- a/src/os_dbd/dbd.h
+++ b/src/os_dbd/dbd.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -31,7 +31,7 @@ int OS_ReadDBConf(int test_config, char *cfgfile, DBConfig *db_config);
/* Inserts server info to the db. */
int OS_Server_ReadInsertDB(void *db_config);
-
+
/* Insert rules in to the database */
int OS_InsertRulesDB(DBConfig *db_config);
diff --git a/src/os_dbd/main.c b/src/os_dbd/main.c
index a2415b8..6e0b2a2 100755
--- a/src/os_dbd/main.c
+++ b/src/os_dbd/main.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -31,7 +31,7 @@ void db_info()
{
print_out(" ");
print_out("%s %s - %s", __name, __version, __author);
-
+
#ifdef UMYSQL
print_out("Compiled with MySQL support.");
#endif
@@ -43,7 +43,7 @@ void db_info()
#if !defined(UMYSQL) && !defined(UPOSTGRES)
print_out("Compiled without any Database support.");
#endif
-
+
print_out(" ");
print_out("%s",__license);
@@ -71,7 +71,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1){
switch(c){
@@ -80,7 +80,7 @@ int main(int argc, char **argv)
break;
case 'v':
db_info();
- break;
+ break;
case 'h':
help(ARGV0);
break;
@@ -104,13 +104,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -143,9 +144,9 @@ int main(int argc, char **argv)
/* Exit here if test config is set */
if(test_config)
exit(0);
-
-
- if(!run_foreground)
+
+
+ if(!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
@@ -153,7 +154,7 @@ int main(int argc, char **argv)
}
-
+
/* Not configured */
if(c == 0)
{
@@ -161,10 +162,10 @@ int main(int argc, char **argv)
exit(0);
}
-
+
/* Maybe disable this debug? */
debug1("%s: DEBUG: Connecting to '%s', using '%s', '%s', '%s', %d,'%s'.",
- ARGV0, db_config.host, db_config.user,
+ ARGV0, db_config.host, db_config.user,
db_config.pass, db_config.db,db_config.port,db_config.sock);
@@ -175,13 +176,13 @@ int main(int argc, char **argv)
/* Getting maximum reconned attempts */
db_config.maxreconnect = getDefine_Int("dbd",
"reconnect_attempts", 1, 9999);
-
-
+
+
/* Connecting to the database */
c = 0;
while(c <= (db_config.maxreconnect * 10))
{
- db_config.conn = osdb_connect(db_config.host, db_config.user,
+ db_config.conn = osdb_connect(db_config.host, db_config.user,
db_config.pass, db_config.db,
db_config.port,db_config.sock);
@@ -193,7 +194,7 @@ int main(int argc, char **argv)
c++;
sleep(c * 60);
-
+
}
@@ -203,18 +204,18 @@ int main(int argc, char **argv)
merror(DB_CONFIGERR, ARGV0);
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
-
+
/* We must notify that we connected -- easy debugging */
- verbose("%s: Connected to database '%s' at '%s'.",
+ verbose("%s: Connected to database '%s' at '%s'.",
ARGV0, db_config.db, db_config.host);
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
@@ -238,8 +239,8 @@ int main(int argc, char **argv)
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -251,15 +252,15 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real daemon now */
OS_DBD(&db_config);
diff --git a/src/os_dbd/rules.c b/src/os_dbd/rules.c
index eae49ab..bce942a 100755
--- a/src/os_dbd/rules.c
+++ b/src/os_dbd/rules.c
@@ -52,7 +52,7 @@ int __Groups_SelectGroup(char *group, DBConfig *db_config)
int __Groups_InsertGroup(char *group, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
-
+
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
@@ -137,7 +137,7 @@ void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
char *tmp_group;
char *tmp_str;
-
+
debug1("%s: DEBUG: entering _Groups_ReadInsertDB", ARGV0);
@@ -146,7 +146,7 @@ void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
{
return;
}
-
+
tmp_str = strchr(rule->group, ',');
tmp_group = rule->group;
@@ -164,7 +164,7 @@ void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
while(*tmp_group == ' ')
tmp_group++;
-
+
/* Checking for empty group */
if(*tmp_group == '\0')
{
@@ -201,7 +201,7 @@ void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
}
}
-
+
/* Getting next category */
tmp_group = tmp_str;
if(tmp_group)
@@ -209,7 +209,7 @@ void _Groups_ReadInsertDB(RuleInfo *rule, DBConfig *db_config)
tmp_str = strchr(tmp_group, ',');
}
}
-
+
return;
}
@@ -224,7 +224,7 @@ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
-
+
/* Escaping strings */
osdb_escapestr(rule->group);
osdb_escapestr(rule->comment);
@@ -235,11 +235,11 @@ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
rule->level = 20;
if(rule->level < 0)
rule->level = 0;
-
-
+
+
debug1("%s: DEBUG: entering _Rules_ReadInsertDB()", ARGV0);
-
-
+
+
/* Checking rule limit */
if(rule->sigid < 0 || rule->sigid > 9999999)
{
@@ -250,18 +250,18 @@ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
/* Inserting group into the signature mapping */
_Groups_ReadInsertDB(rule, db_config);
-
-
-
+
+
+
debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid);
-
+
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"SELECT id FROM signature "
"where rule_id = %u",
rule->sigid);
-
+
if(osdb_query_select(dbc->conn, sql_query) == 0)
{
snprintf(sql_query, OS_SIZE_1024 -1,
@@ -278,7 +278,7 @@ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
rule->level, rule->comment,rule->sigid);
}
-
+
/* Checking return code. */
if(!osdb_query_insert(dbc->conn, sql_query))
{
@@ -292,12 +292,12 @@ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
int OS_InsertRulesDB(DBConfig *db_config)
{
char **rulesfiles;
-
+
rulesfiles = db_config->includes;
while(rulesfiles && *rulesfiles)
{
debug1("%s: Reading rules file: '%s'", ARGV0, *rulesfiles);
-
+
if(OS_ReadXMLRules(*rulesfiles, _Rules_ReadInsertDB, db_config) < 0)
{
merror(RULES_ERROR, ARGV0, *rulesfiles);
diff --git a/src/os_dbd/server.c b/src/os_dbd/server.c
index 08c1466..0f9f855 100755
--- a/src/os_dbd/server.c
+++ b/src/os_dbd/server.c
@@ -51,14 +51,14 @@ int __DBSelectServer(char *server, DBConfig *db_config)
int __DBInsertServer(char *server, char *info, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
-
+
memset(sql_query, '\0', OS_SIZE_1024);
/* Checking if the server is present */
snprintf(sql_query, OS_SIZE_1024 -1,
"SELECT id from server where hostname = '%s'",
server);
-
+
/* If not present, we insert */
if(osdb_query_select(db_config->conn, sql_query) == 0)
{
@@ -106,10 +106,10 @@ int OS_Server_ReadInsertDB(void *db_config)
int server_id = 0;
char *info;
-
+
debug1("%s: DEBUG: entering OS_Server_ReadInsertDB()", ARGV0);
-
+
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
@@ -139,8 +139,8 @@ int OS_Server_ReadInsertDB(void *db_config)
/* Getting server id */
server_id = __DBSelectServer(__shost, (DBConfig *)db_config);
-
-
+
+
return(server_id);
}
diff --git a/src/os_execd/._Makefile b/src/os_execd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._Makefile and /dev/null differ
diff --git a/src/os_execd/._config.c b/src/os_execd/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._config.c and /dev/null differ
diff --git a/src/os_execd/._exec.c b/src/os_execd/._exec.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._exec.c and /dev/null differ
diff --git a/src/os_execd/._execd.c b/src/os_execd/._execd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._execd.c and /dev/null differ
diff --git a/src/os_execd/._execd.h b/src/os_execd/._execd.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._execd.h and /dev/null differ
diff --git a/src/os_execd/._win_execd.c b/src/os_execd/._win_execd.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_execd/._win_execd.c and /dev/null differ
diff --git a/src/os_execd/config.c b/src/os_execd/config.c
index 537f6f3..17c1166 100755
--- a/src/os_execd/config.c
+++ b/src/os_execd/config.c
@@ -11,7 +11,7 @@
*/
-#include "shared.h"
+#include "shared.h"
#include "execd.h"
@@ -56,8 +56,8 @@ int ExecdConfig(char * cfgfile)
else
{
merror(XML_VALUEERR, ARGV0,
- "disabled",
- disable_entry);
+ "disabled",
+ disable_entry);
return(-1);
}
}
@@ -71,11 +71,11 @@ int ExecdConfig(char * cfgfile)
if(!repeated_a)
{
merror(XML_VALUEERR, ARGV0,
- "repeated_offenders",
- disable_entry);
+ "repeated_offenders",
+ disable_entry);
return(-1);
}
-
+
while(repeated_a[i] != NULL)
{
char *tmpt = repeated_a[i];
@@ -102,8 +102,8 @@ int ExecdConfig(char * cfgfile)
i++;
}
}
-
-
+
+
OS_ClearXML(&xml);
return(is_disabled);
}
diff --git a/src/os_execd/exec.c b/src/os_execd/exec.c
index 6ca5b71..7b0a673 100755
--- a/src/os_execd/exec.c
+++ b/src/os_execd/exec.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -22,9 +22,9 @@ int exec_size = 0;
int f_time_reading = 1;
-/** int ReadExecConfig() v0.1:
+/** int ReadExecConfig() v0.1:
* Reads the shared exec config.
- * Returns 1 on success or 0 on failure.
+ * Returns 1 on success or 0 on failure.
* Format of the file is 'name - command - timeout'
*/
int ReadExecConfig()
@@ -42,8 +42,8 @@ int ReadExecConfig()
exec_timeout[i] = 0;
}
exec_size = 0;
-
-
+
+
/* Opening file */
fp = fopen(DEFAULTARPATH, "r");
if(!fp)
@@ -71,7 +71,7 @@ int ReadExecConfig()
*tmp_str = '\0';
tmp_str++;
-
+
/* Searching for ' ' and - */
if(*tmp_str == '-')
{
@@ -84,12 +84,12 @@ int ReadExecConfig()
}
-
+
/* Setting the name */
strncpy(exec_names[exec_size], str_pt, OS_FLSIZE);
exec_names[exec_size][OS_FLSIZE] = '\0';
-
+
str_pt = tmp_str;
tmp_str = strchr(tmp_str, ' ');
@@ -100,11 +100,11 @@ int ReadExecConfig()
}
*tmp_str = '\0';
-
+
/* Writting the full command path */
- snprintf(exec_cmd[exec_size], OS_FLSIZE,
- "%s/%s",
- AR_BINDIRPATH,
+ snprintf(exec_cmd[exec_size], OS_FLSIZE,
+ "%s/%s",
+ AR_BINDIRPATH,
str_pt);
process_file = fopen(exec_cmd[exec_size], "r");
if(!process_file)
@@ -116,14 +116,14 @@ int ReadExecConfig()
ARGV0, exec_cmd[exec_size]);
}
- exec_cmd[exec_size][0] = '\0';
+ exec_cmd[exec_size][0] = '\0';
}
else
{
fclose(process_file);
}
-
+
/* Searching for ' ' and - */
tmp_str++;
if(*tmp_str == '-')
@@ -135,14 +135,14 @@ int ReadExecConfig()
merror(EXEC_INV_CONF, ARGV0, DEFAULTARPATH);
continue;
}
-
-
- str_pt = tmp_str;
+
+
+ str_pt = tmp_str;
tmp_str = strchr(tmp_str, '\n');
if(tmp_str)
*tmp_str = '\0';
-
+
/* Getting the exec timeout */
exec_timeout[exec_size] = atoi(str_pt);
@@ -166,7 +166,7 @@ int ReadExecConfig()
}
}
}
-
+
if(dup_entry)
{
exec_cmd[exec_size][0] = '\0';
diff --git a/src/os_execd/execd.c b/src/os_execd/execd.c
index 67dd356..765ec89 100755
--- a/src/os_execd/execd.c
+++ b/src/os_execd/execd.c
@@ -35,17 +35,17 @@ OSList *timeout_list;
OSListNode *timeout_node;
OSHash *repeated_hash;
int repeated_offenders_timeout[] = {0,0,0,0,0,0,0};
-
-/**
- * Shudowns execd properly.
+
+/**
+ * Shutdowns execd properly.
*/
void execd_shutdown()
{
/* Removing pending active responses. */
merror(EXEC_SHUTDOWN, ARGV0);
-
+
timeout_node = OSList_GetFirstNode(timeout_list);
while(timeout_node)
{
@@ -85,7 +85,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vtdhfu:g:D:c:")) != -1){
switch(c){
@@ -110,6 +110,7 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument.",ARGV0);
dir = optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument.",ARGV0);
@@ -117,7 +118,7 @@ int main(int argc, char **argv)
break;
case 't':
test_config = 1;
- break;
+ break;
default:
help(ARGV0);
break;
@@ -133,7 +134,7 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR,ARGV0,"",group);
- /* Privilege separation */
+ /* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
@@ -148,18 +149,18 @@ int main(int argc, char **argv)
/* Exit if test_config */
if(test_config)
exit(0);
-
-
+
+
/* Signal manipulation */
StartSIG2(ARGV0, execd_shutdown);
-
- if (!run_foreground)
+
+ if (!run_foreground)
{
/* Going daemon */
nowDaemon();
goDaemon();
- }
+ }
/* Active response disabled */
@@ -168,12 +169,12 @@ int main(int argc, char **argv)
verbose(EXEC_DISABLED, ARGV0);
exit(0);
}
-
+
/* Creating the PID file */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR, ARGV0);
-
+
/* Starting queue (exec queue) */
if((m_queue = StartMQ(EXECQUEUEPATH,READ)) < 0)
ErrorExit(QUEUE_ERROR, ARGV0, EXECQUEUEPATH, strerror(errno));
@@ -181,11 +182,11 @@ int main(int argc, char **argv)
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
- /* The real daemon Now */
+
+ /* The real daemon Now */
ExecdStart(m_queue);
-
+
exit(0);
}
@@ -209,7 +210,7 @@ void FreeTimeoutEntry(void *timeout_entry_pt)
{
return;
}
-
+
tmp_str = timeout_entry->command;
/* Clearing the command arguments */
@@ -242,7 +243,7 @@ void ExecdStart(int q)
{
int i, childcount = 0;
time_t curr_time;
-
+
char buffer[OS_MAXSTR + 1];
char *tmp_msg = NULL;
char *name;
@@ -254,20 +255,20 @@ void ExecdStart(int q)
fd_set fdset;
struct timeval socket_timeout;
-
+
/* Clearing the buffer */
memset(buffer, '\0', OS_MAXSTR +1);
-
-
+
+
/* Initializing the cmd arguments */
for(i = 0; i<= MAX_ARGS +1; i++)
{
cmd_args[i] = NULL;
}
-
-
+
+
/* Creating list for timeout */
- timeout_list = OSList_Create();
+ timeout_list = OSList_Create();
if(!timeout_list)
{
ErrorExit(LIST_ERROR, ARGV0);
@@ -283,14 +284,14 @@ void ExecdStart(int q)
repeated_hash = NULL;
}
-
-
+
+
/* Main loop. */
while(1)
{
int timeout_value;
int added_before = 0;
-
+
char **timeout_args;
timeout_data *timeout_entry;
@@ -330,13 +331,13 @@ void ExecdStart(int q)
timeout_data *list_entry;
list_entry = (timeout_data *)timeout_node->data;
-
+
/* Timeouted */
- if((curr_time - list_entry->time_of_addition) >
+ if((curr_time - list_entry->time_of_addition) >
list_entry->time_to_block)
{
ExecCmd(list_entry->command);
-
+
/* Deletecurrently node already sets the pointer to next */
OSList_DeleteCurrentlyNode(timeout_list);
timeout_node = OSList_GetCurrentlyNode(timeout_list);
@@ -353,7 +354,7 @@ void ExecdStart(int q)
}
}
-
+
/* Setting timeout to EXECD_TIMEOUT */
socket_timeout.tv_sec = EXECD_TIMEOUT;
socket_timeout.tv_usec= 0;
@@ -394,8 +395,8 @@ void ExecdStart(int q)
/* Getting application name */
name = buffer;
-
-
+
+
/* Zeroing the name */
tmp_msg = strchr(buffer, ' ');
if(!tmp_msg)
@@ -428,10 +429,10 @@ void ExecdStart(int q)
/* Allocating memory for the timeout argument */
os_calloc(MAX_ARGS+2, sizeof(char *), timeout_args);
-
+
/* Adding initial variables to the cmd_arg and to the timeout cmd */
- cmd_args[0] = command;
+ cmd_args[0] = command;
cmd_args[1] = ADD_ENTRY;
os_strdup(command, timeout_args[0]);
os_strdup(DELETE_ENTRY, timeout_args[1]);
@@ -462,7 +463,7 @@ void ExecdStart(int q)
i++;
}
-
+
/* Check this command was already executed. */
timeout_node = OSList_GetFirstNode(timeout_list);
@@ -476,15 +477,15 @@ void ExecdStart(int q)
merror("%s: Invalid number of arguments.", ARGV0);
}
-
-
+
+
while(timeout_node)
{
timeout_data *list_entry;
list_entry = (timeout_data *)timeout_node->data;
if((strcmp(list_entry->command[3], timeout_args[3]) == 0) &&
- (strcmp(list_entry->command[0], timeout_args[0]) == 0))
+ (strcmp(list_entry->command[0], timeout_args[0]) == 0))
{
/* Means we executed this command before
* and we don't need to add it again.
@@ -495,7 +496,7 @@ void ExecdStart(int q)
/* updating the timeout */
list_entry->time_of_addition = curr_time;
- if(repeated_offenders_timeout[0] != 0 &&
+ if(repeated_offenders_timeout[0] != 0 &&
repeated_hash != NULL &&
strncmp(timeout_args[3],"-", 1) != 0)
{
@@ -583,7 +584,7 @@ void ExecdStart(int q)
else
{
/* Adding to the repeated offenders list. */
- OSHash_Add(repeated_hash,
+ OSHash_Add(repeated_hash,
strdup(rkey),strdup("0"));
}
}
@@ -601,9 +602,9 @@ void ExecdStart(int q)
{
merror(LIST_ADD_ERROR, ARGV0);
FreeTimeoutEntry(timeout_entry);
- }
+ }
}
-
+
/* If no timeout, we still need to free it in here */
else
{
@@ -619,7 +620,7 @@ void ExecdStart(int q)
childcount++;
}
-
+
/* We didn't add it to the timeout list */
else
{
diff --git a/src/os_execd/execd.h b/src/os_execd/execd.h
index 8977fd6..3eedd30 100755
--- a/src/os_execd/execd.h
+++ b/src/os_execd/execd.h
@@ -32,7 +32,7 @@
/* Maximum number of command arguments */
-#define MAX_ARGS 32
+#define MAX_ARGS 32
/* Execd select timeout -- in seconds */
diff --git a/src/os_execd/win_execd.c b/src/os_execd/win_execd.c
index 66b1f9d..1af0f1b 100755
--- a/src/os_execd/win_execd.c
+++ b/src/os_execd/win_execd.c
@@ -24,9 +24,9 @@
#ifdef ARGV0
#undef ARGV0
#endif
-
+
#define ARGV0 "ossec-execd"
-
+
@@ -42,7 +42,7 @@ typedef struct _timeout_data
/* Timeout list */
OSList *timeout_list;
OSListNode *timeout_node;
-
+
@@ -67,15 +67,15 @@ int WinExecd_Start()
/* Exit if test_config */
if(test_config)
return(0);
-
-
+
+
/* Active response disabled */
if(c == 1)
{
verbose(EXEC_DISABLED, ARGV0);
return(0);
}
-
+
/* Creating list for timeout */
timeout_list = OSList_Create();
@@ -83,12 +83,12 @@ int WinExecd_Start()
{
ErrorExit(LIST_ERROR, ARGV0);
}
-
-
+
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
-
+
return(1);
}
@@ -106,7 +106,7 @@ void WinTimeoutRun(int curr_time)
list_entry = (timeout_data *)timeout_node->data;
/* Timeouted */
- if((curr_time - list_entry->time_of_addition) >
+ if((curr_time - list_entry->time_of_addition) >
list_entry->time_to_block)
{
ExecCmd_Win32(list_entry->command[0]);
@@ -147,7 +147,7 @@ void WinExecdRun(char *exec_msg)
char *cmd_user;
char *cmd_ip;
char buffer[OS_MAXSTR + 1];
-
+
timeout_data *timeout_entry;
@@ -195,7 +195,7 @@ void WinExecdRun(char *exec_msg)
}
*tmp_msg = '\0';
tmp_msg++;
-
+
/* Getting the command to execute (valid name) */
command = GetCommandbyName(name, &timeout_value);
@@ -221,11 +221,11 @@ void WinExecdRun(char *exec_msg)
/* Adding initial variables to the timeout cmd */
- snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"",
- command, DELETE_ENTRY, cmd_user, cmd_ip, tmp_msg);
+ snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"",
+ command, DELETE_ENTRY, cmd_user, cmd_ip, tmp_msg);
os_strdup(buffer, timeout_args[0]);
timeout_args[1] = NULL;
-
+
/* Getting size for the strncmp */
@@ -234,12 +234,12 @@ void WinExecdRun(char *exec_msg)
{
if(buffer[i] == ' ')
j++;
-
+
i++;
if(j == 4)
break;
}
-
+
/* Check this command was already executed. */
timeout_node = OSList_GetFirstNode(timeout_list);
@@ -272,7 +272,7 @@ void WinExecdRun(char *exec_msg)
/* If it wasn't added before, do it now */
if(!added_before)
{
- snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"", command,
+ snprintf(buffer, OS_MAXSTR, "\"%s\" %s \"%s\" \"%s\" \"%s\"", command,
ADD_ENTRY, cmd_user, cmd_ip, tmp_msg);
/* executing command */
@@ -293,7 +293,7 @@ void WinExecdRun(char *exec_msg)
{
merror(LIST_ADD_ERROR, ARGV0);
FreeTimeoutEntry(timeout_entry);
- }
+ }
}
/* If no timeout, we still need to free it in here */
diff --git a/src/os_maild/._Makefile b/src/os_maild/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._Makefile and /dev/null differ
diff --git a/src/os_maild/._config.c b/src/os_maild/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._config.c and /dev/null differ
diff --git a/src/os_maild/._mail_list.c b/src/os_maild/._mail_list.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._mail_list.c and /dev/null differ
diff --git a/src/os_maild/._mail_list.h b/src/os_maild/._mail_list.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._mail_list.h and /dev/null differ
diff --git a/src/os_maild/._maild.c b/src/os_maild/._maild.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._maild.c and /dev/null differ
diff --git a/src/os_maild/._maild.h b/src/os_maild/._maild.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._maild.h and /dev/null differ
diff --git a/src/os_maild/._os_maild_client.c b/src/os_maild/._os_maild_client.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._os_maild_client.c and /dev/null differ
diff --git a/src/os_maild/._sendcustomemail.c b/src/os_maild/._sendcustomemail.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._sendcustomemail.c and /dev/null differ
diff --git a/src/os_maild/._sendmail.c b/src/os_maild/._sendmail.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_maild/._sendmail.c and /dev/null differ
diff --git a/src/os_maild/config.c b/src/os_maild/config.c
index 6ab75b0..a3a20f3 100755
--- a/src/os_maild/config.c
+++ b/src/os_maild/config.c
@@ -53,7 +53,7 @@ int MailConf(int test_config, char *cfgfile, MailConfig *Mail)
{
verbose(MAIL_DIS, ARGV0);
}
- exit(0);
+ exit(0);
}
return(0);
diff --git a/src/os_maild/mail_list.c b/src/os_maild/mail_list.c
index 477957e..b96c8ef 100755
--- a/src/os_maild/mail_list.c
+++ b/src/os_maild/mail_list.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -36,7 +36,7 @@ void OS_CreateMailList(int maxsize)
_memorymaxsize = maxsize;
_memoryused = 0;
-
+
return;
}
@@ -59,13 +59,13 @@ MailNode *OS_PopLastMail()
n_node = NULL;
return(NULL);
}
-
+
_memoryused--;
-
+
lastnode = lastnode->prev;
/* Remove the last */
- return(oldlast);
+ return(oldlast);
}
@@ -73,14 +73,14 @@ void FreeMailMsg(MailMsg *ml)
{
if(ml == NULL)
return;
-
+
if(ml->subject)
free(ml->subject);
-
+
if(ml->body)
free(ml->body);
-
- free(ml);
+
+ free(ml);
}
@@ -91,11 +91,11 @@ void FreeMail(MailNode *ml)
return;
if(ml->mail->subject)
free(ml->mail->subject);
-
+
if(ml->mail->body)
free(ml->mail->body);
- free(ml->mail);
+ free(ml->mail);
free(ml);
}
@@ -104,32 +104,32 @@ void FreeMail(MailNode *ml)
void OS_AddMailtoList(MailMsg *ml)
{
MailNode *tmp_node = n_node;
-
+
if(tmp_node)
{
MailNode *new_node;
new_node = (MailNode *)calloc(1,sizeof(MailNode));
-
+
if(new_node == NULL)
{
ErrorExit(MEM_ERROR,ARGV0);
}
- /* Always adding to the beginning of the list
+ /* Always adding to the beginning of the list
* The new node will become the first node and
* new_node->next will be the previous first node
*/
new_node->next = tmp_node;
new_node->prev = NULL;
tmp_node->prev = new_node;
-
+
n_node = new_node;
/* Adding the event to the node */
new_node->mail = ml;
_memoryused++;
-
+
/* Need to remove the last node */
if(_memoryused > _memorymaxsize)
{
@@ -137,14 +137,14 @@ void OS_AddMailtoList(MailMsg *ml)
oldlast = lastnode;
lastnode = lastnode->prev;
-
+
/* free last node */
FreeMail(oldlast);
-
+
_memoryused--;
}
}
-
+
else
{
/* Adding first node */
@@ -157,8 +157,8 @@ void OS_AddMailtoList(MailMsg *ml)
n_node->prev = NULL;
n_node->next = NULL;
n_node->mail = ml;
-
- lastnode = n_node;
+
+ lastnode = n_node;
}
return;
diff --git a/src/os_maild/mail_list.h b/src/os_maild/mail_list.h
index 2fd7786..6d2587a 100755
--- a/src/os_maild/mail_list.h
+++ b/src/os_maild/mail_list.h
@@ -9,8 +9,8 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
-
+
+
#ifndef _MAILIST__H
#define _MAILIST__H
@@ -27,7 +27,7 @@ typedef struct _MailNode
/* Add an email to the list */
void OS_AddMailtoList(MailMsg *ml);
-/* Return the last event from the Event list
+/* Return the last event from the Event list
* removing it from there
*/
MailNode *OS_PopLastMail();
diff --git a/src/os_maild/maild.c b/src/os_maild/maild.c
index 0097d6e..15bfc30 100755
--- a/src/os_maild/maild.c
+++ b/src/os_maild/maild.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -43,7 +43,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
@@ -73,13 +73,14 @@ int main(int argc, char **argv)
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
+ break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
default:
help(ARGV0);
@@ -106,12 +107,12 @@ int main(int argc, char **argv)
mail.strict_checking = getDefine_Int("maild",
"strict_checking",
0, 1);
-
+
/* Get groupping */
mail.groupping = getDefine_Int("maild",
"groupping",
0, 1);
-
+
/* Getting subject type */
mail.subject_full = getDefine_Int("maild",
"full_subject",
@@ -123,25 +124,25 @@ int main(int argc, char **argv)
"geoip",
0, 1);
#endif
-
-
+
+
/* Exit here if test config is set */
if(test_config)
exit(0);
-
- if(!run_foreground)
+
+ if(!run_foreground)
{
nowDaemon();
goDaemon();
}
-
+
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
-
+
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
@@ -149,8 +150,8 @@ int main(int argc, char **argv)
nowChroot();
-
- /* Changing user */
+
+ /* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
@@ -162,16 +163,16 @@ int main(int argc, char **argv)
/* Signal manipulation */
StartSIG(ARGV0);
-
+
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR, ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* the real daemon now */
OS_Run(&mail);
@@ -188,13 +189,13 @@ void OS_Run(MailConfig *mail)
MailMsg *s_msg = NULL;
MailMsg *msg_sms = NULL;
- time_t tm;
- struct tm *p;
+ time_t tm;
+ struct tm *p;
int i = 0;
int mailtosend = 0;
int childcount = 0;
- int today = 0;
+ int today = 0;
int thishour = 0;
int n_errs = 0;
@@ -217,13 +218,13 @@ void OS_Run(MailConfig *mail)
/* Creating the list */
- OS_CreateMailList(MAIL_LIST_SIZE);
-
-
+ OS_CreateMailList(MAIL_LIST_SIZE);
+
+
/* Setting default timeout */
mail_timeout = DEFAULT_TIMEOUT;
-
+
/* Clearing global vars */
_g_subject_level = 0;
memset(_g_subject, '\0', SUBJECT_SIZE +2);
@@ -234,14 +235,14 @@ void OS_Run(MailConfig *mail)
tm = time(NULL);
p = localtime(&tm);
-
+
/* SMS messages are sent without delay */
if(msg_sms)
{
pid_t pid;
-
+
pid = fork();
-
+
if(pid < 0)
{
merror("%s: Fork failed. cause: %d - %s", ARGV0, errno, strerror(errno));
@@ -266,7 +267,7 @@ void OS_Run(MailConfig *mail)
/* Increasing child count */
childcount++;
}
-
+
/* If mail_timeout == NEXTMAIL_TIMEOUT, we will try to get
* more messages, before sending anything
@@ -275,9 +276,9 @@ void OS_Run(MailConfig *mail)
{
/* getting more messages */
}
-
-
- /* Hour changed. Send all supressed mails */
+
+
+ /* Hour changed. Send all supressed mails */
else if(((mailtosend < mail->maxperhour) && (mailtosend != 0))||
((p->tm_hour != thishour) && (childcount < MAXCHILDPROCESS)))
{
@@ -304,29 +305,29 @@ void OS_Run(MailConfig *mail)
{
if(OS_Sendmail(mail, p) < 0)
merror(SNDMAIL_ERROR,ARGV0,mail->smtpserver);
-
- exit(0);
+
+ exit(0);
}
-
+
/* Cleaning the memory */
- mailmsg = OS_PopLastMail();
+ mailmsg = OS_PopLastMail();
do
{
- FreeMail(mailmsg);
+ FreeMail(mailmsg);
mailmsg = OS_PopLastMail();
}while(mailmsg);
-
-
- /* Increasing child count */
- childcount++;
+
+
+ /* Increasing child count */
+ childcount++;
/* Clearing global vars */
_g_subject[0] = '\0';
_g_subject[SUBJECT_SIZE -1] = '\0';
_g_subject_level = 0;
-
-
+
+
/* Cleaning up set values */
if(mail->gran_to)
{
@@ -349,12 +350,12 @@ void OS_Run(MailConfig *mail)
/* If we sent everything */
if(p->tm_hour != thishour)
{
- thishour = p->tm_hour;
+ thishour = p->tm_hour;
mailtosend = 0;
}
}
-
+
/* Saved message for the do_not_group option.
*/
if(s_msg)
@@ -374,15 +375,15 @@ void OS_Run(MailConfig *mail)
i++;
}
}
-
+
OS_AddMailtoList(s_msg);
s_msg = NULL;
mailtosend++;
continue;
}
-
-
+
+
/* Receive message from queue */
if((msg = OS_RecvMailQ(fileq, p, mail, &msg_sms)) != NULL)
{
@@ -399,7 +400,7 @@ void OS_Run(MailConfig *mail)
{
OS_AddMailtoList(msg);
}
-
+
/* Change timeout to see if any new message is coming shortly */
if(mail->groupping)
@@ -442,19 +443,19 @@ void OS_Run(MailConfig *mail)
/* Waiting for the childs .. */
- while (childcount)
+ while (childcount)
{
int wp;
int p_status;
wp = waitpid((pid_t) -1, &p_status, WNOHANG);
if (wp < 0)
{
- merror(WAITPID_ERROR, ARGV0);
+ merror(WAITPID_ERROR, ARGV0);
n_errs++;
}
- /* if = 0, we still need to wait for the child process */
- else if (wp == 0)
+ /* if = 0, we still need to wait for the child process */
+ else if (wp == 0)
break;
else
{
@@ -475,7 +476,7 @@ void OS_Run(MailConfig *mail)
exit(1);
}
}
-
+
}
}
diff --git a/src/os_maild/maild.h b/src/os_maild/maild.h
index 6215c26..efa09fd 100755
--- a/src/os_maild/maild.h
+++ b/src/os_maild/maild.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -22,7 +22,7 @@
/* Each timeout is x * 5 */
#define NEXTMAIL_TIMEOUT 2 /* Time to check for next msg - 5 */
-#define DEFAULT_TIMEOUT 18 /* socket read timeout - 18 (*5)*/
+#define DEFAULT_TIMEOUT 18 /* socket read timeout - 18 (*5)*/
#define SUBJECT_SIZE 128 /* Maximum subject size */
/* Maximum body size */
@@ -66,7 +66,7 @@ typedef struct _MailMsg
#include "config/mail-config.h"
-/* Config function */
+/* Config function */
int MailConf(int test_config, char *cfgfile, MailConfig *Mail);
diff --git a/src/os_maild/os_maild_client.c b/src/os_maild/os_maild_client.c
index 7ff11e0..641b0cd 100755
--- a/src/os_maild/os_maild_client.c
+++ b/src/os_maild/os_maild_client.c
@@ -19,12 +19,12 @@
#include "config/config.h"
#endif
-/* OS_RecvMailQ,
+/* OS_RecvMailQ,
* v0.1, 2005/03/15
* Receive a Message on the Mail queue
* v0,2: Using the new file-queue.
*/
-MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
+MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
MailConfig *Mail, MailMsg **msg_sms)
{
int i = 0, body_size = OS_MAXSTR -3, log_size, sms_set = 0,donotgroup = 0;
@@ -34,7 +34,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
char geoip_msg_src[OS_SIZE_1024 +1];
char geoip_msg_dst[OS_SIZE_1024 +1];
#endif
-
+
MailMsg *mail;
alert_data *al_data;
@@ -56,23 +56,68 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
/* Generating the logs */
logs[0] = '\0';
logs[OS_MAXSTR] = '\0';
-
+
while(al_data->log[i])
{
log_size = strlen(al_data->log[i]) + 4;
-
+
/* If size left is small than the size of the log, stop it */
if(body_size <= log_size)
{
break;
}
-
+
strncat(logs, al_data->log[i], body_size);
strncat(logs, "\r\n", body_size);
body_size -= log_size;
i++;
}
+ if (al_data->old_md5)
+ {
+ log_size = strlen(al_data->old_md5) + 16 + 4;
+ if(body_size > log_size)
+ {
+ strncat(logs, "Old md5sum was: ", 16);
+ strncat(logs, al_data->old_md5, body_size);
+ strncat(logs, "\r\n", 4);
+ body_size -= log_size;
+ }
+ }
+ if (al_data->new_md5)
+ {
+ log_size = strlen(al_data->new_md5) + 16 + 4;
+ if(body_size > log_size)
+ {
+ strncat(logs, "New md5sum is : ", 16);
+ strncat(logs, al_data->new_md5, body_size);
+ strncat(logs, "\r\n", 4);
+ body_size -= log_size;
+ }
+ }
+ if (al_data->old_sha1)
+ {
+ log_size = strlen(al_data->old_sha1) + 17 + 4;
+ if(body_size > log_size)
+ {
+ strncat(logs, "Old sha1sum was: ", 17);
+ strncat(logs, al_data->old_sha1, body_size);
+ strncat(logs, "\r\n", 4);
+ body_size -= log_size;
+ }
+ }
+ if (al_data->new_sha1)
+ {
+ log_size = strlen(al_data->new_sha1) + 17 + 4;
+ if(body_size > log_size)
+ {
+ strncat(logs, "New sha1sum is : ", 17);
+ strncat(logs, al_data->new_sha1, body_size);
+ strncat(logs, "\r\n", 4);
+ body_size -= log_size;
+ }
+ }
+
/* Subject */
subject_host = strchr(al_data->location, '>');
@@ -87,12 +132,12 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
{
/* Option for a clean full subject (without ossec in the name) */
#ifdef CLEANFULL
- snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT_FULL2,
+ snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT_FULL2,
al_data->level,
al_data->comment,
al_data->location);
#else
- snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT_FULL,
+ snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT_FULL,
al_data->location,
al_data->level,
al_data->comment);
@@ -100,12 +145,12 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
}
else
{
- snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT,
+ snprintf(mail->subject, SUBJECT_SIZE -1, MAIL_SUBJECT,
al_data->location,
al_data->level);
}
-
+
/* fixing subject back */
if(subject_host)
{
@@ -131,7 +176,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
geoip_msg_dst[0] = '\0';
}
#endif
-
+
/* Body */
#ifdef GEOIP
snprintf(mail->body, BODY_SIZE -1, MAIL_BODY,
@@ -152,6 +197,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
al_data->comment,
logs);
#endif
+ debug2("OS_RecvMailQ: mail->body[%s]", mail->body);
/* Checking for granular email configs */
if(Mail->gran_to)
@@ -160,7 +206,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
while(Mail->gran_to[i] != NULL)
{
int gr_set = 0;
-
+
/* Looking if location is set */
if(Mail->gran_location[i])
{
@@ -176,7 +222,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
continue;
}
}
-
+
/* Looking for the level */
if(Mail->gran_level[i])
{
@@ -216,7 +262,7 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
continue;
}
}
-
+
/* Looking for the group */
if(Mail->gran_group[i])
@@ -290,13 +336,13 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
_g_subject_level = al_data->level;
}
}
-
-
+
+
/* If sms is set, create the sms output */
if(sms_set)
{
MailMsg *msg_sms_tmp;
-
+
/* Allocate memory for sms */
os_calloc(1,sizeof(MailMsg), msg_sms_tmp);
os_calloc(BODY_SIZE, sizeof(char), msg_sms_tmp->body);
@@ -310,17 +356,17 @@ MailMsg *OS_RecvMailQ(file_queue *fileq, struct tm *p,
strncpy(msg_sms_tmp->body, logs, 128);
msg_sms_tmp->body[127] = '\0';
-
+
/* Assigning msg_sms */
*msg_sms = msg_sms_tmp;
}
-
-
-
+
+
+
/* Clearing the memory */
FreeAlertData(al_data);
-
+
return(mail);
}
diff --git a/src/os_maild/sendcustomemail.c b/src/os_maild/sendcustomemail.c
index b1d4bc2..36d96f5 100755
--- a/src/os_maild/sendcustomemail.c
+++ b/src/os_maild/sendcustomemail.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -35,6 +35,7 @@
#define TO "To: <%s>\r\n"
#define CC "Cc: <%s>\r\n"
#define SUBJECT "Subject: %s\r\n"
+#define ENDHEADER "\r\n"
#define ENDDATA "\r\n.\r\n"
#define QUITMSG "QUIT\r\n"
@@ -113,7 +114,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, F
if(msg)
free(msg);
close(socket);
- return(OS_INVALID);
+ return(OS_INVALID);
}
}
else
@@ -210,7 +211,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, F
{
break;
}
-
+
memset(snd_msg,'\0',128);
snprintf(snd_msg,127, TO, to[i]);
OS_SendTCP(socket,snd_msg);
@@ -230,7 +231,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, F
#else
strftime(snd_msg, 127, "Date: %a, %d %b %Y %T %z\r\n",p);
#endif
-
+
OS_SendTCP(socket,snd_msg);
@@ -240,6 +241,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, F
OS_SendTCP(socket, snd_msg);
+ OS_SendTCP(socket,ENDHEADER);
/* Sending body */
@@ -247,7 +249,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, F
while(fgets(buffer, 2048, fp) != NULL)
{
OS_SendTCP(socket,buffer);
- }
+ }
/* Sending end of data \r\n.\r\n */
diff --git a/src/os_maild/sendmail.c b/src/os_maild/sendmail.c
index 0e51df9..d743900 100755
--- a/src/os_maild/sendmail.c
+++ b/src/os_maild/sendmail.c
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
@@ -36,6 +36,7 @@
#define TO "To: <%s>\r\n"
#define CC "Cc: <%s>\r\n"
#define SUBJECT "Subject: %s\r\n"
+#define ENDHEADER "\r\n"
#define ENDDATA "\r\n.\r\n"
#define QUITMSG "QUIT\r\n"
@@ -110,7 +111,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
if(msg)
free(msg);
close(socket);
- return(OS_INVALID);
+ return(OS_INVALID);
}
}
else
@@ -153,7 +154,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
/* Additional RCPT to */
final_to[0] = '\0';
final_to_sz = sizeof(final_to) -2;
-
+
if(mail->gran_to)
{
i = 0;
@@ -186,7 +187,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
snprintf(snd_msg,127, TO, mail->gran_to[i]);
strncat(final_to, snd_msg, final_to_sz);
final_to_sz -= strlen(snd_msg) +2;
-
+
i++;
continue;
}
@@ -219,7 +220,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
/* Sending date */
memset(snd_msg,'\0',128);
-
+
/* Solaris doesn't have the "%z", so we set the timezone to 0. */
#ifdef SOLARIS
@@ -227,7 +228,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
#else
strftime(snd_msg, 127, "Date: %a, %d %b %Y %T %z\r\n",p);
#endif
-
+
OS_SendTCP(socket,snd_msg);
@@ -236,6 +237,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
snprintf(snd_msg, 127, SUBJECT, sms_msg->subject);
OS_SendTCP(socket,snd_msg);
+ OS_SendTCP(socket,ENDHEADER);
/* Sending body */
@@ -288,7 +290,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
MailNode *mailmsg;
additional_to[0] = '\0';
-
+
/* If there is no sms message, we attempt to get from the
* email list.
*/
@@ -298,7 +300,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
{
merror("%s: No email to be sent. Inconsistent state.",ARGV0);
}
-
+
/* Connecting to the smtp server */
socket = OS_ConnectTCP(SMTP_DEFAULT_PORT, mail->smtpserver, 0);
@@ -346,7 +348,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
if(msg)
free(msg);
close(socket);
- return(OS_INVALID);
+ return(OS_INVALID);
}
}
else
@@ -439,9 +441,9 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
free(msg);
i++;
- continue;
+ continue;
}
-
+
MAIL_DEBUG("DEBUG: Sent '%s', received: '%s'", snd_msg, msg);
free(msg);
i++;
@@ -485,7 +487,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
{
break;
}
-
+
memset(snd_msg,'\0',128);
snprintf(snd_msg,127, TO, mail->to[i]);
OS_SendTCP(socket,snd_msg);
@@ -526,7 +528,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
#else
strftime(snd_msg, 127, "Date: %a, %d %b %Y %T %z\r\n",p);
#endif
-
+
OS_SendTCP(socket,snd_msg);
@@ -549,6 +551,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
}
OS_SendTCP(socket,snd_msg);
+ OS_SendTCP(socket,ENDHEADER);
/* Sending body */
diff --git a/src/os_net/._COPYRIGHT b/src/os_net/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._COPYRIGHT and /dev/null differ
diff --git a/src/os_net/._Makefile b/src/os_net/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._Makefile and /dev/null differ
diff --git a/src/os_net/._VERSION b/src/os_net/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._VERSION and /dev/null differ
diff --git a/src/os_net/._os_err.h b/src/os_net/._os_err.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._os_err.h and /dev/null differ
diff --git a/src/os_net/._os_net.c b/src/os_net/._os_net.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._os_net.c and /dev/null differ
diff --git a/src/os_net/._os_net.h b/src/os_net/._os_net.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_net/._os_net.h and /dev/null differ
diff --git a/src/os_net/os_err.h b/src/os_net/os_err.h
index 365cd65..78fcb92 100755
--- a/src/os_net/os_err.h
+++ b/src/os_net/os_err.h
@@ -6,7 +6,7 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
diff --git a/src/os_net/os_net.c b/src/os_net/os_net.c
index 3591fb8..c282b9f 100755
--- a/src/os_net/os_net.c
+++ b/src/os_net/os_net.c
@@ -6,18 +6,18 @@
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 2) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-/* OS_net Library.
+/* OS_net Library.
* APIs for many network operations.
*/
-
-
+
+
#include "shared.h"
@@ -57,7 +57,7 @@ int OS_Bindport(unsigned int _port, unsigned int _proto, char *_ip, int ipv6)
ipv6 = 0;
#endif
-
+
if(_proto == IPPROTO_UDP)
{
if((ossock = socket(ipv6 == 1?PF_INET6:PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
@@ -72,8 +72,8 @@ int OS_Bindport(unsigned int _port, unsigned int _proto, char *_ip, int ipv6)
{
return(int)(OS_SOCKTERR);
}
-
- if(setsockopt(ossock, SOL_SOCKET, SO_REUSEADDR,
+
+ if(setsockopt(ossock, SOL_SOCKET, SO_REUSEADDR,
(char *)&flag, sizeof(flag)) < 0)
{
return(OS_SOCKTERR);
@@ -127,8 +127,8 @@ int OS_Bindport(unsigned int _port, unsigned int _proto, char *_ip, int ipv6)
return(OS_SOCKTERR);
}
}
-
-
+
+
return(ossock);
}
@@ -162,7 +162,7 @@ int OS_BindUnixDomain(char * path, int mode, int max_msg_size)
/* Making sure the path isn't there */
unlink(path);
-
+
memset(&n_us, 0, sizeof(n_us));
n_us.sun_family = AF_UNIX;
strncpy(n_us.sun_path, path, sizeof(n_us.sun_path)-1);
@@ -175,23 +175,23 @@ int OS_BindUnixDomain(char * path, int mode, int max_msg_size)
close(ossock);
return(OS_SOCKTERR);
}
-
+
/* Changing permissions */
chmod(path,mode);
-
-
+
+
/* Getting current maximum size */
if(getsockopt(ossock, SOL_SOCKET, SO_RCVBUF, &len, &optlen) == -1)
return(OS_SOCKTERR);
-
-
+
+
/* Setting socket opt */
if(len < max_msg_size)
{
len = max_msg_size;
setsockopt(ossock, SOL_SOCKET, SO_RCVBUF, &len, optlen);
}
-
+
return(ossock);
}
@@ -235,8 +235,8 @@ int OS_ConnectUnixDomain(char * path, int max_msg_size)
len = max_msg_size;
setsockopt(ossock, SOL_SOCKET, SO_SNDBUF, &len, optlen);
}
-
-
+
+
/* Returning the socket */
return(ossock);
}
@@ -250,14 +250,14 @@ int OS_getsocketsize(int ossock)
/* Getting current maximum size */
if(getsockopt(ossock, SOL_SOCKET, SO_SNDBUF, &len, &optlen) == -1)
return(OS_SOCKTERR);
-
- return(len);
+
+ return(len);
}
#endif
/* OS_Connect v 0.1, 2004/07/21
- * Open a TCP/UDP client socket
+ * Open a TCP/UDP client socket
*/
int OS_Connect(unsigned int _port, unsigned int protocol, char *_ip, int ipv6)
{
@@ -296,7 +296,7 @@ int OS_Connect(unsigned int _port, unsigned int protocol, char *_ip, int ipv6)
if((_ip == NULL)||(_ip[0] == '\0'))
- return(OS_INVALID);
+ return(OS_INVALID);
if(ipv6 == 1)
@@ -338,7 +338,7 @@ int OS_ConnectTCP(unsigned int _port, char *_ip, int ipv6)
/* OS_ConnectUDP, v0.1
- * Open a UDP socket
+ * Open a UDP socket
*/
int OS_ConnectUDP(unsigned int _port, char *_ip, int ipv6)
{
@@ -363,7 +363,7 @@ int OS_SendTCPbySize(int socket, int size, char *msg)
{
if((send(socket, msg, size, 0)) < size)
return (OS_SOCKTERR);
-
+
return(0);
}
@@ -383,11 +383,11 @@ int OS_SendUDPbySize(int socket, int size, char *msg)
return(OS_SOCKTERR);
}
- i++;
+ i++;
merror("%s: INFO: Remote socket busy, waiting %d s.", __local_name, i);
- sleep(i);
+ sleep(i);
}
-
+
return(0);
}
@@ -401,7 +401,7 @@ int OS_AcceptTCP(int socket, char *srcip, int addrsize)
int clientsocket;
struct sockaddr_in _nc;
socklen_t _ncl;
-
+
memset(&_nc, 0, sizeof(_nc));
_ncl = sizeof(_nc);
@@ -428,7 +428,7 @@ char *OS_RecvTCP(int socket, int sizet)
ret = (char *) calloc((sizet), sizeof(char));
if(ret == NULL)
return(NULL);
-
+
if((retsize = recv(socket, ret, sizet-1,0)) <= 0)
return(NULL);
@@ -465,7 +465,7 @@ int OS_RecvTCPBuffer(int socket, char *buffer, int sizet)
char *OS_RecvUDP(int socket, int sizet)
{
char *ret;
-
+
ret = (char *) calloc((sizet), sizeof(char));
if(ret == NULL)
return(NULL);
@@ -487,8 +487,8 @@ int OS_RecvConnUDP(int socket, char *buffer, int buffer_size)
recv_b = recv(socket, buffer, buffer_size, 0);
if(recv_b < 0)
return(0);
-
- return(recv_b);
+
+ return(recv_b);
}
@@ -499,7 +499,7 @@ int OS_RecvConnUDP(int socket, char *buffer, int buffer_size)
int OS_RecvUnix(int socket, int sizet, char *ret)
{
ssize_t recvd;
- if((recvd = recvfrom(socket, ret, sizet -1, 0,
+ if((recvd = recvfrom(socket, ret, sizet -1, 0,
(struct sockaddr*)&n_us,&us_l)) < 0)
return(0);
@@ -510,13 +510,13 @@ int OS_RecvUnix(int socket, int sizet, char *ret)
/* OS_SendUnix, v0.1, 2004/07/29
* Send a message using a Unix socket.
- * Returns the OS_SOCKETERR if it
- */
+ * Returns the OS_SOCKETERR if it
+ */
int OS_SendUnix(int socket, char * msg, int size)
{
if(size == 0)
size = strlen(msg)+1;
-
+
if(send(socket, msg, size,0) < size)
{
if(errno == ENOBUFS)
@@ -524,7 +524,7 @@ int OS_SendUnix(int socket, char * msg, int size)
return(OS_SOCKTERR);
}
-
+
return(OS_SUCCESS);
}
#endif
@@ -537,13 +537,13 @@ char *OS_GetHost(char *host, int attempts)
{
int i = 0;
int sz;
-
+
char *ip;
struct hostent *h;
if(host == NULL)
return(NULL);
-
+
while(i <= attempts)
{
if((h = gethostbyname(host)) == NULL)
diff --git a/src/os_net/os_net.h b/src/os_net/os_net.h
index d366488..33d27fb 100755
--- a/src/os_net/os_net.h
+++ b/src/os_net/os_net.h
@@ -30,9 +30,9 @@ int OS_Bindportudp(unsigned int _port, char *_ip, int ipv6);
/* OS_BindUnixDomain
* Bind to a specific file, using the "mode" permissions in
* a Unix Domain socket.
- */
+ */
int OS_BindUnixDomain(char * path, int mode, int max_msg_size);
-int OS_ConnectUnixDomain(char * path, int max_msg_size);
+int OS_ConnectUnixDomain(char * path, int max_msg_size);
int OS_getsocketsize(int ossock);
@@ -52,7 +52,7 @@ int OS_RecvConnUDP(int socket, char *buffer, int buffer_size);
/* OS_RecvUnix
* Receive a message via a Unix socket
*/
-int OS_RecvUnix(int socket, int sizet, char *ret);
+int OS_RecvUnix(int socket, int sizet, char *ret);
/* OS_RecvTCP
@@ -61,9 +61,9 @@ int OS_RecvUnix(int socket, int sizet, char *ret);
int OS_AcceptTCP(int socket, char *srcip, int addrsize);
char *OS_RecvTCP(int socket, int sizet);
int OS_RecvTCPBuffer(int socket, char *buffer, int sizet);
-
-/* OS_SendTCP
+
+/* OS_SendTCP
* Send a TCP/UDP/UnixSocket packet (in a open socket)
*/
int OS_SendTCP(int socket, char *msg);
@@ -73,7 +73,7 @@ int OS_SendUnix(int socket, char * msg, int size);
int OS_SendUDP(int socket, char *msg);
int OS_SendUDPbySize(int socket, int size, char *msg);
-
+
/* OS_GetHost
* Calls gethostbyname
diff --git a/src/os_regex/._COPYRIGHT b/src/os_regex/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._COPYRIGHT and /dev/null differ
diff --git a/src/os_regex/._Makefile b/src/os_regex/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._Makefile and /dev/null differ
diff --git a/src/os_regex/._README b/src/os_regex/._README
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._README and /dev/null differ
diff --git a/src/os_regex/._VERSION b/src/os_regex/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._VERSION and /dev/null differ
diff --git a/src/os_regex/._os_match.c b/src/os_regex/._os_match.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_match.c and /dev/null differ
diff --git a/src/os_regex/._os_match_compile.c b/src/os_regex/._os_match_compile.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_match_compile.c and /dev/null differ
diff --git a/src/os_regex/._os_match_execute.c b/src/os_regex/._os_match_execute.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_match_execute.c and /dev/null differ
diff --git a/src/os_regex/._os_match_free_pattern.c b/src/os_regex/._os_match_free_pattern.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_match_free_pattern.c and /dev/null differ
diff --git a/src/os_regex/._os_regex.c b/src/os_regex/._os_regex.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex.c and /dev/null differ
diff --git a/src/os_regex/._os_regex.h b/src/os_regex/._os_regex.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex.h and /dev/null differ
diff --git a/src/os_regex/._os_regex_compile.c b/src/os_regex/._os_regex_compile.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_compile.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_execute.c b/src/os_regex/._os_regex_execute.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_execute.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_free_pattern.c b/src/os_regex/._os_regex_free_pattern.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_free_pattern.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_free_substrings.c b/src/os_regex/._os_regex_free_substrings.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_free_substrings.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_internal.h b/src/os_regex/._os_regex_internal.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_internal.h and /dev/null differ
diff --git a/src/os_regex/._os_regex_maps.h b/src/os_regex/._os_regex_maps.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_maps.h and /dev/null differ
diff --git a/src/os_regex/._os_regex_match.c b/src/os_regex/._os_regex_match.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_match.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_str.c b/src/os_regex/._os_regex_str.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_str.c and /dev/null differ
diff --git a/src/os_regex/._os_regex_strbreak.c b/src/os_regex/._os_regex_strbreak.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/._os_regex_strbreak.c and /dev/null differ
diff --git a/src/os_regex/examples/._Makefile b/src/os_regex/examples/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._Makefile and /dev/null differ
diff --git a/src/os_regex/examples/._match.c b/src/os_regex/examples/._match.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._match.c and /dev/null differ
diff --git a/src/os_regex/examples/._regex.c b/src/os_regex/examples/._regex.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._regex.c and /dev/null differ
diff --git a/src/os_regex/examples/._regex_str.c b/src/os_regex/examples/._regex_str.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._regex_str.c and /dev/null differ
diff --git a/src/os_regex/examples/._run.sh b/src/os_regex/examples/._run.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._run.sh and /dev/null differ
diff --git a/src/os_regex/examples/._validate.pl b/src/os_regex/examples/._validate.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/._validate.pl and /dev/null differ
diff --git a/src/os_regex/examples/match.c b/src/os_regex/examples/match.c
index d63ffe7..2579dd1 100755
--- a/src/os_regex/examples/match.c
+++ b/src/os_regex/examples/match.c
@@ -2,7 +2,7 @@
* Under the public domain. It is just an example.
* Some examples of the usage for the os_regex library.
*/
-
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
diff --git a/src/os_regex/examples/regex.c b/src/os_regex/examples/regex.c
index 6200e33..a26eb9f 100755
--- a/src/os_regex/examples/regex.c
+++ b/src/os_regex/examples/regex.c
@@ -2,7 +2,7 @@
* Under the public domain. It is just an example.
* Some examples of the usage for the os_regex library.
*/
-
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
diff --git a/src/os_regex/examples/regex_str.c b/src/os_regex/examples/regex_str.c
index c28346f..08e6044 100755
--- a/src/os_regex/examples/regex_str.c
+++ b/src/os_regex/examples/regex_str.c
@@ -2,12 +2,12 @@
* Under the public domain. It is just an example.
* Some examples of usage for the os_regex library.
*/
-
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-
-/* Must be included */
+
+/* Must be included */
#include "os_regex.h"
int main(int argc,char **argv)
@@ -17,7 +17,7 @@ int main(int argc,char **argv)
/* OSRegex structure */
OSRegex reg;
-
+
/* checking for arguments */
if(argc != 3)
{
@@ -33,7 +33,7 @@ int main(int argc,char **argv)
if(OSRegex_Compile(argv[1], ®, OS_RETURN_SUBSTRING))
{
char *retv;
- /* If the execution succeeds, the substrings will be
+ /* If the execution succeeds, the substrings will be
* at reg.sub_strings
*/
if((retv = OSRegex_Execute(argv[2], ®)))
@@ -45,7 +45,7 @@ int main(int argc,char **argv)
printf("next pt: '%s'\n", retv);
/* Assigning reg.sub_strings to ret */
ret = reg.sub_strings;
-
+
printf("substrings:\n");
while(*ret)
{
@@ -63,13 +63,13 @@ int main(int argc,char **argv)
OSRegex_FreePattern(®);
}
-
+
/* Compilation error */
else
{
printf("Error: Regex Compile Error: %d\n", reg.error);
}
-
+
return(r_code);
}
/* EOF */
diff --git a/src/os_regex/examples/tests/._false.regex b/src/os_regex/examples/tests/._false.regex
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/tests/._false.regex and /dev/null differ
diff --git a/src/os_regex/examples/tests/._false.tests b/src/os_regex/examples/tests/._false.tests
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/tests/._false.tests and /dev/null differ
diff --git a/src/os_regex/examples/tests/._str.regex b/src/os_regex/examples/tests/._str.regex
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/tests/._str.regex and /dev/null differ
diff --git a/src/os_regex/examples/tests/._true.regex b/src/os_regex/examples/tests/._true.regex
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/tests/._true.regex and /dev/null differ
diff --git a/src/os_regex/examples/tests/._true.tests b/src/os_regex/examples/tests/._true.tests
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_regex/examples/tests/._true.tests and /dev/null differ
diff --git a/src/os_regex/os_match.c b/src/os_regex/os_match.c
index 35e0edf..3687523 100755
--- a/src/os_regex/os_match.c
+++ b/src/os_regex/os_match.c
@@ -39,7 +39,7 @@ int OS_Match2(char *pattern, char *str)
OSMatch_FreePattern(®);
}
-
+
return(r_code);
}
@@ -57,7 +57,7 @@ int OS_Match3(char *pattern, char *str, char *delimiter)
char *token = NULL;
char *dupstr = NULL;
char *saveptr = NULL;
-
+
/* debug2("1. str [%s], dupstr [%s], token[%s], delim [%s]", str, dupstr, token, delimiter); */
os_strdup(str, dupstr);
@@ -77,7 +77,7 @@ int OS_Match3(char *pattern, char *str, char *delimiter)
token = strtok_r(NULL, delimiter, &saveptr);
}
-
+
/* debug2("4. str [%s], dupstr [%s], token[%s], delim [%s]", str, dupstr, token, delimiter); */
free(dupstr);
return(r_code);
diff --git a/src/os_regex/os_match_compile.c b/src/os_regex/os_match_compile.c
index 366e79e..2fc552a 100755
--- a/src/os_regex/os_match_compile.c
+++ b/src/os_regex/os_match_compile.c
@@ -40,18 +40,18 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
int i = 0;
int count = 0;
int end_of_string = 0;
-
+
char *pt;
char *new_str;
char *new_str_free = NULL;
-
+
/* Checking for references not initialized */
if(reg == NULL)
{
return(0);
}
-
+
/* Initializing OSRegex structure */
reg->error = 0;
@@ -73,8 +73,8 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
reg->error = OS_REGEX_MAXSIZE;
goto compile_error;
}
-
-
+
+
/* Duping the pattern for our internal work */
new_str = strdup(pattern);
if(!new_str)
@@ -84,21 +84,21 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
}
new_str_free = new_str;
pt = new_str;
-
-
+
+
/* Getting the number of sub patterns */
while(*pt != '\0')
{
- /* The pattern must be always lower case if
+ /* The pattern must be always lower case if
* case sensitive is set
*/
if(!(flags & OS_CASE_SENSITIVE))
{
*pt = charmap[(uchar)*pt];
}
-
- /* Number of sub patterns */
+
+ /* Number of sub patterns */
if(*pt == OR)
{
count++;
@@ -107,17 +107,17 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
{
usstrstr = 1;
}
- pt++;
+ pt++;
}
-
-
+
+
/* For the last pattern */
count++;
reg->patterns = calloc(count +1, sizeof(char *));
reg->size = calloc(count +1, sizeof(int));
reg->match_fp = calloc(count +1, sizeof(void *));
-
-
+
+
/* Memory allocation error check */
if(!reg->patterns || !reg->size || !reg->match_fp)
{
@@ -134,12 +134,12 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
reg->size[i] = 0;
}
i = 0;
-
-
+
+
/* Reassigning pt to the beginning of the string */
pt = new_str;
-
+
/* Getting the sub patterns */
do
{
@@ -155,7 +155,7 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
/* Dupping the string */
if(*new_str == BEGINREGEX)
reg->patterns[i] = strdup(new_str +1);
- else
+ else
reg->patterns[i] = strdup(new_str);
/* Memory error */
@@ -199,7 +199,7 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
reg->match_fp[i] = _os_strstr;
reg->size[i] = strlen(reg->patterns[i]);
}
-
+
else
{
reg->match_fp[i] = _OS_Match;
@@ -223,16 +223,16 @@ int OSMatch_Compile(char *pattern, OSMatch *reg, int flags)
/* Success return */
free(new_str_free);
return(1);
-
-
+
+
/* Error handling */
compile_error:
-
+
if(new_str_free)
{
free(new_str_free);
}
-
+
OSMatch_FreePattern(reg);
return(0);
diff --git a/src/os_regex/os_match_execute.c b/src/os_regex/os_match_execute.c
index d61f0cb..8977484 100755
--- a/src/os_regex/os_match_execute.c
+++ b/src/os_regex/os_match_execute.c
@@ -39,10 +39,10 @@ int _OS_Match(char *pattern, char *str, int str_len, int size)
{
if(str[j] == '\0')
return(FALSE);
-
+
else if(*pt != charmap[(uchar)str[j]])
{
- pt = pattern;
+ pt = pattern;
goto nnext;
}
j++;pt++;
@@ -62,8 +62,8 @@ int _os_strncmp(char *pattern, char *str, int str_len, int size)
{
if(strncasecmp(pattern, str, size) == 0)
return(TRUE);
-
- return(FALSE);
+
+ return(FALSE);
}
/** Internal matching **/
@@ -71,8 +71,8 @@ int _os_strcmp(char *pattern, char *str, int str_len, int size)
{
if(strcasecmp(pattern, str) == 0)
return(TRUE);
-
- return(FALSE);
+
+ return(FALSE);
}
int _os_strmatch(char *pattern, char *str, int str_len, int size)
@@ -96,11 +96,11 @@ int _os_strcmp_last(char *pattern, char *str, int str_len, int size)
/* Size of the string must be bigger */
if((str_len - size) < 0)
return(FALSE);
-
+
if(strcasecmp(pattern, str + (str_len - size)) == 0)
return(TRUE);
-
- return(FALSE);
+
+ return(FALSE);
}
@@ -113,7 +113,7 @@ int _os_strcmp_last(char *pattern, char *str, int str_len, int size)
int OSMatch_Execute(char *str, int str_len, OSMatch *reg)
{
short int i = 0;
-
+
/* The string can't be NULL */
if(str == NULL)
{
@@ -125,9 +125,9 @@ int OSMatch_Execute(char *str, int str_len, OSMatch *reg)
/* Looping on all sub patterns */
while(reg->patterns[i])
{
- if(reg->match_fp[i](reg->patterns[i],
- str,
- str_len,
+ if(reg->match_fp[i](reg->patterns[i],
+ str,
+ str_len,
reg->size[i]) == TRUE)
{
return(1);
@@ -136,7 +136,7 @@ int OSMatch_Execute(char *str, int str_len, OSMatch *reg)
}
return(0);
-}
+}
/* EOF */
diff --git a/src/os_regex/os_match_free_pattern.c b/src/os_regex/os_match_free_pattern.c
index 7131f08..a9939f3 100755
--- a/src/os_regex/os_match_free_pattern.c
+++ b/src/os_regex/os_match_free_pattern.c
@@ -33,7 +33,7 @@ void OSMatch_FreePattern(OSMatch *reg)
{
if(*pattern)
free(*pattern);
- pattern++;
+ pattern++;
}
free(reg->patterns);
diff --git a/src/os_regex/os_regex.c b/src/os_regex/os_regex.c
index c429271..8e871ad 100755
--- a/src/os_regex/os_regex.c
+++ b/src/os_regex/os_regex.c
@@ -39,7 +39,7 @@ int OS_Regex(char *pattern, char *str)
OSRegex_FreePattern(®);
}
-
+
return(r_code);
}
diff --git a/src/os_regex/os_regex.h b/src/os_regex/os_regex.h
index 50827f4..0d68c8c 100755
--- a/src/os_regex/os_regex.h
+++ b/src/os_regex/os_regex.h
@@ -22,12 +22,12 @@
/* Pattern maximum size */
-#define OS_PATTERN_MAXSIZE 2048
+#define OS_PATTERN_MAXSIZE 2048
/* Error codes */
#define OS_REGEX_REG_NULL 1
-#define OS_REGEX_PATTERN_NULL 2
+#define OS_REGEX_PATTERN_NULL 2
#define OS_REGEX_MAXSIZE 3
#define OS_REGEX_OUTOFMEMORY 4
#define OS_REGEX_STR_NULL 5
@@ -70,7 +70,7 @@ typedef struct _OSMatch
* The error code is set on reg->error.
*/
int OSRegex_Compile(char *pattern, OSRegex *reg, int flags);
-
+
/** char *OSRegex_Execute(char *str, OSRegex *reg) v0.1
* Compare an already compiled regular expression with
@@ -93,7 +93,7 @@ void OSRegex_FreePattern(OSRegex *reg);
* Release all the memory created to store the sub strings.
* Returns void.
*/
-void OSRegex_FreeSubStrings(OSRegex *reg);
+void OSRegex_FreeSubStrings(OSRegex *reg);
/** int OS_Regex(char *pattern, char *str) v0.4
@@ -105,7 +105,7 @@ void OSRegex_FreeSubStrings(OSRegex *reg);
int OS_Regex(char *pattern, char *str);
-
+
/** int OSMatch_Compile(char *pattern, OSMatch *reg, int flags) v0.1
* Compile a pattern to be used later.
* Allowed flags are:
@@ -137,7 +137,7 @@ int OS_Match2(char *pattern, char *str);
int OS_Match3(char *pattern, char *str, char* delimiter);
-
+
/* OS_WordMatch v0.3:
* Searches for pattern in the string
*/
@@ -150,7 +150,7 @@ int OS_WordMatch(char *pattern, char *str);
* Returns a NULL terminated array on success or NULL on error.
*/
char **OS_StrBreak(char match, char *str, int size);
-
+
/** int OS_StrHowClosedMatch(char *str1, char *str2) v0.1
* Returns the number of characters that both strings
@@ -158,7 +158,7 @@ char **OS_StrBreak(char match, char *str, int size);
*/
int OS_StrHowClosedMatch(char *str1, char *str2);
-
+
/** Inline prototypes **/
@@ -181,7 +181,7 @@ int OS_StrIsNum(char *str);
* Checks if a specified char is in the following range:
* a-z, A-Z, 0-9, _-.
*/
-#include "os_regex_maps.h"
+#include "os_regex_maps.h"
#define isValidChar(x) (hostname_map[(unsigned char)x])
diff --git a/src/os_regex/os_regex_compile.c b/src/os_regex/os_regex_compile.c
index 12b04cd..10ae154 100755
--- a/src/os_regex/os_regex_compile.c
+++ b/src/os_regex/os_regex_compile.c
@@ -35,18 +35,18 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
int parenthesis = 0;
int prts_size = 0;
int max_prts_size = 0;
-
+
char *pt;
char *new_str;
char *new_str_free = NULL;
-
+
/* Checking for references not initialized */
if(reg == NULL)
{
return(0);
}
-
+
/* Initializing OSRegex structure */
reg->error = 0;
@@ -71,8 +71,8 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
reg->error = OS_REGEX_MAXSIZE;
goto compile_error;
}
-
-
+
+
/* Duping the pattern for our internal work */
new_str = strdup(pattern);
if(!new_str)
@@ -82,8 +82,8 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
}
new_str_free = new_str;
pt = new_str;
-
-
+
+
/* Getting the number of sub patterns */
do
{
@@ -91,12 +91,12 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
{
pt++;
if(!((*pt == 'w') ||
- (*pt == 'W') ||
- (*pt == 's') ||
- (*pt == 'S') ||
- (*pt == 'd') ||
- (*pt == 'D') ||
- (*pt == '.') ||
+ (*pt == 'W') ||
+ (*pt == 's') ||
+ (*pt == 'S') ||
+ (*pt == 'd') ||
+ (*pt == 'D') ||
+ (*pt == '.') ||
(*pt == '(') ||
(*pt == ')') ||
(*pt == 'p') ||
@@ -144,22 +144,22 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
parenthesis--;
prts_size++;
}
-
+
/* We only allow one level of parenthesis */
if(parenthesis != 0 && parenthesis != 1)
{
reg->error = OS_REGEX_BADPARENTHESIS;
goto compile_error;
}
-
- /* The pattern must be always lower case if
+
+ /* The pattern must be always lower case if
* case sensitive is set
*/
if(!(flags & OS_CASE_SENSITIVE))
{
*pt = charmap[(uchar)*pt];
}
-
+
if(*pt == OR)
{
/* Each sub pattern must be closed on parenthesis */
@@ -170,9 +170,9 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
}
count++;
}
- pt++;
+ pt++;
}while(*pt != '\0');
-
+
/* After the whole pattern is read, the parenthesis must all be closed */
if(parenthesis != 0)
@@ -180,14 +180,14 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
reg->error = OS_REGEX_BADPARENTHESIS;
goto compile_error;
}
-
-
+
+
/* Allocating the memory for the sub patterns */
count++;
reg->patterns = calloc(count +1, sizeof(char *));
reg->flags = calloc(count +1, sizeof(int));
-
-
+
+
/* For the substrings */
if((prts_size > 0) && (flags & OS_RETURN_SUBSTRING))
{
@@ -199,8 +199,8 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
goto compile_error;
}
}
-
-
+
+
/* Memory allocation error check */
if(!reg->patterns || !reg->flags)
{
@@ -222,12 +222,12 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
}
}
i = 0;
-
-
+
+
/* Reassigning pt to the beginning of the string */
pt = new_str;
-
+
/* Getting the sub patterns */
do
{
@@ -297,7 +297,7 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
{
max_prts_size = prts_size;
}
-
+
/* Allocating the memory */
reg->prts_closure[i] = calloc(prts_size + 1, sizeof(char *));
reg->prts_str[i] = calloc(prts_size + 1, sizeof(char *));
@@ -351,20 +351,20 @@ int OSRegex_Compile(char *pattern, OSRegex *reg, int flags)
reg->error = OS_REGEX_OUTOFMEMORY;
goto compile_error;
}
-
+
/* Success return */
free(new_str_free);
return(1);
-
-
+
+
/* Error handling */
compile_error:
-
+
if(new_str_free)
{
free(new_str_free);
}
-
+
OSRegex_FreePattern(reg);
return(0);
diff --git a/src/os_regex/os_regex_execute.c b/src/os_regex/os_regex_execute.c
index c2a86fd..5fef327 100755
--- a/src/os_regex/os_regex_execute.c
+++ b/src/os_regex/os_regex_execute.c
@@ -34,7 +34,7 @@ char *OSRegex_Execute(char *str, OSRegex *reg)
{
char *ret;
int i = 0;
-
+
/* The string can't be NULL */
if(str == NULL)
{
@@ -77,7 +77,7 @@ char *OSRegex_Execute(char *str, OSRegex *reg)
OSRegex_FreeSubStrings(reg);
return(NULL);
}
-
+
/* Set the next one to null */
reg->prts_str[i][j+1][0] = str_char;
k++;
@@ -95,13 +95,13 @@ char *OSRegex_Execute(char *str, OSRegex *reg)
return(0);
}
-
+
/* If we don't need the sub strings */
-
+
/* Looping on all sub patterns */
while(reg->patterns[i])
{
- if((ret = _OS_Regex(reg->patterns[i], str, NULL, NULL, reg->flags[i])))
+ if((ret = _OS_Regex(reg->patterns[i], str, NULL, NULL, reg->flags[i])))
{
return(ret);
}
@@ -109,7 +109,7 @@ char *OSRegex_Execute(char *str, OSRegex *reg)
}
return(NULL);
-}
+}
#define PRTS(x) ((prts(*x) && x++) || 1)
#define ENDOFFILE(x) ( PRTS(x) && (*x == '\0'))
@@ -120,26 +120,26 @@ char *OSRegex_Execute(char *str, OSRegex *reg)
* Returns 1 on success and 0 on failure.
* If prts_closure is set, the parenthesis locations will be
* written on prts_str (which must not be NULL)
- */
-char *_OS_Regex(char *pattern, char *str, char **prts_closure,
+ */
+char *_OS_Regex(char *pattern, char *str, char **prts_closure,
char **prts_str, int flags)
{
char *r_code = NULL;
-
+
int ok_here;
int _regex_matched = 0;
-
+
int prts_int;
char *st = str;
char *st_error = NULL;
-
+
char *pt = pattern;
char *next_pt;
char *pt_error[4] = {NULL, NULL, NULL, NULL};
char *pt_error_str[4];
-
+
/* Will loop the whole string, trying to find a match */
do
@@ -183,7 +183,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
if(Regex((uchar)*(pt+1), (uchar)*st))
{
next_pt = pt+2;
-
+
/* If we don't have a '+' or '*', we should skip
* searching using this pattern.
*/
@@ -202,7 +202,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
r_code = st;
continue;
}
-
+
/* If it is a '*', we need to set the _regex_matched
* for the first pattern even.
*/
@@ -213,7 +213,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
/* If our regex matches and we have a "+" set, we will
- * try the next one to see if it matches. If yes, we
+ * try the next one to see if it matches. If yes, we
* can jump to it, but saving our currently location
* in case of error.
* _regex_matched will set set to true after the first
@@ -231,7 +231,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
{
next_pt++;
}
-
+
if(*next_pt == '\0')
{
ok_here = 1;
@@ -272,7 +272,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
{
if(*(st+1) == '\0')
prts_str[prts_int] = st+1;
- else
+ else
prts_str[prts_int] = st;
break;
}
@@ -287,14 +287,14 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
continue;
}
-
+
/* Each "if" will increment the amount
* necessary for the next pattern in ok_here
*/
- if(ok_here)
+ if(ok_here)
next_pt+=ok_here;
-
-
+
+
if(!pt_error[0])
{
pt_error[0] = pt;
@@ -345,18 +345,18 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
_regex_matched = 1;
}
-
+
r_code = st;
continue;
}
-
+
else if((*(pt+3) == '\0') && (_regex_matched == 1)&&(r_code))
{
r_code = st;
if(!(flags & END_SET) || (flags & END_SET && (*st == '\0')))
return(r_code);
}
-
+
/* If we didn't match regex, but _regex_matched == 1, jump
* to the next available pattern
*/
@@ -438,7 +438,7 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
}
pt = pattern;
r_code = NULL;
-
+
}while(*(++st) != '\0');
@@ -450,9 +450,9 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
if(*pt == BACKSLASH && *(pt+2) == '*')
pt+=3;
else
- break;
+ break;
}
-
+
if(prts(*pt))
{
prts_int = 0;
@@ -469,28 +469,28 @@ char *_OS_Regex(char *pattern, char *str, char **prts_closure,
}
/* Cleaning up */
- if(ENDOFFILE(pt) ||
- (*pt == BACKSLASH &&
- _regex_matched &&
- (pt+=2) &&
- isPlus(*pt) &&
+ if(ENDOFFILE(pt) ||
+ (*pt == BACKSLASH &&
+ _regex_matched &&
+ (pt+=2) &&
+ isPlus(*pt) &&
+ (pt++) &&
+ ((ENDOFFILE(pt)) ||
+ ((*pt == BACKSLASH) &&
+ (pt+=2) &&
+ (*pt == '*') &&
(pt++) &&
- ((ENDOFFILE(pt)) ||
- ((*pt == BACKSLASH) &&
- (pt+=2) &&
- (*pt == '*') &&
- (pt++) &&
(ENDOFFILE(pt)) ))) ||
(*pt == BACKSLASH &&
(pt+=2) &&
(*pt == '*') &&
(pt++) &&
ENDOFFILE(pt))
- )
+ )
{
return(r_code);
}
-
+
return(NULL);
}
diff --git a/src/os_regex/os_regex_free_pattern.c b/src/os_regex/os_regex_free_pattern.c
index 305dde3..6ee085e 100755
--- a/src/os_regex/os_regex_free_pattern.c
+++ b/src/os_regex/os_regex_free_pattern.c
@@ -35,7 +35,7 @@ void OSRegex_FreePattern(OSRegex *reg)
{
if(*pattern)
free(*pattern);
- pattern++;
+ pattern++;
}
free(reg->patterns);
@@ -74,7 +74,7 @@ void OSRegex_FreePattern(OSRegex *reg)
/* Freeing the sub strings */
if(reg->sub_strings)
{
- OSRegex_FreeSubStrings(reg);
+ OSRegex_FreeSubStrings(reg);
free(reg->sub_strings);
reg->sub_strings = NULL;
}
diff --git a/src/os_regex/os_regex_internal.h b/src/os_regex/os_regex_internal.h
index 0102f91..299e5c2 100755
--- a/src/os_regex/os_regex_internal.h
+++ b/src/os_regex/os_regex_internal.h
@@ -25,13 +25,13 @@
#define OR '|'
#define AND '&'
-#define TRUE 1
+#define TRUE 1
#define FALSE 0
/* Pattern flags */
#define BEGIN_SET 0000200
-#define END_SET 0000400
+#define END_SET 0000400
/* uchar */
@@ -48,7 +48,7 @@ typedef unsigned char uchar;
*/
#define _IsW(x) ((x >= 48 && x <= 57 )|| \
(x >= 65 && x <= 90 )|| \
- (x >= 97 && x <= 122))
+ (x >= 97 && x <= 122))
/* Is it a ' ' (blank)
@@ -133,25 +133,25 @@ static const uchar charmap[] = {
-/* Regex mapping
+/* Regex mapping
* 0 = none
* 1 = \d
* 2 = \w
* 3 = \s
* 4 = \p
- * 5 = \(
+ * 5 = \(
* 6 = \)
* 7 = \\
* 8 = \D
* 9 = \W
* 10 = \S
- * 11 = \.
+ * 11 = \.
* 12 = \t
* 13 = \$
* 14 = |
* 15 = <
*/
-static const uchar regexmap[][256] =
+static const uchar regexmap[][256] =
{
{
'\000', '\000', '\000', '\000', '\000', '\000', '\000', '\000',
@@ -252,8 +252,8 @@ static const uchar regexmap[][256] =
'\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
},
{
'\000', '\000', '\002', '\003', '\004', '\005', '\006', '\007',
@@ -707,4 +707,4 @@ static const uchar regexmap[][256] =
#endif
-/* EOF */
+/* EOF */
diff --git a/src/os_regex/os_regex_maps.h b/src/os_regex/os_regex_maps.h
index 609b9f4..13286af 100644
--- a/src/os_regex/os_regex_maps.h
+++ b/src/os_regex/os_regex_maps.h
@@ -51,12 +51,12 @@ static const unsigned char hostname_map[] =
'\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
};
#endif
-/* EOF */
+/* EOF */
diff --git a/src/os_regex/os_regex_match.c b/src/os_regex/os_regex_match.c
index 8932cff..dfc24af 100755
--- a/src/os_regex/os_regex_match.c
+++ b/src/os_regex/os_regex_match.c
@@ -18,7 +18,7 @@
/* Algorithm:
* Go as faster as you can :)
- *
+ *
* Supports:
* '|' to separate multiple OR patterns
* '^' to match the begining of a string
@@ -29,8 +29,8 @@
int _InternalMatch(char *pattern, char *str,int count);
-/* OS_WordMatch v0.3:
- * Searches for pattern in the string
+/* OS_WordMatch v0.3:
+ * Searches for pattern in the string
*/
int OS_WordMatch(char *pattern, char *str)
{
@@ -57,9 +57,9 @@ int OS_WordMatch(char *pattern, char *str)
continue;
}
}
-
+
count++;
-
+
}while(pattern[count] != '\0');
/* Last check until end of string */
@@ -73,19 +73,19 @@ int _InternalMatch(char *pattern, char *str, int pattern_size)
uchar *st = (uchar *)str;
uchar last_char = pattern[pattern_size];
-
- /* Return true for some odd expressions */
+
+ /* Return true for some odd expressions */
if(*pattern == '\0')
return(TRUE);
-
+
/* If '^' specified, just do a strncasecmp */
else if(*pattern == '^')
{
pattern++;
pattern_size --;
-
+
/* Compare two string */
if(strncasecmp(pattern,str,pattern_size) == 0)
return(TRUE);
@@ -96,8 +96,8 @@ int _InternalMatch(char *pattern, char *str, int pattern_size)
/* Null line */
else if(*st == '\0')
return(FALSE);
-
-
+
+
/* Look to match the first pattern */
do
{
@@ -106,27 +106,27 @@ int _InternalMatch(char *pattern, char *str, int pattern_size)
{
str = (char *)st++;
pt++;
-
+
while(*pt != last_char)
{
if(*st == '\0')
return(FALSE);
-
+
else if(charmap[*pt] != charmap[*st])
goto error;
-
- st++;pt++;
+
+ st++;pt++;
}
/* Return here if pt == last_char */
return(TRUE);
-
+
error:
st = (uchar *)str;
pt = (uchar *)pattern;
-
+
}
-
+
st++;
}while(*st != '\0');
diff --git a/src/os_regex/os_regex_str.c b/src/os_regex/os_regex_str.c
index 4b5ddbc..2bc2212 100755
--- a/src/os_regex/os_regex_str.c
+++ b/src/os_regex/os_regex_str.c
@@ -23,12 +23,12 @@ int OS_StrIsNum(char *str)
{
if(str == NULL)
return(FALSE);
-
+
while(*str != '\0')
{
if(!_IsD(*str))
return(FALSE); /* 0 */
- str++;
+ str++;
}
return(TRUE);
@@ -37,12 +37,12 @@ int OS_StrIsNum(char *str)
/** int OS_StrHowClosedMatch(char *str1, char *str2) v0.1
* Returns the number of characters that both strings
- * have in similar.
+ * have in similar.
*/
int OS_StrHowClosedMatch(char *str1, char *str2)
{
int count = 0;
-
+
/* They don't match if any of them is null */
if(!str1 || !str2)
{
@@ -58,7 +58,7 @@ int OS_StrHowClosedMatch(char *str1, char *str2)
count++;
}while((str1[count] != '\0') && (str2[count] != '\0'));
-
+
return(count);
}
@@ -68,7 +68,7 @@ int OS_StrHowClosedMatch(char *str1, char *str2)
* Verifies if a string starts with the provided pattern.
* Returns 1 on success or 0 on failure.
*/
-#define startswith(x,y) (strncmp(x,y,strlen(y)) == 0?1:0)
-#define OS_StrStartsWith startswith
+#define startswith(x,y) (strncmp(x,y,strlen(y)) == 0?1:0)
+#define OS_StrStartsWith startswith
/* EOF */
diff --git a/src/os_regex/os_regex_strbreak.c b/src/os_regex/os_regex_strbreak.c
index 2294c2c..e6905c0 100755
--- a/src/os_regex/os_regex_strbreak.c
+++ b/src/os_regex/os_regex_strbreak.c
@@ -24,7 +24,7 @@ char **OS_StrBreak(char match, char *str, int size)
{
int count = 0;
int i = 0;
-
+
char *tmp_str = str;
char **ret;
@@ -40,7 +40,7 @@ char **OS_StrBreak(char match, char *str, int size)
/* Memory error. Should provice a better way to detect it */
return(NULL);
}
-
+
/* Allocating memory to null */
while(i <= size)
{
@@ -62,13 +62,13 @@ char **OS_StrBreak(char match, char *str, int size)
goto error;
}
- /* Copying the string */
+ /* Copying the string */
ret[count][i-1] = '\0';
strncpy(ret[count],tmp_str,i-1);
tmp_str = ++str;
count++;
- i=0;
+ i=0;
continue;
}
diff --git a/src/os_xml/._COPYRIGHT b/src/os_xml/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._COPYRIGHT and /dev/null differ
diff --git a/src/os_xml/._Makefile b/src/os_xml/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._Makefile and /dev/null differ
diff --git a/src/os_xml/._README b/src/os_xml/._README
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._README and /dev/null differ
diff --git a/src/os_xml/._VERSION b/src/os_xml/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._VERSION and /dev/null differ
diff --git a/src/os_xml/._os_xml.c b/src/os_xml/._os_xml.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml.c and /dev/null differ
diff --git a/src/os_xml/._os_xml.h b/src/os_xml/._os_xml.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml.h and /dev/null differ
diff --git a/src/os_xml/._os_xml_access.c b/src/os_xml/._os_xml_access.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml_access.c and /dev/null differ
diff --git a/src/os_xml/._os_xml_node_access.c b/src/os_xml/._os_xml_node_access.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml_node_access.c and /dev/null differ
diff --git a/src/os_xml/._os_xml_variables.c b/src/os_xml/._os_xml_variables.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml_variables.c and /dev/null differ
diff --git a/src/os_xml/._os_xml_writer.c b/src/os_xml/._os_xml_writer.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml_writer.c and /dev/null differ
diff --git a/src/os_xml/._os_xml_writer.h b/src/os_xml/._os_xml_writer.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/._os_xml_writer.h and /dev/null differ
diff --git a/src/os_xml/examples/._mem_test.c b/src/os_xml/examples/._mem_test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/examples/._mem_test.c and /dev/null differ
diff --git a/src/os_xml/examples/._test.c b/src/os_xml/examples/._test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/examples/._test.c and /dev/null differ
diff --git a/src/os_xml/examples/._test.xml b/src/os_xml/examples/._test.xml
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_xml/examples/._test.xml and /dev/null differ
diff --git a/src/os_xml/examples/mem_test.c b/src/os_xml/examples/mem_test.c
index 437eb3d..d6938db 100755
--- a/src/os_xml/examples/mem_test.c
+++ b/src/os_xml/examples/mem_test.c
@@ -15,13 +15,13 @@ int main(int argc, char ** argv)
printf("usage: %s file\n",argv[0]);
return(-1);
}
-
+
while(1)
{
usleep(10);
printf(".");
fflush(stdout);
-
+
if(OS_ReadXML(argv[1],&xml) < 0)
{
printf("Error reading XML!%s\n",xml.err);
@@ -36,7 +36,7 @@ int main(int argc, char ** argv)
}
i = 0;
-
+
while(node[i])
{
xml_node **cnode = NULL;
@@ -52,15 +52,15 @@ int main(int argc, char ** argv)
/* */
j++;
}
-
+
OS_ClearNode(cnode);
i++;
}
-
+
OS_ClearNode(node);
-
+
node = NULL;
-
+
OS_ClearXML(&xml);
}
return(0);
diff --git a/src/os_xml/examples/test.c b/src/os_xml/examples/test.c
index 89369d5..166a2b6 100755
--- a/src/os_xml/examples/test.c
+++ b/src/os_xml/examples/test.c
@@ -10,7 +10,7 @@ int main(int argc, char ** argv)
OS_XML xml;
XML_NODE node = NULL;
-
+
/* File name must be given */
if(argc < 2)
{
@@ -18,8 +18,8 @@ int main(int argc, char ** argv)
return(-1);
}
-
- /* Reading the XML. Printing error and line number */
+
+ /* Reading the XML. Printing error and line number */
if(OS_ReadXML(argv[1],&xml) < 0)
{
printf("OS_ReadXML error: %s, line :%d\n",xml.err, xml.err_line);
@@ -46,17 +46,17 @@ int main(int argc, char ** argv)
{
int j = 0;
XML_NODE cnode;
-
+
cnode = OS_GetElementsbyNode(&xml, node[i]);
if(cnode == NULL)
{
i++;
continue;
}
-
+
while(cnode[j])
{
- printf("Element: %s -> %s\n",
+ printf("Element: %s -> %s\n",
cnode[j]->element,
cnode[j]->content);
if(cnode[j]->attributes && cnode[j]->values)
diff --git a/src/os_xml/os_xml.c b/src/os_xml/os_xml.c
index c370d58..9a3f959 100755
--- a/src/os_xml/os_xml.c
+++ b/src/os_xml/os_xml.c
@@ -51,8 +51,8 @@ int _xml_fgetc(FILE *fp)
if(c == '\n') /* add new line */
_line++;
-
- return(c);
+
+ return(c);
}
#define FGETC(fp) _xml_fgetc(fp)
@@ -75,7 +75,7 @@ void xml_error(OS_XML *_lxml, const char *msg,...)
vfprintf(stderr, msg, args);
fprintf(stderr, "\n\n");
#endif
-
+
memset(_lxml->err,'\0', 128);
vsnprintf(_lxml->err,127,msg,args);
va_end(args);
@@ -106,9 +106,9 @@ void OS_ClearXML(OS_XML *_lxml)
free(_lxml->ck);
free(_lxml->ln);
memset(_lxml->err,'\0', 128);
-
+
return;
-
+
}
@@ -160,7 +160,7 @@ int OS_ReadXML(char *file, OS_XML *_lxml)
return(-1);
}
}
-
+
fclose(fp);
return(0);
}
@@ -213,7 +213,7 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
char closedelem[XML_MAXSIZE +1];
-
+
memset(elem,'\0',XML_MAXSIZE +1);
memset(cont,'\0',XML_MAXSIZE +1);
memset(closedelem,'\0',XML_MAXSIZE +1);
@@ -249,7 +249,7 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
else if(r == 1)
continue;
}
-
+
/* real checking */
if((location == -1) && (prevv == 0))
{
@@ -268,7 +268,7 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
else
continue;
}
-
+
else if((location == 0) && ((c == _R_CONFE) || (c == ' ')))
{
int _ge = 0;
@@ -281,7 +281,7 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
_ge = '/';
elem[count -1] = '\0';
}
-
+
_writememory(elem, XML_ELEM, count+1, parent, _lxml);
_currentlycont=_lxml->cur-1;
if(c == ' ')
@@ -298,11 +298,11 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
_currentlycont = 0;
count = 0;
location = -1;
-
+
memset(elem,'\0',XML_MAXSIZE);
memset(closedelem,'\0',XML_MAXSIZE);
memset(cont,'\0',XML_MAXSIZE);
-
+
if(parent > 0)
return(0);
}
@@ -310,9 +310,9 @@ int _ReadElem(FILE *fp, int position, int parent, OS_XML *_lxml)
{
count = 0;
location = 1;
- }
+ }
}
-
+
else if((location == 2) &&(c == _R_CONFE))
{
closedelem[count]='\0';
@@ -400,7 +400,7 @@ int _writememory(char *str, short int type, unsigned int size,
/* Allocating for the line */
_lxml->ln = realloc(_lxml->ln,(_lxml->cur+1)*sizeof(int));
_lxml->ln[_lxml->cur] = _line;
-
+
/* Attributes does not need to be closed */
if(type == XML_ATTR)
_lxml->ck[_lxml->cur] = 1;
@@ -452,7 +452,7 @@ int _getattributes(FILE *fp,int parent,OS_XML *_lxml)
int count = 0;
int c;
int c_to_match = 0;
-
+
char attr[XML_MAXSIZE+1];
char value[XML_MAXSIZE+1];
@@ -464,7 +464,7 @@ int _getattributes(FILE *fp,int parent,OS_XML *_lxml)
if(count >= XML_MAXSIZE)
{
attr[count-1] = '\0';
- xml_error(_lxml,
+ xml_error(_lxml,
"XMLERR: Overflow attempt at attribute '%s'.",attr);
return(-1);
}
@@ -521,11 +521,11 @@ int _getattributes(FILE *fp,int parent,OS_XML *_lxml)
else if((location == 1)&&(c == c_to_match))
{
value[count]='\0';
-
+
location = 0;
c_to_match = 0;
-
- _writememory(attr, XML_ATTR, strlen(attr)+1,
+
+ _writememory(attr, XML_ATTR, strlen(attr)+1,
parent, _lxml);
_writecontent(value,count+1,_lxml->cur-1,_lxml);
c = FGETC(fp);
@@ -548,7 +548,7 @@ int _getattributes(FILE *fp,int parent,OS_XML *_lxml)
value[count++]=c;
}
-
+
xml_error(_lxml, "XMLERR: End of file while reading an attribute.");
return(-1);
}
diff --git a/src/os_xml/os_xml_access.c b/src/os_xml/os_xml_access.c
index 61ed5cd..5a6d529 100755
--- a/src/os_xml/os_xml_access.c
+++ b/src/os_xml/os_xml_access.c
@@ -26,7 +26,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr);
/* OS_ElementExist: v1.0: 2005/02/26
- * Check if a element exists
+ * Check if a element exists
* The element_name must be NULL terminated (last char)
*/
int OS_ElementExist(OS_XML *_lxml, char **element_name)
@@ -66,7 +66,7 @@ int OS_ElementExist(OS_XML *_lxml, char **element_name)
/* RootElementExist: v1.0: 2005/02/26
- * Check if a root element exists
+ * Check if a root element exists
*/
int OS_RootElementExist(OS_XML *_lxml, char *element_name)
{
@@ -201,7 +201,7 @@ char *OS_GetOneContentforElement(OS_XML *_lxml, char **element_name)
{
uniqret = ret[0];
}
-
+
/* Freeing memory */
while(ret[i])
{
@@ -210,7 +210,7 @@ char *OS_GetOneContentforElement(OS_XML *_lxml, char **element_name)
i++;
}
free(ret);
-
+
return(uniqret);
}
@@ -242,7 +242,7 @@ char **OS_GetContents(OS_XML *_lxml, char **element_name)
/* OS_GetAttributeContent: v0.1: 2005/03/01
- * Get one value for a specific attribute
+ * Get one value for a specific attribute
*/
char *OS_GetAttributeContent(OS_XML *_lxml, char **element_name,
char *attribute_name)
@@ -279,7 +279,7 @@ char *OS_GetAttributeContent(OS_XML *_lxml, char **element_name,
}
if(success)
return(uniqret);
-
+
return(NULL);
}
@@ -312,7 +312,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
}
i = _lxml->fol;
}
- else
+ else
{
i = 0;
}
@@ -326,7 +326,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
if(matched !=1)
break;
}
-
+
/* Setting maximum depth of 16. */
if(j > 16)
return(NULL);
@@ -352,7 +352,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
}
}
-
+
/* If the element name matches what we are looking for. */
else if(strcmp(_lxml->el[i], element_name[j]) == 0)
{
@@ -372,7 +372,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
{
break;
}
-
+
if(strcmp(attr, _lxml->el[k]) == 0)
{
i = k;
@@ -389,7 +389,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
{
return(NULL);
}
-
+
/* Adding new entry. */
ret[k] = strdup(_lxml->ct[i]);
ret[k + 1] = NULL;
@@ -398,15 +398,15 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
free(ret);
return(NULL);
}
-
+
matched = 1;
k++;
-
+
if(attr != NULL)
{
- break;
+ break;
}
-
+
else if(_lxml->fol != 0)
{
_lxml->fol = i+1;
@@ -429,7 +429,7 @@ char **_GetElementContent(OS_XML *_lxml, char **element_name, char *attr)
matched = 0;
}
}
-
+
if(ret == NULL)
return(NULL);
diff --git a/src/os_xml/os_xml_node_access.c b/src/os_xml/os_xml_node_access.c
index a8da66d..6fba555 100755
--- a/src/os_xml/os_xml_node_access.c
+++ b/src/os_xml/os_xml_node_access.c
@@ -23,12 +23,12 @@
/* OS_ClearNode v0,1
- * Clear the Node structure
+ * Clear the Node structure
*/
void OS_ClearNode(xml_node **node)
{
if(node)
- {
+ {
int i=0;
while(node[i])
{
@@ -67,7 +67,7 @@ void OS_ClearNode(xml_node **node)
node[i]->values=NULL;
free(node[i]);
node[i]=NULL;
- i++;
+ i++;
}
free(node);
node=NULL;
@@ -93,8 +93,8 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
i = node->key;
j = _lxml->rl[i++];
}
-
-
+
+
for(;i<_lxml->cur;i++)
{
if(_lxml->tp[i] == XML_ELEM)
@@ -106,17 +106,17 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
ret = (xml_node**)realloc(ret,(k+1)*sizeof(xml_node*));
if(ret == NULL)
return(NULL);
-
+
/* Allocating for the xml_node * */
ret[k] = (xml_node *)calloc(1,sizeof(xml_node));
if(ret[k] == NULL)
return(NULL);
-
+
ret[k]->element = NULL;
ret[k]->content = NULL;
ret[k]->attributes = NULL;
ret[k]->values = NULL;
-
+
/* Getting the element */
ret[k]->element=strdup(_lxml->el[i]);
if(ret[k]->element == NULL)
@@ -124,7 +124,7 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
free(ret);
return(NULL);
}
-
+
/* Getting the content */
if(_lxml->ct[i])
{
@@ -141,13 +141,13 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
if((_lxml->tp[l] == XML_ATTR)&&(_lxml->rl[l] == j+1)&&
(_lxml->el[l]) && (_lxml->ct[l]))
{
- ret[k]->attributes =
+ ret[k]->attributes =
(char**)realloc(ret[k]->attributes,
(l-i+1)*sizeof(char*));
- ret[k]->values =
+ ret[k]->values =
(char**)realloc(ret[k]->values,
(l-i+1)*sizeof(char*));
- if(!(ret[k]->attributes) ||
+ if(!(ret[k]->attributes) ||
!(ret[k]->values))
return(NULL);
ret[k]->attributes[l-i-1]=strdup(_lxml->el[l]);
@@ -155,7 +155,7 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
if(!(ret[k]->attributes[l-i-1]) ||
!(ret[k]->values[l-i-1]))
return(NULL);
- l++;
+ l++;
}
else
{
@@ -179,7 +179,7 @@ xml_node **OS_GetElementsbyNode(OS_XML *_lxml, xml_node *node)
break;
}
}
-
+
if(ret ==NULL)
return(NULL);
diff --git a/src/os_xml/os_xml_variables.c b/src/os_xml/os_xml_variables.c
index b5a7e09..2fd8069 100755
--- a/src/os_xml/os_xml_variables.c
+++ b/src/os_xml/os_xml_variables.c
@@ -51,19 +51,19 @@ int OS_ApplyVariables(OS_XML *_lxml)
{
if(!_lxml->ct[j])
break;
-
- /* If not used, it will be cleaned latter */
+
+ /* If not used, it will be cleaned latter */
snprintf(_lxml->err, 128, "XML_ERR: Memory error");
-
+
var = (char**)realloc(var,(s+1)*sizeof(char *));
if(var == NULL)
return (-1);
-
+
var[s] = strdup(_lxml->ct[j]);
if(var[s] == NULL)
return(-1);
-
- /* Cleaning the lxml->err */
+
+ /* Cleaning the lxml->err */
strncpy(_lxml->err," ", 3);
_found_var = 1;
@@ -71,46 +71,46 @@ int OS_ApplyVariables(OS_XML *_lxml)
}
else
{
- snprintf(_lxml->err, 128,
+ snprintf(_lxml->err, 128,
"XML_ERR: Only \"name\" is allowed"
" as an attribute for a variable");
return(-1);
}
}
} /* Attribute FOR */
-
-
+
+
if((_found_var == 0)||(!_lxml->ct[i]))
{
- snprintf(_lxml->err,128,
+ snprintf(_lxml->err,128,
"XML_ERR: Bad formed variable. No value set");
return(-1);
}
-
-
+
+
snprintf(_lxml->err,128, "XML_ERR: Memory error");
-
+
value = (char**)realloc(value,(s+1)*sizeof(char *));
if (value == NULL)
return(-1);
-
+
value[s] = strdup(_lxml->ct[i]);
if(value[s] == NULL)
- return(-1);
-
+ return(-1);
+
strncpy(_lxml->err," ", 3);
s++;
}
} /* initial FOR to get the variables */
-
-
+
+
/* No variable */
if(s == 0)
return(0);
/* Looping again and modifying where found the variables */
- i = 0;
+ i = 0;
for(;i<_lxml->cur;i++)
{
if(((_lxml->tp[i] == XML_ELEM) || (_lxml->tp[i] == XML_ATTR))&&
@@ -120,23 +120,23 @@ int OS_ApplyVariables(OS_XML *_lxml)
char *p = NULL;
char *p2= NULL;
char lvar[256]; /* MAX Var size */
-
-
+
+
if(strlen(_lxml->ct[i]) <= 2)
continue;
-
-
- /* Duplicating string */
+
+
+ /* Duplicating string */
p = strdup(_lxml->ct[i]);
p2= p;
-
+
if(p == NULL)
{
snprintf(_lxml->err, 128, "XML_ERR: Memory error");
return(-1);
}
-
-
+
+
/* Reading the whole string */
while(*p != '\0')
{
@@ -145,7 +145,7 @@ int OS_ApplyVariables(OS_XML *_lxml)
tp = 0;
p++;
memset(lvar, '\0', 256);
-
+
while(1)
{
if((*p == XML_VARIABLE_BEGIN)
@@ -158,7 +158,7 @@ int OS_ApplyVariables(OS_XML *_lxml)
lvar[tp]='\0';
final = init+tp;
-
+
/* Looking for var */
for(j=0; j<s; j++)
{
@@ -177,16 +177,16 @@ int OS_ApplyVariables(OS_XML *_lxml)
}
- tsize = strlen(_lxml->ct[i]) +
+ tsize = strlen(_lxml->ct[i]) +
strlen(value[j]) - tp + 1;
var_placeh = strdup(_lxml->ct[i]);
free(_lxml->ct[i]);
- _lxml->ct[i] = (char*)calloc(tsize +2,
+ _lxml->ct[i] = (char*)calloc(tsize +2,
sizeof(char));
-
+
if(_lxml->ct[i] == NULL || var_placeh == NULL)
{
snprintf(_lxml->err,128, "XML_ERR: Memory "
@@ -196,26 +196,26 @@ int OS_ApplyVariables(OS_XML *_lxml)
strncpy(_lxml->ct[i], var_placeh, tsize);
-
+
_lxml->ct[i][init] = '\0';
strncat(_lxml->ct[i], value[j],tsize - init);
init = strlen(_lxml->ct[i]);
- strncat(_lxml->ct[i], p,
+ strncat(_lxml->ct[i], p,
tsize - strlen(_lxml->ct[i]));
-
+
free(var_placeh);
break;
}
-
+
/* Variale not found */
if((j == s) && (strlen(lvar) >= 1))
{
- snprintf(_lxml->err,128,
+ snprintf(_lxml->err,128,
"XML_ERR: Unknown variable"
": %s", lvar);
return(-1);
@@ -224,10 +224,10 @@ int OS_ApplyVariables(OS_XML *_lxml)
{
init++;
}
-
+
goto go_next;
}
-
+
/* Maximum size for a variable */
if(tp >= 255)
{
@@ -236,21 +236,21 @@ int OS_ApplyVariables(OS_XML *_lxml)
return(-1);
}
-
+
lvar[tp] = *p;
tp++;
p++;
}
} /* IF XML_VAR_BEGIN */
-
+
p++;
init++;
go_next:
continue;
-
+
} /* WHILE END */
-
+
if(p2 != NULL)
{
free(p2);
@@ -271,11 +271,11 @@ int OS_ApplyVariables(OS_XML *_lxml)
}
if((value)&&(value[i]))
{
- free(value[i]);
+ free(value[i]);
value[i] = NULL;
}
}
-
+
if(var != NULL)
{
free(var);
@@ -283,7 +283,7 @@ int OS_ApplyVariables(OS_XML *_lxml)
}
if(value != NULL)
{
- free(value);
+ free(value);
value = NULL;
}
diff --git a/src/os_xml/os_xml_writer.c b/src/os_xml/os_xml_writer.c
index bcd47f1..0e460e4 100755
--- a/src/os_xml/os_xml_writer.c
+++ b/src/os_xml/os_xml_writer.c
@@ -34,7 +34,7 @@
/* Internal functions */
int _oswcomment(FILE *fp_in, FILE *fp_out);
-int _WReadElem(FILE *fp_in, FILE *fp_out, int position, int parent,
+int _WReadElem(FILE *fp_in, FILE *fp_out, int position, int parent,
char **node, char *value, int node_pos);
@@ -56,8 +56,8 @@ int _xml_wfgetc(FILE *fp_in, FILE *fp_out)
if(c == '\n') /* add new line */
_line++;
-
- return(c);
+
+ return(c);
}
#define FWGETC(fp_in, fp_out) _xml_wfgetc(fp_in, fp_out)
@@ -112,10 +112,10 @@ int OS_WriteXML(char *infile, char *outfile, char **nodes, char *attr,
{
int r = 0;
int rwidth = 0;
-
+
fseek(fp_out, 0, SEEK_END);
fprintf(fp_out, "\n");
-
+
/* Printing each node. */
while(nodes[r])
{
@@ -126,13 +126,13 @@ int OS_WriteXML(char *infile, char *outfile, char **nodes, char *attr,
if(nodes[r])
fprintf(fp_out, "\n");
}
-
+
/* Printing val. */
r--;
rwidth -=6;
fprintf(fp_out, "%s</%s>\n", newval, nodes[r]);
r--;
-
+
/* Closing each node. */
while(r >= 0)
@@ -142,7 +142,7 @@ int OS_WriteXML(char *infile, char *outfile, char **nodes, char *attr,
rwidth -= 3;
}
}
-
+
fclose(fp_in);
fclose(fp_out);
return(0);
@@ -202,7 +202,7 @@ int _oswcomment(FILE *fp_in, FILE *fp_out)
-int _WReadElem(FILE *fp_in, FILE *fp_out,
+int _WReadElem(FILE *fp_in, FILE *fp_out,
int position, int parent, char **nodes, char *val, int node_pos)
{
int c;
@@ -240,8 +240,8 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
continue;
}
}
-
-
+
+
/* Real checking */
if(location == -1)
{
@@ -263,7 +263,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
continue;
}
}
-
+
/* Looking for the closure */
else if((location == 0) && ((c == _R_CONFE) || (c == ' ')))
@@ -278,7 +278,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
_ge = '/';
elem[count -1] = '\0';
}
-
+
/* If we may have more attributes */
if(c == ' ')
@@ -299,11 +299,11 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
{
count = 0;
location = -1;
-
+
memset(elem,'\0',XML_MAXSIZE);
memset(closedelem,'\0',XML_MAXSIZE);
memset(cont,'\0',XML_MAXSIZE);
-
+
if(parent > 0)
{
return(ret_code);
@@ -314,7 +314,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
{
count = 0;
location = 1;
- }
+ }
/* Checking position of the node */
@@ -324,7 +324,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
}
/* Checking if the element name matches */
- if(node_pos == position &&
+ if(node_pos == position &&
nodes[node_pos] && strcmp(elem, nodes[node_pos]) == 0)
{
node_pos++;
@@ -346,7 +346,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
}
}
}
-
+
else if((location == 2) &&(c == _R_CONFE))
{
closedelem[count]='\0';
@@ -358,7 +358,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
memset(elem,'\0',XML_MAXSIZE);
memset(closedelem,'\0',XML_MAXSIZE);
memset(cont,'\0',XML_MAXSIZE);
-
+
count = 0;
location = -1;
if(parent > 0)
@@ -396,7 +396,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
{
ret_code = 1;
}
-
+
count = 0;
}
}
@@ -416,7 +416,7 @@ int _WReadElem(FILE *fp_in, FILE *fp_out,
}
}
}
-
+
if(location == -1)
{
return(ret_code);
diff --git a/src/os_xml/os_xml_writer.h b/src/os_xml/os_xml_writer.h
index 59c41e9..ce413c6 100755
--- a/src/os_xml/os_xml_writer.h
+++ b/src/os_xml/os_xml_writer.h
@@ -38,7 +38,7 @@
*/
int OS_WriteXML(char *infile, char *outfile, char **nodes, char *attr,
char *oldval, char *newval, int type);
-
+
#endif
diff --git a/src/os_zlib/._Makefile b/src/os_zlib/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_zlib/._Makefile and /dev/null differ
diff --git a/src/os_zlib/._os_zlib.c b/src/os_zlib/._os_zlib.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_zlib/._os_zlib.c and /dev/null differ
diff --git a/src/os_zlib/._os_zlib.h b/src/os_zlib/._os_zlib.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_zlib/._os_zlib.h and /dev/null differ
diff --git a/src/os_zlib/._zlib-test.c b/src/os_zlib/._zlib-test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/os_zlib/._zlib-test.c and /dev/null differ
diff --git a/src/os_zlib/os_zlib.c b/src/os_zlib/os_zlib.c
index 46f8e69..ad208fb 100755
--- a/src/os_zlib/os_zlib.c
+++ b/src/os_zlib/os_zlib.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include "shared.h"
#include "os_zlib.h"
@@ -17,10 +17,10 @@
int os_compress(char *src, char *dst, int src_size, int dst_size)
{
unsigned long int zl_dst = dst_size;
-
+
/* We make sure to do not allow long sizes */
- if(compress2((unsigned char *)dst,
- &zl_dst,
+ if(compress2((unsigned char *)dst,
+ &zl_dst,
(unsigned char *)src,
(unsigned long int)src_size, 9) == Z_OK)
{
@@ -36,10 +36,10 @@ int os_compress(char *src, char *dst, int src_size, int dst_size)
int os_uncompress(char *src, char *dst, int src_size, int dst_size)
{
unsigned long int zl_dst = dst_size;
-
- if(uncompress((unsigned char *)dst,
+
+ if(uncompress((unsigned char *)dst,
&zl_dst,
- (unsigned char *)src,
+ (unsigned char *)src,
(unsigned long int)src_size) == Z_OK)
{
dst[zl_dst] = '\0';
diff --git a/src/os_zlib/os_zlib.h b/src/os_zlib/os_zlib.h
index 5645996..17d8d0b 100755
--- a/src/os_zlib/os_zlib.h
+++ b/src/os_zlib/os_zlib.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __OS_ZLIB_H
#define __OS_ZLIB_H
diff --git a/src/os_zlib/zlib-test.c b/src/os_zlib/zlib-test.c
index 42ac1d1..fcbaabe 100755
--- a/src/os_zlib/zlib-test.c
+++ b/src/os_zlib/zlib-test.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "os_zlib.h"
@@ -21,7 +21,7 @@
/* Zlib test */
int main(int argc, char **argv)
{
- int ret, srcsize, dstsize = 2010;
+ int ret, srcsize, dstsize = 2010;
char dst[2048];
char dst2[2048];
@@ -33,7 +33,7 @@ int main(int argc, char **argv)
printf("%s: string\n", argv[0]);
exit(1);
}
-
+
srcsize = strlen(argv[1]);
if(srcsize > 2000)
{
@@ -41,7 +41,7 @@ int main(int argc, char **argv)
exit(1);
}
-
+
if((ret = os_compress(argv[1], dst, srcsize, dstsize)))
{
printf("Compressed, from %d->%d\n",srcsize, ret);
@@ -54,11 +54,11 @@ int main(int argc, char **argv)
/* Setting new srcsize for decompression */
srcsize = ret;
-
+
if((ret = os_uncompress(dst, dst2, srcsize, dstsize)))
{
- printf("Uncompressed ok. String: '%s', size %d->%d\n",
- dst2, srcsize, ret);
+ printf("Uncompressed ok. String: '%s', size %d->%d\n",
+ dst2, srcsize, ret);
}
else
{
diff --git a/src/remoted/._COPYRIGHT b/src/remoted/._COPYRIGHT
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._COPYRIGHT and /dev/null differ
diff --git a/src/remoted/._Makefile b/src/remoted/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._Makefile and /dev/null differ
diff --git a/src/remoted/._README b/src/remoted/._README
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._README and /dev/null differ
diff --git a/src/remoted/._VERSION b/src/remoted/._VERSION
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._VERSION and /dev/null differ
diff --git a/src/remoted/._ar-forward.c b/src/remoted/._ar-forward.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._ar-forward.c and /dev/null differ
diff --git a/src/remoted/._config.c b/src/remoted/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._config.c and /dev/null differ
diff --git a/src/remoted/._main.c b/src/remoted/._main.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._main.c and /dev/null differ
diff --git a/src/remoted/._manager.c b/src/remoted/._manager.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._manager.c and /dev/null differ
diff --git a/src/remoted/._remoted.c b/src/remoted/._remoted.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._remoted.c and /dev/null differ
diff --git a/src/remoted/._remoted.h b/src/remoted/._remoted.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._remoted.h and /dev/null differ
diff --git a/src/remoted/._secure.c b/src/remoted/._secure.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._secure.c and /dev/null differ
diff --git a/src/remoted/._sendmsg.c b/src/remoted/._sendmsg.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._sendmsg.c and /dev/null differ
diff --git a/src/remoted/._syslog.c b/src/remoted/._syslog.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._syslog.c and /dev/null differ
diff --git a/src/remoted/._syslogtcp.c b/src/remoted/._syslogtcp.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/remoted/._syslogtcp.c and /dev/null differ
diff --git a/src/remoted/ar-forward.c b/src/remoted/ar-forward.c
index ab261b3..df76769 100755
--- a/src/remoted/ar-forward.c
+++ b/src/remoted/ar-forward.c
@@ -29,9 +29,9 @@ void *AR_Forward(void *arg)
int arq = 0;
int agent_id = 0;
int ar_location = 0;
-
+
char msg_to_send[OS_SIZE_1024 +1];
-
+
char msg[OS_SIZE_1024 +1];
char *location = NULL;
char *ar_location_str = NULL;
@@ -54,8 +54,8 @@ void *AR_Forward(void *arg)
{
/* Always zeroing the location */
ar_location = 0;
-
-
+
+
/* Getting the location */
location = msg;
@@ -105,8 +105,8 @@ void *AR_Forward(void *arg)
{
ar_location|=SPECIFIC_AGENT;
}
-
-
+
+
/*** Extracting the active response location ***/
tmp_str = strchr(ar_location_str, ' ');
if(!tmp_str)
@@ -128,28 +128,28 @@ void *AR_Forward(void *arg)
}
*tmp_str = '\0';
tmp_str++;
-
-
+
+
/*** Creating the new message ***/
if(ar_location & NO_AR_MSG)
{
- snprintf(msg_to_send, OS_SIZE_1024, "%s%s",
+ snprintf(msg_to_send, OS_SIZE_1024, "%s%s",
CONTROL_HEADER,
tmp_str);
}
else
{
- snprintf(msg_to_send, OS_SIZE_1024, "%s%s%s",
+ snprintf(msg_to_send, OS_SIZE_1024, "%s%s%s",
CONTROL_HEADER,
EXECD_HEADER,
tmp_str);
}
-
+
/* Lock use of keys */
key_lock();
-
-
+
+
/* Sending to ALL agents */
if(ar_location & ALL_AGENTS)
{
@@ -169,7 +169,7 @@ void *AR_Forward(void *arg)
merror(AR_NOAGENT_ERROR, ARGV0, location);
continue;
}
-
+
send_msg(agent_id, msg_to_send);
}
@@ -179,7 +179,7 @@ void *AR_Forward(void *arg)
ar_location++;
agent_id = OS_IsAllowedID(&keys, ar_agent_id);
-
+
if(agent_id < 0)
{
key_unlock();
@@ -196,6 +196,6 @@ void *AR_Forward(void *arg)
}
}
-
+
/* EOF */
diff --git a/src/remoted/config.c b/src/remoted/config.c
index f1283bb..3328023 100755
--- a/src/remoted/config.c
+++ b/src/remoted/config.c
@@ -26,7 +26,7 @@
* v0.2: New OS_XML
* v0.3: Some improvements and cleanup
* v0.4: Move everything to the global config validator.
- */
+ */
int RemotedConfig(char *cfgfile, remoted *logr)
{
int modules = 0;
diff --git a/src/remoted/main.c b/src/remoted/main.c
index e85fe0b..008eacd 100755
--- a/src/remoted/main.c
+++ b/src/remoted/main.c
@@ -21,17 +21,17 @@ int main(int argc, char **argv)
int i = 0,c = 0;
int uid = 0, gid = 0;
int test_config = 0,run_foreground = 0;
-
+
char *cfg = DEFAULTCPATH;
char *dir = DEFAULTDIR;
char *user = REMUSER;
char *group = GROUPGLOBAL;
-
+
/* Setting the name -- must be done ASAP */
OS_SetName(ARGV0);
-
+
while((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1){
switch(c){
case 'V':
@@ -57,7 +57,7 @@ int main(int argc, char **argv)
group = optarg;
break;
case 't':
- test_config = 1;
+ test_config = 1;
break;
case 'c':
if (!optarg)
@@ -72,8 +72,8 @@ int main(int argc, char **argv)
}
debug1(STARTED_MSG,ARGV0);
-
-
+
+
/* Return 0 if not configured */
if(RemotedConfig(cfg, &logr) < 0)
{
@@ -90,7 +90,7 @@ int main(int argc, char **argv)
/* Not configured. */
exit(0);
}
-
+
/* Check if the user and group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
@@ -102,13 +102,13 @@ int main(int argc, char **argv)
i = getpid();
- if(!run_foreground)
+ if(!run_foreground)
{
nowDaemon();
goDaemon();
}
-
+
/* Setting new group */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR, ARGV0, group);
@@ -131,21 +131,21 @@ int main(int argc, char **argv)
#else
srandom( time(0) + getpid()+ i);
#endif
-
+
random();
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Really starting the program. */
- i = 0;
+ i = 0;
while(logr.conn[i] != 0)
{
/* Forking for each connection handler */
if(fork() == 0)
- {
+ {
/* On the child */
debug1("%s: DEBUG: Forking remoted: '%d'.",ARGV0, i);
HandleRemote(i, uid);
diff --git a/src/remoted/manager.c b/src/remoted/manager.c
index 41ddc18..3008401 100755
--- a/src/remoted/manager.c
+++ b/src/remoted/manager.c
@@ -63,7 +63,7 @@ void save_controlmsg(int agentid, char *r_msg)
{
char msg_ack[OS_FLSIZE +1];
-
+
/* Replying to the agent. */
snprintf(msg_ack, OS_FLSIZE, "%s%s", CONTROL_HEADER, HC_ACK);
send_msg(agentid, msg_ack);
@@ -75,12 +75,12 @@ void save_controlmsg(int agentid, char *r_msg)
{
utimes(_keep_alive[agentid], NULL);
}
-
+
else if(strcmp(r_msg, HC_STARTUP) == 0)
{
return;
}
-
+
else
{
FILE *fp;
@@ -144,7 +144,7 @@ void save_controlmsg(int agentid, char *r_msg)
os_strdup(agent_file, _keep_alive[agentid]);
}
-
+
/* Writing to the file. */
fp = fopen(_keep_alive[agentid], "w");
@@ -155,7 +155,7 @@ void save_controlmsg(int agentid, char *r_msg)
}
}
-
+
/* Locking now to notify of change. */
if(pthread_mutex_lock(&lastmsg_mutex) != 0)
{
@@ -163,7 +163,7 @@ void save_controlmsg(int agentid, char *r_msg)
return;
}
-
+
/* Assign new values */
_changed[agentid] = 1;
modified_agentid = agentid;
@@ -172,7 +172,7 @@ void save_controlmsg(int agentid, char *r_msg)
/* Signal that new data is available */
pthread_cond_signal(&awake_mutex);
-
+
/* Unlocking mutex */
if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
{
@@ -180,9 +180,9 @@ void save_controlmsg(int agentid, char *r_msg)
return;
}
-
+
return;
-}
+}
@@ -193,14 +193,14 @@ void f_files()
int i;
if(!f_sum)
return;
- for(i = 0;;i++)
+ for(i = 0;;i++)
{
if(f_sum[i] == NULL)
break;
-
+
if(f_sum[i]->name)
free(f_sum[i]->name);
-
+
free(f_sum[i]);
f_sum[i] = NULL;
}
@@ -219,9 +219,9 @@ void c_files()
DIR *dp;
struct dirent *entry;
-
+
os_md5 md5sum;
-
+
int f_size = 0;
@@ -241,21 +241,21 @@ void c_files()
/* Opening the directory given */
dp = opendir(SHAREDCFG_DIR);
- if(!dp)
+ if(!dp)
{
merror("%s: Error opening directory: '%s': %s ",
ARGV0,
SHAREDCFG_DIR,
strerror(errno));
return;
- }
+ }
/* Reading directory */
while((entry = readdir(dp)) != NULL)
{
char tmp_dir[512];
-
+
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
(strcmp(entry->d_name,"..") == 0))
@@ -272,14 +272,14 @@ void c_files()
continue;
}
-
+
if(OS_MD5_File(tmp_dir, md5sum) != 0)
{
merror("%s: Error accessing file '%s'",ARGV0, tmp_dir);
continue;
}
-
-
+
+
f_sum = (file_sum **)realloc(f_sum, (f_size +2) * sizeof(file_sum *));
if(!f_sum)
{
@@ -292,7 +292,7 @@ void c_files()
ErrorExit(MEM_ERROR,ARGV0);
}
-
+
strncpy(f_sum[f_size]->sum, md5sum, 32);
os_strdup(entry->d_name, f_sum[f_size]->name);
f_sum[f_size]->mark = 0;
@@ -301,7 +301,7 @@ void c_files()
MergeAppendFile(SHAREDCFG_FILE, tmp_dir);
f_size++;
}
-
+
if(f_sum != NULL)
f_sum[f_size] = NULL;
@@ -313,15 +313,15 @@ void c_files()
merror("%s: Error accessing file '%s'",ARGV0, SHAREDCFG_FILE);
f_sum[0]->sum[0] = '\0';
}
- strncpy(f_sum[0]->sum, md5sum, 32);
+ strncpy(f_sum[0]->sum, md5sum, 32);
os_strdup(SHAREDCFG_FILENAME, f_sum[0]->name);
- return;
+ return;
}
-
+
/* send_file_toagent: Sends a file to the agent.
* Returns -1 on error
@@ -331,10 +331,10 @@ int send_file_toagent(int agentid, char *name, char *sum)
int i = 0, n = 0;
char file[OS_SIZE_1024 +1];
char buf[OS_SIZE_1024 +1];
-
+
FILE *fp;
-
+
snprintf(file, OS_SIZE_1024, "%s/%s",SHAREDCFG_DIR, name);
fp = fopen(file, "r");
if(!fp)
@@ -345,7 +345,7 @@ int send_file_toagent(int agentid, char *name, char *sum)
/* Sending the file name first */
- snprintf(buf, OS_SIZE_1024, "%s%s%s %s\n",
+ snprintf(buf, OS_SIZE_1024, "%s%s%s %s\n",
CONTROL_HEADER, FILE_UPDATE_HEADER, sum, name);
if(send_msg(agentid, buf) == -1)
@@ -377,7 +377,7 @@ int send_file_toagent(int agentid, char *name, char *sum)
i++;
}
-
+
/* Sending the message to close the file */
snprintf(buf, OS_SIZE_1024, "%s%s", CONTROL_HEADER, FILE_CLOSE_HEADER);
if(send_msg(agentid, buf) == -1)
@@ -386,10 +386,10 @@ int send_file_toagent(int agentid, char *name, char *sum)
fclose(fp);
return(-1);
}
-
+
fclose(fp);
-
+
return(0);
}
@@ -400,7 +400,7 @@ int send_file_toagent(int agentid, char *name, char *sum)
* the agent.
*/
void read_controlmsg(int agentid, char *msg)
-{
+{
int i;
@@ -424,7 +424,7 @@ void read_controlmsg(int agentid, char *msg)
}
- /* Parse message */
+ /* Parse message */
while(*msg != '\0')
{
char *md5;
@@ -437,7 +437,7 @@ void read_controlmsg(int agentid, char *msg)
if(!msg)
{
merror("%s: Invalid message from '%s' (strchr \\n)",
- ARGV0,
+ ARGV0,
keys.keyentries[agentid]->ip->ip);
break;
}
@@ -449,7 +449,7 @@ void read_controlmsg(int agentid, char *msg)
if(!file)
{
merror("%s: Invalid message from '%s' (strchr ' ')",
- ARGV0,
+ ARGV0,
keys.keyentries[agentid]->ip->ip);
break;
}
@@ -463,7 +463,7 @@ void read_controlmsg(int agentid, char *msg)
{
if(strcmp(f_sum[0]->sum, md5) != 0)
{
- debug1("%s: DEBUG Sending file '%s' to agent.", ARGV0,
+ debug1("%s: DEBUG Sending file '%s' to agent.", ARGV0,
f_sum[0]->name);
if(send_file_toagent(agentid,f_sum[0]->name,f_sum[0]->sum)<0)
{
@@ -476,7 +476,7 @@ void read_controlmsg(int agentid, char *msg)
i = 0;
while(f_sum[i])
{
- f_sum[i]->mark = 0;
+ f_sum[i]->mark = 0;
i++;
}
@@ -499,7 +499,7 @@ void read_controlmsg(int agentid, char *msg)
{
f_sum[i]->mark = 2;
}
- break;
+ break;
}
}
@@ -513,7 +513,7 @@ void read_controlmsg(int agentid, char *msg)
if((f_sum[i]->mark == 1) ||
(f_sum[i]->mark == 0))
{
-
+
debug1("%s: Sending file '%s' to agent.", ARGV0, f_sum[i]->name);
if(send_file_toagent(agentid,f_sum[i]->name,f_sum[i]->sum) < 0)
{
@@ -523,11 +523,11 @@ void read_controlmsg(int agentid, char *msg)
}
}
- f_sum[i]->mark = 0;
+ f_sum[i]->mark = 0;
}
-
- return;
+
+ return;
}
@@ -540,17 +540,17 @@ void *wait_for_msgs(void *none)
{
int id, i;
char msg[OS_SIZE_1024 +2];
-
+
/* Initializing the memory */
memset(msg, '\0', OS_SIZE_1024 +2);
-
+
/* should never leave this loop */
while(1)
{
/* Every NOTIFY * 30 minutes, re read the files.
- * If something changed, notify all agents
+ * If something changed, notify all agents
*/
_ctime = time(0);
if((_ctime - _stime) > (NOTIFY_TIME*30))
@@ -560,8 +560,8 @@ void *wait_for_msgs(void *none)
_stime = _ctime;
}
-
-
+
+
/* locking mutex */
if(pthread_mutex_lock(&lastmsg_mutex) != 0)
{
@@ -591,9 +591,9 @@ void *wait_for_msgs(void *none)
{
continue;
}
-
+
id = 0;
-
+
/* locking mutex */
if(pthread_mutex_lock(&lastmsg_mutex) != 0)
{
@@ -614,7 +614,7 @@ void *wait_for_msgs(void *none)
id = 1;
}
-
+
/* Unlocking mutex */
if(pthread_mutex_unlock(&lastmsg_mutex) != 0)
{
@@ -658,7 +658,7 @@ void manager_init(int isUpdate)
pthread_mutex_init(&lastmsg_mutex, NULL);
pthread_cond_init(&awake_mutex, NULL);
}
-
+
modified_agentid = -1;
return;
diff --git a/src/remoted/remoted.c b/src/remoted/remoted.c
index 4719e59..0800f1c 100755
--- a/src/remoted/remoted.c
+++ b/src/remoted/remoted.c
@@ -9,14 +9,14 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
/* remote daemon.
- * Listen to remote packets and forward them to the analysis
+ * Listen to remote packets and forward them to the analysis
* system
*/
@@ -55,12 +55,12 @@ void HandleRemote(int position, int uid)
}
}
}
-
- /* Bind TCP */
+
+ /* Bind TCP */
if(logr.proto[position] == TCP_PROTO)
{
- if((logr.sock =
+ if((logr.sock =
OS_Bindporttcp(logr.port[position],logr.lip[position], logr.ipv6[position])) < 0)
{
ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
@@ -69,22 +69,22 @@ void HandleRemote(int position, int uid)
else
{
/* Using UDP. Fast, unreliable.. perfect */
- if((logr.sock =
+ if((logr.sock =
OS_Bindportudp(logr.port[position], logr.lip[position], logr.ipv6[position])) < 0)
{
ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
}
}
-
-
+
+
/* Revoking the privileges */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR,ARGV0, REMUSER);
}
-
-
+
+
/* Creating PID */
if(CreatePID(ARGV0, getpid()) < 0)
{
@@ -94,25 +94,25 @@ void HandleRemote(int position, int uid)
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
-
+
/* If Secure connection, deal with it */
if(logr.conn[position] == SECURE_CONN)
{
HandleSecure();
}
-
+
else if(logr.proto[position] == TCP_PROTO)
{
HandleSyslogTCP();
}
-
+
/* If not, deal with syslog */
else
{
HandleSyslog();
}
-
+
return;
}
diff --git a/src/remoted/remoted.h b/src/remoted/remoted.h
index e0b5963..d26e289 100755
--- a/src/remoted/remoted.h
+++ b/src/remoted/remoted.h
@@ -29,7 +29,7 @@
int RemotedConfig(char *cfgfile, remoted *logr);
/* Handle Remote connections */
-void HandleRemote(int position, int uid);
+void HandleRemote(int position, int uid);
/* Handle Syslog */
void HandleSyslog();
diff --git a/src/remoted/secure.c b/src/remoted/secure.c
index 208da03..39f4269 100755
--- a/src/remoted/secure.c
+++ b/src/remoted/secure.c
@@ -27,7 +27,7 @@ void HandleSecure()
int agentid;
char buffer[OS_MAXSTR +1];
- char cleartext_msg[OS_MAXSTR +1];
+ char cleartext_msg[OS_MAXSTR +1];
char srcip[IPSIZE +1];
char *tmp_msg;
char srcmsg[OS_FLSIZE +1];
@@ -56,7 +56,7 @@ void HandleSecure()
{
ErrorExit(THREAD_ERROR, ARGV0);
}
-
+
/* Creating wait_for_msgs thread */
if(CreateThread(wait_for_msgs, (void *)NULL) != 0)
{
@@ -71,16 +71,16 @@ void HandleSecure()
{
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
}
-
-
- verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);
-
+
+ verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);
+
+
/* Reading authentication keys */
verbose(ENC_READ, ARGV0);
-
+
OS_ReadKeys(&keys);
-
+
debug1("%s: DEBUG: OS_StartCounter.", ARGV0);
OS_StartCounter(&keys);
debug1("%s: DEBUG: OS_StartCounter completed.", ARGV0);
@@ -96,14 +96,14 @@ void HandleSecure()
memset(cleartext_msg, '\0', OS_MAXSTR +1);
memset(srcmsg, '\0', OS_FLSIZE +1);
tmp_msg = NULL;
-
-
-
+
+
+
/* loop in here */
while(1)
{
/* Receiving message */
- recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
+ recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
(struct sockaddr *)&peer_info, &peer_size);
@@ -120,13 +120,13 @@ void HandleSecure()
- /* Getting a valid agentid */
+ /* Getting a valid agentid */
if(buffer[0] == '!')
{
tmp_msg = buffer;
tmp_msg++;
-
-
+
+
/* We need to make sure that we have a valid id
* and that we reduce the recv buffer size.
*/
@@ -167,7 +167,7 @@ void HandleSecure()
}
else
{
- agentid = OS_IsAllowedIP(&keys, srcip);
+ agentid = OS_IsAllowedIP(&keys, srcip);
if(agentid < 0)
{
if(check_keyupdate())
@@ -187,9 +187,9 @@ void HandleSecure()
}
tmp_msg = buffer;
}
-
- /* Decrypting the message */
+
+ /* Decrypting the message */
tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg,
agentid, recv_b -1);
if(tmp_msg == NULL)
@@ -199,7 +199,7 @@ void HandleSecure()
}
- /* Check if it is a control message */
+ /* Check if it is a control message */
if(IsValidHeader(tmp_msg))
{
/* We need to save the peerinfo if it is a control msg */
@@ -213,14 +213,14 @@ void HandleSecure()
/* Generating srcmsg */
- snprintf(srcmsg, OS_FLSIZE,"(%s) %s",keys.keyentries[agentid]->name,
+ snprintf(srcmsg, OS_FLSIZE,"(%s) %s",keys.keyentries[agentid]->name,
keys.keyentries[agentid]->ip->ip);
-
+
/* If we can't send the message, try to connect to the
* socket again. If it not exit.
*/
- if(SendMSG(logr.m_queue, tmp_msg, srcmsg,
+ if(SendMSG(logr.m_queue, tmp_msg, srcmsg,
SECURE_MQ) < 0)
{
merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
diff --git a/src/remoted/sendmsg.c b/src/remoted/sendmsg.c
index 571180e..0c6e2ad 100755
--- a/src/remoted/sendmsg.c
+++ b/src/remoted/sendmsg.c
@@ -65,9 +65,9 @@ int check_keyupdate()
{
return(0);
}
-
+
key_lock();
-
+
/* Locking before using */
if(pthread_mutex_lock(&sendmsg_mutex) != 0)
{
@@ -75,7 +75,7 @@ int check_keyupdate()
merror(MUTEX_ERROR, ARGV0);
return(0);
}
-
+
if(OS_UpdateKeys(&keys))
{
if(pthread_mutex_unlock(&sendmsg_mutex) != 0)
@@ -91,7 +91,7 @@ int check_keyupdate()
merror(MUTEX_ERROR, ARGV0);
}
key_unlock();
-
+
return(0);
}
@@ -106,7 +106,7 @@ void send_msg_init()
}
-/* send_msg()
+/* send_msg()
* Send message to an agent.
* Returns -1 on error
*/
@@ -122,7 +122,7 @@ int send_msg(int agentid, char *msg)
return(-1);
}
-
+
msg_size = CreateSecMSG(&keys, msg, crypt_msg, agentid);
if(msg_size == 0)
{
@@ -130,7 +130,7 @@ int send_msg(int agentid, char *msg)
return(-1);
}
-
+
/* Locking before using */
if(pthread_mutex_lock(&sendmsg_mutex) != 0)
{
@@ -142,19 +142,19 @@ int send_msg(int agentid, char *msg)
/* Sending initial message */
if(sendto(logr.sock, crypt_msg, msg_size, 0,
(struct sockaddr *)&keys.keyentries[agentid]->peer_info,
- logr.peer_size) < 0)
+ logr.peer_size) < 0)
{
merror(SEND_ERROR,ARGV0, keys.keyentries[agentid]->id);
}
-
-
+
+
/* Unlocking mutex */
if(pthread_mutex_unlock(&sendmsg_mutex) != 0)
{
merror(MUTEX_ERROR, ARGV0);
return(-1);
}
-
+
return(0);
}
diff --git a/src/remoted/syslog.c b/src/remoted/syslog.c
index b66df4b..7011aa8 100755
--- a/src/remoted/syslog.c
+++ b/src/remoted/syslog.c
@@ -19,7 +19,7 @@
-/* OS_IPNotAllowed, v0.1, 2005/02/11
+/* OS_IPNotAllowed, v0.1, 2005/02/11
* Checks if an IP is not allowed.
*/
static int OS_IPNotAllowed(char *srcip)
@@ -67,7 +67,7 @@ void HandleSyslog()
/* Initializing some variables */
memset(buffer, '\0', OS_SIZE_1024 +2);
-
+
/* Connecting to the message queue
* Exit if it fails.
*/
@@ -75,13 +75,13 @@ void HandleSyslog()
{
ErrorExit(QUEUE_FATAL,ARGV0, DEFAULTQUEUE);
}
-
+
/* Infinite loop in here */
while(1)
{
/* Receiving message */
- recv_b = recvfrom(logr.sock, buffer, OS_SIZE_1024, 0,
+ recv_b = recvfrom(logr.sock, buffer, OS_SIZE_1024, 0,
(struct sockaddr *)&peer_info, &peer_size);
/* Nothing received */
@@ -120,7 +120,7 @@ void HandleSyslog()
else
{
buffer_pt = buffer;
- }
+ }
/* Checking if IP is allowed here */
if(OS_IPNotAllowed(srcip))
diff --git a/src/remoted/syslogtcp.c b/src/remoted/syslogtcp.c
index 0ad7429..cce947f 100755
--- a/src/remoted/syslogtcp.c
+++ b/src/remoted/syslogtcp.c
@@ -19,7 +19,7 @@
-/* OS_IPNotAllowed, v0.1, 2005/02/11
+/* OS_IPNotAllowed, v0.1, 2005/02/11
* Checks if an IP is not allowed.
*/
static int OS_IPNotAllowed(char *srcip)
@@ -51,14 +51,14 @@ static void HandleClient(int client_socket, char *srcip)
{
int sb_size = OS_MAXSTR;
int r_sz = 0;
-
+
char buffer[OS_MAXSTR +2];
char storage_buffer[OS_MAXSTR +2];
char tmp_buffer[OS_MAXSTR +2];
char *buffer_pt = NULL;
-
+
/* Initializing some variables */
memset(buffer, '\0', OS_MAXSTR +2);
memset(storage_buffer, '\0', OS_MAXSTR +2);
@@ -86,12 +86,12 @@ static void HandleClient(int client_socket, char *srcip)
storage_buffer[0] = '\0';
continue;
}
-
+
strncat(storage_buffer, buffer, sb_size);
sb_size -= r_sz;
- continue;
+ continue;
}
-
+
/* Seeing if we received more then just one message */
if(*(buffer_pt +1) != '\0')
{
@@ -112,14 +112,14 @@ static void HandleClient(int client_socket, char *srcip)
}
strncat(storage_buffer, buffer, sb_size);
-
+
/* Removing carriage returns too */
buffer_pt = strchr(storage_buffer, '\r');
if(buffer_pt)
*buffer_pt = '\0';
-
+
/* Removing syslog header */
if(storage_buffer[0] == '<')
{
@@ -173,13 +173,13 @@ void HandleSyslogTCP()
int client_socket = 0;
int st_errors = 0;
int childcount = 0;
-
+
char srcip[IPSIZE +1];
/* Initializing some variables */
memset(srcip, '\0', IPSIZE + 1);
-
+
/* Connecting to the message queue
* Exit if it fails.
*/
@@ -187,7 +187,7 @@ void HandleSyslogTCP()
{
ErrorExit(QUEUE_FATAL,ARGV0, DEFAULTQUEUE);
}
-
+
/* Infinit loop in here */
while(1)
@@ -223,7 +223,7 @@ void HandleSyslogTCP()
}
- /* Forking to deal with new client */
+ /* Forking to deal with new client */
if(fork() == 0)
{
HandleClient(client_socket, srcip);
diff --git a/src/rootcheck/._Makefile b/src/rootcheck/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._Makefile and /dev/null differ
diff --git a/src/rootcheck/._check_open_ports.c b/src/rootcheck/._check_open_ports.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_open_ports.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_dev.c b/src/rootcheck/._check_rc_dev.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_dev.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_files.c b/src/rootcheck/._check_rc_files.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_files.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_if.c b/src/rootcheck/._check_rc_if.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_if.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_pids.c b/src/rootcheck/._check_rc_pids.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_pids.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_policy.c b/src/rootcheck/._check_rc_policy.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_policy.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_ports.c b/src/rootcheck/._check_rc_ports.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_ports.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_readproc.c b/src/rootcheck/._check_rc_readproc.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_readproc.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_sys.c b/src/rootcheck/._check_rc_sys.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_sys.c and /dev/null differ
diff --git a/src/rootcheck/._check_rc_trojans.c b/src/rootcheck/._check_rc_trojans.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._check_rc_trojans.c and /dev/null differ
diff --git a/src/rootcheck/._common.c b/src/rootcheck/._common.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._common.c and /dev/null differ
diff --git a/src/rootcheck/._common_rcl.c b/src/rootcheck/._common_rcl.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._common_rcl.c and /dev/null differ
diff --git a/src/rootcheck/._config.c b/src/rootcheck/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._config.c and /dev/null differ
diff --git a/src/rootcheck/._os_string.c b/src/rootcheck/._os_string.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._os_string.c and /dev/null differ
diff --git a/src/rootcheck/._rootcheck-config.c b/src/rootcheck/._rootcheck-config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._rootcheck-config.c and /dev/null differ
diff --git a/src/rootcheck/._rootcheck.c b/src/rootcheck/._rootcheck.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._rootcheck.c and /dev/null differ
diff --git a/src/rootcheck/._rootcheck.conf b/src/rootcheck/._rootcheck.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._rootcheck.conf and /dev/null differ
diff --git a/src/rootcheck/._rootcheck.h b/src/rootcheck/._rootcheck.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._rootcheck.h and /dev/null differ
diff --git a/src/rootcheck/._run_rk_check.c b/src/rootcheck/._run_rk_check.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._run_rk_check.c and /dev/null differ
diff --git a/src/rootcheck/._unix-process.c b/src/rootcheck/._unix-process.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/._unix-process.c and /dev/null differ
diff --git a/src/rootcheck/._win-common.c b/src/rootcheck/._win-common.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/._win-common.c and /dev/null differ
diff --git a/src/rootcheck/._win-process.c b/src/rootcheck/._win-process.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/._win-process.c and /dev/null differ
diff --git a/src/rootcheck/check_open_ports.c b/src/rootcheck/check_open_ports.c
index 4be5678..97091ee 100755
--- a/src/rootcheck/check_open_ports.c
+++ b/src/rootcheck/check_open_ports.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "headers/defs.h"
#include "headers/debug_op.h"
@@ -26,7 +26,7 @@ char open_ports_str[OS_SIZE_1024 + 1];
int connect_to_port(int proto, int port)
{
int rc = 0;
-
+
int ossock;
struct sockaddr_in server;
@@ -50,10 +50,10 @@ int connect_to_port(int proto, int port)
{
rc = 1;
}
-
- close(ossock);
- return(rc);
+ close(ossock);
+
+ return(rc);
}
/* try_to_access_ports */
@@ -76,7 +76,7 @@ void try_to_access_ports()
snprintf(port_proto, 64, "%d (tcp),", i);
}
strncat(open_ports_str, port_proto, open_ports_size);
- open_ports_size -= strlen(port_proto) +1;
+ open_ports_size -= strlen(port_proto) +1;
_ports_open++;
}
@@ -116,18 +116,18 @@ void check_open_ports()
memset(open_ports_str, '\0', OS_SIZE_1024 +1);
open_ports_size = OS_SIZE_1024 - 1;
_ports_open = 0;
-
+
#ifndef OSSECHIDS
snprintf(open_ports_str, OS_SIZE_1024, "The following ports are open:");
open_ports_size-=strlen(open_ports_str) +1;
-
- /* Testing All ports */
+
+ /* Testing All ports */
try_to_access_ports();
open_ports_str[strlen(open_ports_str) -1] = '\0';
notify_rk(ALERT_OK, open_ports_str);
-
+
#endif
return;
}
diff --git a/src/rootcheck/check_rc_dev.c b/src/rootcheck/check_rc_dev.c
index cdf5024..071b470 100755
--- a/src/rootcheck/check_rc_dev.c
+++ b/src/rootcheck/check_rc_dev.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef WIN32
#include "shared.h"
#include "rootcheck.h"
@@ -24,12 +24,12 @@ int read_dev_dir(char *dir_name);
int read_dev_file(char *file_name)
{
struct stat statbuf;
-
+
if(lstat(file_name, &statbuf) < 0)
{
return(-1);
}
-
+
if(S_ISDIR(statbuf.st_mode))
{
#ifdef DEBUG
@@ -38,7 +38,7 @@ int read_dev_file(char *file_name)
return(read_dev_dir(file_name));
}
-
+
else if(S_ISREG(statbuf.st_mode))
{
char op_msg[OS_SIZE_1024 +1];
@@ -59,11 +59,11 @@ int read_dev_file(char *file_name)
int read_dev_dir(char *dir_name)
{
int i;
-
+
DIR *dp;
-
+
struct dirent *entry;
-
+
/* when will these people learn that dev is not
* meant to store log files or other kind of texts..
*/
@@ -72,7 +72,7 @@ int read_dev_dir(char *dir_name)
".udev.tdb", ".initramfs-tools",
"MAKEDEV.local", ".udev", ".initramfs",
"oprofile","fd","cgroup",
- #ifdef SOLARIS
+ #ifdef SOLARIS
".devfsadm_dev.lock",
".devlink_db_lock",
".devlink_db",
@@ -81,22 +81,22 @@ int read_dev_dir(char *dir_name)
".devfsadm_synch_door",
".zone_reg_door",
#endif
- NULL};
-
+ NULL};
+
/* Full path ignore */
char *(ignore_dev_full_path[]) = {"/dev/shm/sysconfig",
- "/dev/bus/usb/.usbfs",
+ "/dev/bus/usb/.usbfs",
"/dev/shm",
"/dev/gpmctl",
NULL};
-
+
if((dir_name == NULL)||(strlen(dir_name) > PATH_MAX))
{
merror("%s: Invalid directory given.",ARGV0);
return(-1);
}
-
+
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
@@ -110,24 +110,24 @@ int read_dev_dir(char *dir_name)
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
continue;
-
+
_dev_total++;
-
+
/* Do not look for the ignored files */
for(i = 0;ignore_dev[i] != NULL;i++)
{
if(strcmp(ignore_dev[i], entry->d_name) == 0)
break;
}
-
+
if(ignore_dev[i] != NULL)
continue;
-
- f_name[PATH_MAX +1] = '\0';
+
+ f_name[PATH_MAX +1] = '\0';
snprintf(f_name, PATH_MAX +1, "%s/%s",dir_name, entry->d_name);
-
+
/* Do not look for the full ignored files */
for(i = 0;ignore_dev_full_path[i] != NULL;i++)
@@ -136,20 +136,20 @@ int read_dev_dir(char *dir_name)
break;
}
-
+
/* Checking against the full path. */
if(ignore_dev_full_path[i] != NULL)
{
continue;
}
-
+
read_dev_file(f_name);
}
closedir(dp);
-
+
return(0);
}
@@ -160,7 +160,7 @@ int read_dev_dir(char *dir_name)
void check_rc_dev(char *basedir)
{
char file_path[OS_SIZE_1024 +1];
-
+
_dev_total = 0, _dev_errors = 0;
debug1("%s: DEBUG: Starting on check_rc_dev", ARGV0);
@@ -173,11 +173,11 @@ void check_rc_dev(char *basedir)
{
char op_msg[OS_SIZE_1024 +1];
snprintf(op_msg, OS_SIZE_1024, "No problem detected on the /dev "
- "directory. Analyzed %d files",
+ "directory. Analyzed %d files",
_dev_total);
notify_rk(ALERT_OK, op_msg);
}
-
+
return;
}
diff --git a/src/rootcheck/check_rc_files.c b/src/rootcheck/check_rc_files.c
index 3fd7193..b8c6f64 100755
--- a/src/rootcheck/check_rc_files.c
+++ b/src/rootcheck/check_rc_files.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -28,17 +28,17 @@ void check_rc_files(char *basedir, FILE *fp)
char *file;
char *name;
char *link;
-
+
int _errors = 0;
int _total = 0;
-
-
+
+
debug1("%s: DEBUG: Starting on check_rc_files", ARGV0);
-
+
while(fgets(buf, OS_SIZE_1024, fp) != NULL)
{
char *nbuf;
-
+
/* Removing end of line */
nbuf = strchr(buf, '\n');
if(nbuf)
@@ -48,8 +48,8 @@ void check_rc_files(char *basedir, FILE *fp)
/* Assigning buf to be used */
nbuf = buf;
-
- /* Excluding commented lines or blanked ones */
+
+ /* Excluding commented lines or blanked ones */
while(*nbuf != '\0')
{
if(*nbuf == ' ' || *nbuf == '\t')
@@ -62,15 +62,15 @@ void check_rc_files(char *basedir, FILE *fp)
else
break;
}
-
+
if(*nbuf == '\0')
goto newline;
-
+
/* File now may be valid */
file = nbuf;
- name = nbuf;
-
-
+ name = nbuf;
+
+
/* Getting the file and the rootkit name */
while(*nbuf != '\0')
{
@@ -86,12 +86,12 @@ void check_rc_files(char *basedir, FILE *fp)
nbuf++;
}
}
-
+
if(*nbuf == '\0')
goto newline;
-
-
- /* Some ugly code to remove spaces and \t */
+
+
+ /* Some ugly code to remove spaces and \t */
while(*nbuf != '\0')
{
if(*nbuf == '!')
@@ -116,21 +116,21 @@ void check_rc_files(char *basedir, FILE *fp)
}
}
-
+
/* Getting the link (if present) */
link = strchr(nbuf, ':');
if(link)
{
*link = '\0';
-
- link++;
+
+ link++;
if(*link == ':')
{
link++;
}
}
-
-
+
+
/* Cleaning any space of \t at the end */
nbuf = strchr(nbuf, ' ');
if(nbuf)
@@ -143,7 +143,7 @@ void check_rc_files(char *basedir, FILE *fp)
{
*nbuf = '\0';
}
-
+
_total++;
@@ -154,15 +154,15 @@ void check_rc_files(char *basedir, FILE *fp)
{
merror(MAX_RK_MSG, ARGV0, MAX_RK_SYS);
}
-
+
else
{
/* Removing * / from the file */
file++;
if(*file == '/')
file++;
-
- /* Memory assignment */
+
+ /* Memory assignment */
rk_sys_file[rk_sys_count] = strdup(file);
rk_sys_name[rk_sys_count] = strdup(name);
@@ -170,16 +170,16 @@ void check_rc_files(char *basedir, FILE *fp)
!rk_sys_file[rk_sys_count] )
{
merror(MEM_ERROR, ARGV0);
-
+
if(rk_sys_file[rk_sys_count])
free(rk_sys_file[rk_sys_count]);
if(rk_sys_name[rk_sys_count])
free(rk_sys_name[rk_sys_count]);
-
+
rk_sys_file[rk_sys_count] = NULL;
- rk_sys_name[rk_sys_count] = NULL;
+ rk_sys_name[rk_sys_count] = NULL;
}
-
+
rk_sys_count++;
/* Always assigning the last as NULL */
@@ -188,23 +188,23 @@ void check_rc_files(char *basedir, FILE *fp)
}
continue;
}
-
+
snprintf(file_path, OS_SIZE_1024, "%s/%s",basedir, file);
-
- /* Checking if file exists */
+
+ /* Checking if file exists */
if(is_file(file_path))
{
char op_msg[OS_SIZE_1024 +1];
-
+
_errors = 1;
snprintf(op_msg, OS_SIZE_1024, "Rootkit '%s' detected "
"by the presence of file '%s'.",name, file_path);
-
+
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
}
-
+
newline:
- continue;
+ continue;
}
if(_errors == 0)
diff --git a/src/rootcheck/check_rc_if.c b/src/rootcheck/check_rc_if.c
index 9c80ee1..1d4dd62 100755
--- a/src/rootcheck/check_rc_if.c
+++ b/src/rootcheck/check_rc_if.c
@@ -14,7 +14,7 @@
#include <sys/types.h>
#include <sys/socket.h>
-#include <sys/ioctl.h>
+#include <sys/ioctl.h>
#include <net/if.h>
#include <stdio.h>
@@ -50,9 +50,9 @@ int run_ifconfig(char *ifconfig)
if(system(nt) == 0)
return(1);
- return(0);
+ return(0);
}
-
+
/* check_rc_if: v0.1
* Check all interfaces for promiscuous mode
@@ -61,7 +61,7 @@ void check_rc_if()
{
int _fd, _errors = 0, _total = 0;
struct ifreq tmp_str[16];
-
+
struct ifconf _if;
struct ifreq *_ir;
struct ifreq *_ifend;
@@ -74,34 +74,34 @@ void check_rc_if()
return;
}
-
+
memset(tmp_str, 0, sizeof(struct ifreq)*16);
_if.ifc_len = sizeof(tmp_str);
_if.ifc_buf = (caddr_t)(tmp_str);
-
+
if (ioctl(_fd, SIOCGIFCONF, &_if) < 0)
{
close(_fd);
merror("%s: Error checking interfaces (ioctl)", ARGV0);
return;
}
-
+
_ifend = (struct ifreq*) ((char*)tmp_str + _if.ifc_len);
_ir = tmp_str;
/* Looping on all interfaces */
- for (; _ir < _ifend; _ir++)
+ for (; _ir < _ifend; _ir++)
{
strncpy(_ifr.ifr_name, _ir->ifr_name, sizeof(_ifr.ifr_name));
/* Getting information from each interface */
- if (ioctl(_fd, SIOCGIFFLAGS, (char*)&_ifr) == -1)
+ if (ioctl(_fd, SIOCGIFFLAGS, (char*)&_ifr) == -1)
{
continue;
}
_total++;
-
+
if ((_ifr.ifr_flags & IFF_PROMISC) )
{
@@ -121,7 +121,7 @@ void check_rc_if()
}
_errors++;
}
- }
+ }
close(_fd);
if(_errors == 0)
@@ -131,7 +131,7 @@ void check_rc_if()
" Analyzed %d interfaces.", _total);
notify_rk(ALERT_OK, op_msg);
}
-
+
return;
}
diff --git a/src/rootcheck/check_rc_pids.c b/src/rootcheck/check_rc_pids.c
index c5372e3..bd06f2d 100755
--- a/src/rootcheck/check_rc_pids.c
+++ b/src/rootcheck/check_rc_pids.c
@@ -27,7 +27,7 @@ int proc_read(int pid)
if(noproc)
return(0);
-
+
snprintf(dir, OS_SIZE_1024, "%d", pid);
if(isfile_ondir(dir, "/proc"))
{
@@ -48,15 +48,15 @@ int proc_chdir(int pid)
if(noproc)
return(0);
-
+
if(!getcwd(curr_dir, OS_SIZE_1024))
{
return(0);
}
-
+
if(chdir("/proc") == -1)
- return(0);
-
+ return(0);
+
snprintf(dir, OS_SIZE_1024, "/proc/%d", pid);
if(chdir(dir) == 0)
{
@@ -65,8 +65,8 @@ int proc_chdir(int pid)
/* Returning to the previous directory */
chdir(curr_dir);
-
- return(ret);
+
+ return(ret);
}
@@ -76,12 +76,12 @@ int proc_chdir(int pid)
int proc_stat(int pid)
{
char proc_dir[OS_SIZE_1024 + 1];
-
+
if(noproc)
return(0);
-
+
snprintf(proc_dir, OS_SIZE_1024, "%s/%d", "/proc", pid);
-
+
if(is_file(proc_dir))
{
return(1);
@@ -106,21 +106,21 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
int _proc_stat = 0;
int _proc_read = 0;
int _proc_chdir = 0;
-
+
pid_t i = 1;
pid_t my_pid;
char command[OS_SIZE_1024 +1];
my_pid = getpid();
-
+
for(;;i++)
{
if((i <= 0)||(i > max_pid))
break;
(*_total)++;
-
+
_kill0 = 0;
_kill1 = 0;
_gsid0 = 0;
@@ -131,15 +131,15 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
_proc_stat = 0;
_proc_read = 0;
_proc_chdir = 0;
-
+
/* kill test */
if(!((kill(i, 0) == -1)&&(errno == ESRCH)))
{
_kill0 = 1;
}
-
- /* getsid to test */
+
+ /* getsid to test */
if(!((getsid(i) == -1)&&(errno == ESRCH)))
{
_gsid0 = 1;
@@ -150,20 +150,20 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
{
_gpid0 = 1;
}
-
+
/* proc stat */
_proc_stat = proc_stat(i);
-
+
/* proc readdir */
_proc_read = proc_read(i);
/* proc chdir */
- _proc_chdir = proc_chdir(i);
-
-
+ _proc_chdir = proc_chdir(i);
+
+
/* IF PID does not exist, keep going */
- if(!_kill0 && !_gsid0 && !_gpid0 &&
+ if(!_kill0 && !_gsid0 && !_gpid0 &&
!_proc_stat && !_proc_read && !_proc_chdir)
{
continue;
@@ -174,8 +174,8 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
{
continue;
}
-
- /* Checking the number of errors */
+
+ /* Checking the number of errors */
if((*_errors) > 15)
{
char op_msg[OS_SIZE_1024 +1];
@@ -185,13 +185,13 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
notify_rk(ALERT_SYSTEM_CRIT, op_msg);
return;
}
-
-
+
+
/* checking if process appears on ps */
if(*ps)
{
- snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
- ps,
+ snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
+ ps,
(int)i);
/* Found PID on ps */
@@ -199,20 +199,20 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
if(system(command) == 0)
_ps0 = 1;
}
-
+
/* If we are being run by the ossec hids, sleep here (no rush) */
#ifdef OSSECHIDS
sleep(2);
#endif
-
+
/* Everyone returned ok */
if(_ps0 && _kill0 && _gsid0 && _gpid0 && _proc_stat && _proc_read)
{
continue;
}
-
-
-
+
+
+
/* If our kill or getsid system call, got the
* PID , but ps didn't, we need to find if it was a problem
* with a PID being deleted (not used anymore)
@@ -222,7 +222,7 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
{
_gsid1 = 1;
}
-
+
if(!((kill(i, 0) == -1)&&(errno == ESRCH)))
{
_kill1 = 1;
@@ -232,14 +232,14 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
{
_gpid1 = 1;
}
-
+
_proc_stat = proc_stat(i);
-
+
_proc_read = proc_read(i);
_proc_chdir = proc_chdir(i);
-
+
/* If it matches, process was terminated */
if(!_gsid1 &&!_kill1 &&!_gpid1 &&!_proc_stat &&
!_proc_read &&!_proc_chdir)
@@ -247,14 +247,14 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
continue;
}
}
-
+
#ifdef AIX
/* Ignoring AIX wait and sched programs. */
if((_gsid0 == _gsid1) &&
(_kill0 == _kill1) &&
(_gpid0 == _gpid1) &&
- (_ps0 == 1) &&
- (_gsid0 == 1) &&
+ (_ps0 == 1) &&
+ (_gsid0 == 1) &&
(_kill0 == 0))
{
/* The wait and sched programs do not respond to kill 0.
@@ -267,7 +267,7 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
}
#endif
-
+
if((_gsid0 == _gsid1)&&
(_kill0 == _kill1)&&
(_gsid0 != _kill0))
@@ -326,8 +326,8 @@ void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
"ps. Possible trojaned version installed.",
(int)i);
-
- notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
+
+ notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
(*_errors)++;
}
}
@@ -342,16 +342,16 @@ void check_rc_pids()
{
int _total = 0;
int _errors = 0;
-
+
char ps[OS_SIZE_1024 +1];
-
+
char proc_0[] = "/proc";
char proc_1[] = "/proc/1";
pid_t max_pid = MAX_PID;
noproc = 1;
-
+
/* Checking where ps is */
memset(ps, '\0', OS_SIZE_1024 +1);
strncpy(ps, "/bin/ps", OS_SIZE_1024);
@@ -361,14 +361,14 @@ void check_rc_pids()
if(!is_file(ps))
ps[0] = '\0';
}
-
-
+
+
/* Proc is mounted */
if(is_file(proc_0) && is_file(proc_1))
{
noproc = 0;
}
-
+
loop_all_pids(ps, max_pid, &_errors, &_total);
if(_errors == 0)
@@ -379,7 +379,7 @@ void check_rc_pids()
"Analyzed %d processes.", ps, _total);
notify_rk(ALERT_OK, op_msg);
}
-
+
return;
}
diff --git a/src/rootcheck/check_rc_policy.c b/src/rootcheck/check_rc_policy.c
index ed59660..8d7cf65 100755
--- a/src/rootcheck/check_rc_policy.c
+++ b/src/rootcheck/check_rc_policy.c
@@ -10,12 +10,12 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rootcheck.h"
-
+
/* check_rc_unixaudit:
* Read the file pointer specified
* and check if the configured file is there
@@ -23,9 +23,9 @@
void check_rc_unixaudit(FILE *fp, void *p_list)
{
debug1("%s: DEBUG: Starting on check_rc_unixaudit", ARGV0);
-
+
rkcl_get_entry(fp, "System Audit:", p_list);
-
+
}
@@ -37,9 +37,9 @@ void check_rc_unixaudit(FILE *fp, void *p_list)
void check_rc_winaudit(FILE *fp, void *p_list)
{
debug1("%s: DEBUG: Starting on check_rc_winaudit", ARGV0);
-
+
rkcl_get_entry(fp, "Windows Audit:", p_list);
-
+
}
/* check_rc_winmalware:
@@ -49,9 +49,9 @@ void check_rc_winaudit(FILE *fp, void *p_list)
void check_rc_winmalware(FILE *fp, void *p_list)
{
debug1("%s: DEBUG: Starting on check_rc_winmalware", ARGV0);
-
+
rkcl_get_entry(fp, "Windows Malware:", p_list);
-
+
}
/* check_rc_winapps:
@@ -61,7 +61,7 @@ void check_rc_winmalware(FILE *fp, void *p_list)
void check_rc_winapps(FILE *fp, void *p_list)
{
debug1("%s: DEBUG: Starting on check_rc_winapps", ARGV0);
-
+
rkcl_get_entry(fp, "Application Found:", p_list);
}
diff --git a/src/rootcheck/check_rc_ports.c b/src/rootcheck/check_rc_ports.c
index a511079..d40356d 100755
--- a/src/rootcheck/check_rc_ports.c
+++ b/src/rootcheck/check_rc_ports.c
@@ -10,9 +10,9 @@
* Foundation
*/
-
+
#ifndef WIN32
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -31,7 +31,7 @@
#define NETSTAT_LIST "netstat -an | grep \"^%s\" | "\
"cut -d ':' -f 2 | cut -d ' ' -f 1"
#define NETSTAT "netstat -an | grep \"^%s\" | " \
- "grep \"[^0-9]%d \" > /dev/null 2>&1"
+ "grep \"[^0-9]%d \" > /dev/null 2>&1"
#endif
#ifndef NETSTAT
@@ -57,14 +57,14 @@ int run_netstat(int proto, int port)
ret = system(nt);
- if(ret == 0)
+ if(ret == 0)
return(1);
else if(ret == 1)
{
return(0);
}
-
+
return(1);
}
@@ -92,7 +92,7 @@ int conn_port(int proto, int port)
server.sin_port = htons( port );
server.sin_addr.s_addr = htonl(INADDR_ANY);
-
+
/* If we can't bind, it means the port is open */
if(bind(ossock, (struct sockaddr *) &server, sizeof(server)) < 0)
{
@@ -108,10 +108,10 @@ int conn_port(int proto, int port)
{
total_ports_udp[port] = rc;
}
-
- close(ossock);
- return(rc);
+ close(ossock);
+
+ return(rc);
}
@@ -130,7 +130,7 @@ void test_ports(int proto, int *_errors, int *_total)
if(run_netstat(proto, i))
{
continue;
-
+
#ifdef OSSECHIDS
sleep(2);
#endif
@@ -149,7 +149,7 @@ void test_ports(int proto, int *_errors, int *_total)
snprintf(op_msg, OS_SIZE_1024, "Port '%d'(%s) hidden. "
"Kernel-level rootkit or trojaned "
- "version of netstat.", i,
+ "version of netstat.", i,
(proto == IPPROTO_UDP)? "udp" : "tcp");
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
@@ -187,8 +187,8 @@ void check_rc_ports()
total_ports_udp[i] = 0;
i++;
}
-
- /* Trsting TCP ports */
+
+ /* Trsting TCP ports */
test_ports(IPPROTO_TCP, &_errors, &_total);
/* Testing UDP ports */
@@ -202,7 +202,7 @@ void check_rc_ports()
" Analyzed %d ports.", _total);
notify_rk(ALERT_OK, op_msg);
}
-
+
return;
}
diff --git a/src/rootcheck/check_rc_readproc.c b/src/rootcheck/check_rc_readproc.c
index 7291bc3..6cc763e 100755
--- a/src/rootcheck/check_rc_readproc.c
+++ b/src/rootcheck/check_rc_readproc.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#ifndef WIN32
#include "shared.h"
#include "rootcheck.h"
@@ -29,18 +29,18 @@ int read_proc_dir(char *dir_name, char *pid, int position);
int read_proc_file(char *file_name, char *pid, int position)
{
struct stat statbuf;
-
+
if(lstat(file_name, &statbuf) < 0)
{
return(-1);
}
-
+
/* If directory, read the directory */
else if(S_ISDIR(statbuf.st_mode))
{
return(read_proc_dir(file_name, pid, position));
}
-
+
return(0);
}
@@ -50,16 +50,16 @@ int read_proc_file(char *file_name, char *pid, int position)
int read_proc_dir(char *dir_name, char *pid, int position)
{
DIR *dp;
-
+
struct dirent *entry;
-
+
if((dir_name == NULL)||(strlen(dir_name) > PATH_MAX))
{
merror("%s: Invalid directory given",ARGV0);
return(-1);
}
-
+
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
@@ -73,7 +73,7 @@ int read_proc_dir(char *dir_name, char *pid, int position)
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
continue;
if(position == PROC)
@@ -91,8 +91,8 @@ int read_proc_dir(char *dir_name, char *pid, int position)
if(*tmp_str != '\0')
continue;
-
-
+
+
snprintf(f_name, PATH_MAX +1, "%s/%s",dir_name, entry->d_name);
read_proc_file(f_name, pid, position+1);
@@ -123,7 +123,7 @@ int read_proc_dir(char *dir_name, char *pid, int position)
}
closedir(dp);
-
+
return(0);
}
@@ -137,17 +137,17 @@ int check_rc_readproc(int pid)
char char_pid[32];
proc_pid_found = 0;
-
- /* NL threads */
+
+ /* NL threads */
snprintf(char_pid, 31, "/proc/.%d", pid);
if(is_file(char_pid))
return(1);
-
-
+
+
snprintf(char_pid, 31, "%d", pid);
-
+
read_proc_dir("/proc", char_pid, PROC);
-
+
return(proc_pid_found);
}
diff --git a/src/rootcheck/check_rc_sys.c b/src/rootcheck/check_rc_sys.c
index 1434f16..7b5edf5 100755
--- a/src/rootcheck/check_rc_sys.c
+++ b/src/rootcheck/check_rc_sys.c
@@ -11,7 +11,7 @@
*/
-#include "shared.h"
+#include "shared.h"
#include "rootcheck.h"
int _sys_errors;
@@ -28,7 +28,7 @@ int read_sys_dir(char *dir_name, int do_read);
int read_sys_file(char *file_name, int do_read)
{
struct stat statbuf;
-
+
_sys_total++;
@@ -52,7 +52,7 @@ int read_sys_file(char *file_name, int do_read)
#endif
return(-1);
}
-
+
/* If directory, read the directory */
else if(S_ISDIR(statbuf.st_mode))
{
@@ -115,19 +115,19 @@ int read_sys_file(char *file_name, int do_read)
}
}
}
-
-
+
+
/* If has OTHER write and exec permission, alert */
#ifndef WIN32
- if(((statbuf.st_mode & S_IWOTH) == S_IWOTH) &&
+ if(((statbuf.st_mode & S_IWOTH) == S_IWOTH) &&
(S_ISREG(statbuf.st_mode)))
{
if((statbuf.st_mode & S_IXUSR) == S_IXUSR)
{
if(_wx)
fprintf(_wx, "%s\n",file_name);
-
- _sys_errors++;
+
+ _sys_errors++;
}
else
{
@@ -173,16 +173,16 @@ int read_sys_dir(char *dir_name, int do_read)
unsigned int entry_count = 0;
int did_changed = 0;
DIR *dp;
-
+
struct dirent *entry;
struct stat statbuf;
-
+
#ifndef WIN32
char *(dirs_to_doread[]) = { "/bin", "/sbin", "/usr/bin",
- "/usr/sbin", "/dev", "/etc",
+ "/usr/sbin", "/dev", "/etc",
"/boot", NULL };
#endif
-
+
if((dir_name == NULL)||(strlen(dir_name) > PATH_MAX))
{
merror("%s: Invalid directory given.",ARGV0);
@@ -204,8 +204,8 @@ int read_sys_dir(char *dir_name, int do_read)
i = 0;
}
-
-
+
+
/* Getting the number of nodes. The total number on opendir
* must be the same
*/
@@ -213,8 +213,8 @@ int read_sys_dir(char *dir_name, int do_read)
{
return(-1);
}
-
-
+
+
/* Currently device id */
if(did != statbuf.st_dev)
{
@@ -222,13 +222,13 @@ int read_sys_dir(char *dir_name, int do_read)
did_changed = 1;
did = statbuf.st_dev;
}
-
-
+
+
if(!S_ISDIR(statbuf.st_mode))
{
return(-1);
}
-
+
#ifndef WIN32
/* Check if the do_read is valid for this directory */
@@ -244,14 +244,14 @@ int read_sys_dir(char *dir_name, int do_read)
#else
do_read = 0;
#endif
-
-
+
+
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
{
if((strcmp(dir_name, "") == 0)&&
- (dp = opendir("/")))
+ (dp = opendir("/")))
{
/* ok */
}
@@ -270,7 +270,7 @@ int read_sys_dir(char *dir_name, int do_read)
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
{
entry_count++;
continue;
@@ -295,7 +295,7 @@ int read_sys_dir(char *dir_name, int do_read)
#ifndef Darwin
if(S_ISDIR(statbuf_local.st_mode))
#else
- if(S_ISDIR(statbuf_local.st_mode) ||
+ if(S_ISDIR(statbuf_local.st_mode) ||
S_ISREG(statbuf_local.st_mode) ||
S_ISLNK(statbuf_local.st_mode))
#endif
@@ -304,7 +304,7 @@ int read_sys_dir(char *dir_name, int do_read)
}
}
-
+
/* Checking every file against the rootkit database */
for(i = 0; i<= rk_sys_count; i++)
{
@@ -334,15 +334,15 @@ int read_sys_dir(char *dir_name, int do_read)
/* Entry count for directory different than the actual
* link count from stats.
*/
- if((entry_count != statbuf.st_nlink) &&
+ if((entry_count != statbuf.st_nlink) &&
((did_changed == 0) || ((entry_count + 1) != statbuf.st_nlink)))
{
#ifndef WIN32
struct stat statbuf2;
char op_msg[OS_SIZE_1024 +1];
-
- if((lstat(dir_name, &statbuf2) == 0) &&
+
+ if((lstat(dir_name, &statbuf2) == 0) &&
(statbuf2.st_nlink != entry_count))
{
snprintf(op_msg, OS_SIZE_1024, "Files hidden inside directory "
@@ -357,12 +357,12 @@ int read_sys_dir(char *dir_name, int do_read)
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
_sys_errors++;
}
- #elif Darwin
+ #elif Darwin || FreeBSD
if(strncmp(dir_name, "/dev", strlen("/dev")) != 0)
{
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
_sys_errors++;
- }
+ }
#else
notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
@@ -372,9 +372,9 @@ int read_sys_dir(char *dir_name, int do_read)
#endif
}
-
+
closedir(dp);
-
+
return(0);
}
@@ -391,7 +391,7 @@ void check_rc_sys(char *basedir)
_sys_errors = 0;
_sys_total = 0;
did = 0; /* device id */
-
+
snprintf(file_path, OS_SIZE_1024, "%s", basedir);
@@ -410,9 +410,9 @@ void check_rc_sys(char *basedir)
}
-
+
/* Scan the whole file system -- may be slow */
- if(rootcheck.scanall)
+ if(rootcheck.scanall)
{
#ifndef WIN32
snprintf(file_path, 3, "%s", "/");
@@ -421,43 +421,43 @@ void check_rc_sys(char *basedir)
read_sys_dir(file_path, rootcheck.readall);
}
-
+
/* Scan only specific directories */
else
{
int _i = 0;
-
+
#ifndef WIN32
char *(dirs_to_scan[]) = {"/bin", "/sbin", "/usr/bin",
"/usr/sbin", "/dev", "/lib",
"/etc", "/root", "/var/log",
"/var/mail", "/var/lib", "/var/www",
"/usr/lib", "/usr/include",
- "/tmp", "/boot", "/usr/local",
+ "/tmp", "/boot", "/usr/local",
"/var/tmp", "/sys", NULL};
#else
char *(dirs_to_scan[]) = {"C:\\WINDOWS", "C:\\Program Files", NULL};
#endif
-
+
for(_i = 0; _i <= 24; _i++)
{
if(dirs_to_scan[_i] == NULL)
break;
-
- #ifndef WIN32
- snprintf(file_path, OS_SIZE_1024, "%s%s",
- basedir,
+
+ #ifndef WIN32
+ snprintf(file_path, OS_SIZE_1024, "%s%s",
+ basedir,
dirs_to_scan[_i]);
read_sys_dir(file_path, rootcheck.readall);
#else
read_sys_dir(dirs_to_scan[_i], rootcheck.readall);
#endif
-
+
}
}
-
+
if(_sys_errors == 0)
{
char op_msg[OS_SIZE_1024 +1];
@@ -471,13 +471,13 @@ void check_rc_sys(char *basedir)
char op_msg[OS_SIZE_1024 +1];
snprintf(op_msg, OS_SIZE_1024, "Check the following files for more "
"information:\n%s%s%s",
- (ftell(_wx) == 0)?"":
+ (ftell(_wx) == 0)?"":
" rootcheck-rw-rw-rw-.txt (list of world writable files)\n",
(ftell(_ww) == 0)?"":
" rootcheck-rwxrwxrwx.txt (list of world writtable/executable files)\n",
- (ftell(_suid) == 0)?"":
+ (ftell(_suid) == 0)?"":
" rootcheck-suid-files.txt (list of suid files)");
-
+
notify_rk(ALERT_SYSTEM_ERROR, op_msg);
}
@@ -487,21 +487,21 @@ void check_rc_sys(char *basedir)
unlink("rootcheck-rw-rw-rw-.txt");
fclose(_wx);
}
-
+
if(_ww)
{
if(ftell(_ww) == 0)
unlink("rootcheck-rwxrwxrwx.txt");
fclose(_ww);
}
-
+
if(_suid)
{
if(ftell(_suid) == 0)
unlink("rootcheck-suid-files.txt");
- fclose(_suid);
+ fclose(_suid);
}
-
+
return;
}
diff --git a/src/rootcheck/check_rc_trojans.c b/src/rootcheck/check_rc_trojans.c
index b10d9fe..1ee24ef 100755
--- a/src/rootcheck/check_rc_trojans.c
+++ b/src/rootcheck/check_rc_trojans.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -54,7 +54,7 @@ void check_rc_trojans(char *basedir, FILE *fp)
/* Normalizing line */
nbuf = normalize_string(buf);
-
+
if(*nbuf == '\0' || *nbuf == '#')
{
@@ -70,7 +70,7 @@ void check_rc_trojans(char *basedir, FILE *fp)
{
continue;
}
-
+
*string_to_look = '\0';
string_to_look++;
@@ -81,26 +81,26 @@ void check_rc_trojans(char *basedir, FILE *fp)
}
*message = '\0';
message++;
-
+
string_to_look = normalize_string(string_to_look);
file = normalize_string(file);
message = normalize_string(message);
-
-
+
+
if(*file == '\0' || *string_to_look == '\0')
{
continue;
}
-
+
_total++;
-
-
+
+
/* Trying with all possible paths */
while(all_paths[i] != NULL)
{
if(*file != '/')
{
- snprintf(file_path, OS_SIZE_1024, "%s/%s/%s",basedir,
+ snprintf(file_path, OS_SIZE_1024, "%s/%s/%s",basedir,
all_paths[i],
file);
}
@@ -109,15 +109,15 @@ void check_rc_trojans(char *basedir, FILE *fp)
strncpy(file_path, file, OS_SIZE_1024);
file_path[OS_SIZE_1024 -1] = '\0';
}
-
+
/* Checking if entry is found */
if(is_file(file_path) && os_string(file_path, string_to_look))
{
char op_msg[OS_SIZE_1024 +1];
_errors = 1;
-
+
snprintf(op_msg, OS_SIZE_1024, "Trojaned version of file "
- "'%s' detected. Signature used: '%s' (%s).",
+ "'%s' detected. Signature used: '%s' (%s).",
file_path,
string_to_look,
*message == '\0'?
@@ -132,7 +132,7 @@ void check_rc_trojans(char *basedir, FILE *fp)
}
i++;
}
- continue;
+ continue;
}
diff --git a/src/rootcheck/common.c b/src/rootcheck/common.c
index 0ab1206..eec625a 100755
--- a/src/rootcheck/common.c
+++ b/src/rootcheck/common.c
@@ -9,14 +9,14 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/main/license/ .
*/
-
+
#include "shared.h"
#include "rootcheck.h"
-#include "os_regex/os_regex.h"
+#include "os_regex/os_regex.h"
@@ -60,7 +60,7 @@ int rk_check_dir(char *dir, char *file, char *pattern)
{
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
{
continue;
}
@@ -69,7 +69,7 @@ int rk_check_dir(char *dir, char *file, char *pattern)
/* Creating new file + path string */
snprintf(f_name, PATH_MAX +1, "%s/%s",dir, entry->d_name);
-
+
/* Checking if the read entry, matches the provided file name. */
if(strncasecmp(file, "r:", 2) == 0)
{
@@ -81,7 +81,7 @@ int rk_check_dir(char *dir, char *file, char *pattern)
}
}
}
-
+
/* Trying without regex. */
else
{
@@ -94,7 +94,7 @@ int rk_check_dir(char *dir, char *file, char *pattern)
}
}
-
+
/* Checking if file is a directory */
if(lstat(f_name, &statbuf_local) == 0)
{
@@ -120,13 +120,13 @@ int rk_check_dir(char *dir, char *file, char *pattern)
int rk_check_file(char *file, char *pattern)
{
char *split_file;
- int full_negate = 0;
- int pt_result = 0;
-
+ int full_negate = 0;
+ int pt_result = 0;
+
FILE *fp;
char buf[OS_SIZE_2048 +1];
-
-
+
+
/* If string is null, we don't match */
if(file == NULL)
{
@@ -146,7 +146,7 @@ int rk_check_file(char *file, char *pattern)
/* Getting each file */
do
{
-
+
/* If we don't have a pattern, just check if the file/dir is there */
if(pattern == NULL)
@@ -168,7 +168,7 @@ int rk_check_file(char *file, char *pattern)
while(rootcheck.alert_msg[i] && (i < 255))
i++;
-
+
if(!rootcheck.alert_msg[i])
os_strdup(_b_msg, rootcheck.alert_msg[i]);
@@ -178,14 +178,14 @@ int rk_check_file(char *file, char *pattern)
else
{
- full_negate = pt_check_negate(pattern);
+ full_negate = pt_check_negate(pattern);
/* Checking for a content in the file */
- debug1("checking file: %s", file);
+ debug1("checking file: %s", file);
fp = fopen(file, "r");
if(fp)
{
- debug1(" starting new file: %s", file);
+ debug1(" starting new file: %s", file);
buf[OS_SIZE_2048] = '\0';
while(fgets(buf, OS_SIZE_2048, fp) != NULL)
{
@@ -211,7 +211,7 @@ int rk_check_file(char *file, char *pattern)
/* Matched */
pt_result = pt_matches(buf, pattern);
- debug1("Buf == \"%s\"", buf);
+ debug1("Buf == \"%s\"", buf);
debug1("Pattern == \"%s\"", pattern);
debug1("pt_result == %d and full_negate == %d", pt_result, full_negate);
if((pt_result == 1 && full_negate == 0) )
@@ -228,7 +228,7 @@ int rk_check_file(char *file, char *pattern)
_b_msg[OS_SIZE_1024] = '\0';
snprintf(_b_msg, OS_SIZE_1024, " File: %s.",
file);
-
+
/* Already present. */
if(_is_str_in_array(rootcheck.alert_msg, _b_msg))
{
@@ -246,18 +246,18 @@ int rk_check_file(char *file, char *pattern)
else if((pt_result == 0 && full_negate == 1) )
{
/* found a full+negate match so no longer need to search
- * break out of loop and amke sure the full negate does
- * not alertin
+ * break out of loop and amke sure the full negate does
+ * not alertin
*/
debug1("found a complete match for full_negate");
- full_negate = 0;
- break;
+ full_negate = 0;
+ break;
}
}
fclose(fp);
- if(full_negate == 1)
+ if(full_negate == 1)
{
debug1("full_negate alerting - file %s",file);
int i = 0;
@@ -267,7 +267,7 @@ int rk_check_file(char *file, char *pattern)
_b_msg[OS_SIZE_1024] = '\0';
snprintf(_b_msg, OS_SIZE_1024, " File: %s.",
file);
-
+
/* Already present. */
if(_is_str_in_array(rootcheck.alert_msg, _b_msg))
{
@@ -294,8 +294,8 @@ int rk_check_file(char *file, char *pattern)
split_file++;
}
}
-
-
+
+
}while(split_file);
@@ -312,7 +312,7 @@ int pt_check_negate(char *pattern)
char *mypattern = NULL;
os_strdup(pattern, mypattern);
char *tmp_pt = mypattern;
- char *tmp_pattern = mypattern;
+ char *tmp_pattern = mypattern;
char *tmp_ret = NULL;
@@ -322,9 +322,9 @@ int pt_check_negate(char *pattern)
tmp_pt = strchr(tmp_pattern, ' ');
if(tmp_pt && tmp_pt[1] == '&' && tmp_pt[2] == '&' && tmp_pt[3] == ' ')
{
- /* Marking pointer to clean it up */
+ /* Marking pointer to clean it up */
tmp_ret = tmp_pt;
-
+
*tmp_pt = '\0';
tmp_pt += 4;
}
@@ -338,7 +338,7 @@ int pt_check_negate(char *pattern)
free(mypattern);
return 0;
}
-
+
tmp_pattern = tmp_pt;
}
@@ -353,7 +353,7 @@ int pt_check_negate(char *pattern)
* =: (for equal) - default - strcasecmp
* r: (for ossec regexes)
* >: (for strcmp greater)
- * <: (for strcmp lower)
+ * <: (for strcmp lower)
*
* Multiple patterns can be specified by using " && " between them.
* All of them must match for it to return true.
@@ -371,16 +371,16 @@ int pt_matches(char *str, char *pattern)
{
return(0);
}
-
+
while(tmp_pt != NULL)
{
/* We first look for " && " */
tmp_pt = strchr(pattern, ' ');
if(tmp_pt && tmp_pt[1] == '&' && tmp_pt[2] == '&' && tmp_pt[3] == ' ')
{
- /* Marking pointer to clean it up */
+ /* Marking pointer to clean it up */
tmp_ret = tmp_pt;
-
+
*tmp_pt = '\0';
tmp_pt += 4;
}
@@ -398,7 +398,7 @@ int pt_matches(char *str, char *pattern)
pattern++;
neg = 1;
}
-
+
/* Doing strcasecmp */
if(strncasecmp(pattern, "=:", 2) == 0)
@@ -438,7 +438,7 @@ int pt_matches(char *str, char *pattern)
{
#ifdef WIN32
char final_file[2048 +1];
-
+
/* Try to get Windows variable */
if(*pattern == '%')
{
@@ -457,7 +457,7 @@ int pt_matches(char *str, char *pattern)
{
ret_code = 1;
}
-
+
#else
if(strcasecmp(pattern, str) == 0)
{
@@ -474,7 +474,7 @@ int pt_matches(char *str, char *pattern)
tmp_ret = NULL;
}
-
+
/* If we have "!", return true if we don't match */
if(neg == 1)
{
@@ -492,7 +492,7 @@ int pt_matches(char *str, char *pattern)
break;
}
}
-
+
ret_code = 1;
pattern = tmp_pt;
}
@@ -508,15 +508,30 @@ int pt_matches(char *str, char *pattern)
*/
char *normalize_string(char *str)
{
- int str_sz = strlen(str) -1;
- while(str[str_sz] == ' ' || str[str_sz] == '\t') {
- str[str_sz--] = '\0';
+ unsigned int str_sz = strlen(str);
+ // return zero-length str as is
+ if (str_sz == 0) {
+ return str;
+ } else {
+ str_sz--;
}
+ // remove trailing spaces
+ while(str[str_sz] == ' ' || str[str_sz] == '\t')
+ {
+ if(str_sz == 0)
+ break;
- while(*str != '\0') {
- if(*str == ' ' || *str == '\t') {
+ str[str_sz--] = '\0';
+ }
+ // ignore leading spaces
+ while(*str != '\0')
+ {
+ if(*str == ' ' || *str == '\t')
+ {
str++;
- } else {
+ }
+ else
+ {
break;
}
}
@@ -536,7 +551,7 @@ int isfile_ondir(char *file, char *dir)
DIR *dp = NULL;
struct dirent *entry;
dp = opendir(dir);
-
+
if(!dp)
return(0);
@@ -548,7 +563,7 @@ int isfile_ondir(char *file, char *dir)
return(1);
}
}
-
+
closedir(dp);
return(0);
}
@@ -561,19 +576,19 @@ int isfile_ondir(char *file, char *dir)
int is_file(char *file_name)
{
int ret = 0;
-
+
struct stat statbuf;
FILE *fp = NULL;
DIR *dp = NULL;
#ifndef WIN32
-
+
char curr_dir[1024];
-
+
char *file_dirname;
char *file_basename;
-
+
curr_dir[1023] = '\0';
@@ -590,7 +605,7 @@ int is_file(char *file_name)
return(0);
}
-
+
/* If file_basename == file_name, then the file
* only has one slash at the beginning.
*/
@@ -651,7 +666,7 @@ int is_file(char *file_name)
ret = 1;
}
}
-
+
#else
dp = opendir(file_name);
if(dp)
@@ -659,10 +674,10 @@ int is_file(char *file_name)
closedir(dp);
ret = 1;
}
-
+
#endif /* WIN32 */
-
+
/* Trying other calls */
if( (stat(file_name, &statbuf) < 0) &&
#ifndef WIN32
@@ -676,7 +691,7 @@ int is_file(char *file_name)
/* must close it over here */
if(fp)
fclose(fp);
-
+
return(1);
}
@@ -711,7 +726,7 @@ int del_plist(void *p_list_p)
{
free(pinfo->p_path);
}
-
+
free(l_node->data);
if(p_node)
@@ -767,7 +782,7 @@ int is_process(char *value, void *p_list_p)
char _b_msg[OS_SIZE_1024 +1];
_b_msg[OS_SIZE_1024] = '\0';
-
+
snprintf(_b_msg, OS_SIZE_1024, " Process: %s.",
pinfo->p_path);
@@ -776,7 +791,7 @@ int is_process(char *value, void *p_list_p)
{
return(1);
}
-
+
while(rootcheck.alert_msg[i] && (i< 255))
i++;
@@ -792,7 +807,7 @@ int is_process(char *value, void *p_list_p)
return(0);
}
-
-
+
+
/* EOF */
diff --git a/src/rootcheck/common_rcl.c b/src/rootcheck/common_rcl.c
index b7e8155..3677d78 100755
--- a/src/rootcheck/common_rcl.c
+++ b/src/rootcheck/common_rcl.c
@@ -9,11 +9,11 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/main/license/
*/
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -27,7 +27,7 @@
#define RKCL_COND_ALL 0x001
#define RKCL_COND_ANY 0x002
#define RKCL_COND_REQ 0x004
-#define RKCL_COND_INV 0x010
+#define RKCL_COND_INV 0x010
@@ -41,7 +41,7 @@ char *_rkcl_getrootdir(char *root_dir, int dir_size)
final_file[0] = '\0';
final_file[2048] = '\0';
-
+
ExpandEnvironmentStrings("%WINDIR%", final_file, 2047);
tmp = strchr(final_file, '\\');
@@ -51,7 +51,7 @@ char *_rkcl_getrootdir(char *root_dir, int dir_size)
strncpy(root_dir, final_file, dir_size);
return(root_dir);
}
-
+
return(NULL);
#endif
@@ -133,7 +133,7 @@ int _rkcl_get_vars(OSStore *vars, char *nbuf)
char *var_name;
char *var_value;
char *tmp;
-
+
/* If not a variable, return 0 */
if(*nbuf != '$')
{
@@ -151,7 +151,7 @@ int _rkcl_get_vars(OSStore *vars, char *nbuf)
{
return(-1);
}
-
+
/* Getting value. */
tmp = strchr(nbuf, '=');
@@ -184,7 +184,7 @@ char *_rkcl_get_name(char *buf, char *ref, int *condition)
{
char *tmp_location;
char *tmp_location2;
-
+
*condition = 0;
/* Checking if name is valid */
@@ -201,8 +201,8 @@ char *_rkcl_get_name(char *buf, char *ref, int *condition)
return(NULL);
}
*tmp_location = '\0';
-
-
+
+
/* Getting condition */
tmp_location++;
if(*tmp_location != ' ' && tmp_location[1] != '[')
@@ -218,8 +218,8 @@ char *_rkcl_get_name(char *buf, char *ref, int *condition)
}
*tmp_location2 = '\0';
tmp_location2++;
-
-
+
+
/* Getting condition */
if(strcmp(tmp_location, "all") == 0)
{
@@ -261,7 +261,7 @@ char *_rkcl_get_name(char *buf, char *ref, int *condition)
*tmp_location = '\0';
/* Copying reference */
- strncpy(ref, tmp_location2, 255);
+ strncpy(ref, tmp_location2, 255);
return(strdup(buf));
}
@@ -310,21 +310,21 @@ char *_rkcl_get_value(char *buf, int *type)
*value = '\0';
value++;
-
+
tmp_str = strchr(value, ';');
if(tmp_str == NULL)
{
return(NULL);
}
*tmp_str = '\0';
-
+
/* Getting types - removing negate flag (using later) */
if(*buf == '!')
{
buf++;
}
-
+
if(strcmp(buf, "f") == 0)
{
*type = RKCL_TYPE_FILE;
@@ -375,7 +375,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
memset(final_file, '\0', sizeof(final_file));
memset(ref, '\0', sizeof(ref));
-
+
root_dir_len = sizeof(root_dir) -1;
@@ -384,14 +384,14 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
_rkcl_getrootdir(root_dir, root_dir_len);
if(root_dir[0] == '\0')
{
- merror(INVALID_ROOTDIR, ARGV0);
+ merror(INVALID_ROOTDIR, ARGV0);
}
- #endif
+ #endif
/* Getting variables */
vars = OSStore_Create();
-
+
/* We first read all variables -- they must be defined at the top. */
while(1)
@@ -423,15 +423,15 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
merror(INVALID_RKCL_NAME, ARGV0, nbuf);
goto clean_return;
}
-
+
/* Getting the real entries. */
do
{
int g_found = 0;
-
-
+
+
/* Getting entry name */
if(name == NULL)
{
@@ -448,21 +448,21 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
int negate = 0;
int found = 0;
value = NULL;
-
+
nbuf = _rkcl_getfp(fp, buf);
if(nbuf == NULL)
{
break;
}
-
+
/* We first try to get the name, looking for new entries */
if(_rkcl_is_name(nbuf))
{
break;
}
-
-
+
+
/* Getting value to look for */
value = _rkcl_get_value(nbuf, &type);
if(value == NULL)
@@ -501,15 +501,15 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
continue;
}
}
-
+
#ifdef WIN32
else if(value[0] == '\\')
{
final_file[0] = '\0';
final_file[sizeof(final_file) -1] = '\0';
-
- snprintf(final_file, sizeof(final_file) -2, "%s%s",
+
+ snprintf(final_file, sizeof(final_file) -2, "%s%s",
root_dir, value);
f_value = final_file;
}
@@ -517,8 +517,8 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
{
final_file[0] = '\0';
final_file[sizeof(final_file) -1] = '\0';
-
- ExpandEnvironmentStrings(value, final_file,
+
+ ExpandEnvironmentStrings(value, final_file,
sizeof(final_file) -2);
f_value = final_file;
}
@@ -532,15 +532,15 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
found = 1;
}
}
-
+
/* Checking for a registry entry */
else if(type == RKCL_TYPE_REGISTRY)
{
char *entry = NULL;
char *pattern = NULL;
-
-
+
+
/* Looking for additional entries in the registry
* and a pattern to match.
*/
@@ -549,8 +549,8 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
{
pattern = _rkcl_get_pattern(entry);
}
-
-
+
+
#ifdef WIN32
debug2("%s: DEBUG: Checking registry: '%s'.", ARGV0, value);
if(is_registry(value, entry, pattern))
@@ -570,7 +570,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
char *f_value = NULL;
char *dir = NULL;
-
+
file = _rkcl_get_pattern(value);
if(file)
{
@@ -593,7 +593,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
f_value = value;
}
-
+
/* Checking for multiple, comma separated directories. */
dir = f_value;
f_value = strchr(dir, ',');
@@ -601,7 +601,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
{
*f_value = '\0';
}
-
+
while(dir)
{
@@ -611,14 +611,14 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
debug2("%s: DEBUG: Found dir.", ARGV0);
found = 1;
}
-
+
if(f_value)
{
*f_value = ',';
f_value++;
-
+
dir = f_value;
-
+
f_value = strchr(dir, ',');
if(f_value)
{
@@ -631,7 +631,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
}
}
}
-
+
/* Checking for a process. */
else if(type == RKCL_TYPE_PROCESS)
@@ -682,8 +682,8 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
}
}
}while(value != NULL);
-
-
+
+
/* Alerting if necessary */
if(g_found == 1)
{
@@ -691,18 +691,18 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
char op_msg[OS_SIZE_1024 +1];
char **p_alert_msg = rootcheck.alert_msg;
- while(1)
+ while(1)
{
if(ref[0] != '\0')
{
snprintf(op_msg, OS_SIZE_1024, "%s %s.%s"
- " Reference: %s .",msg, name,
+ " Reference: %s .",msg, name,
p_alert_msg[j]?p_alert_msg[j]:"\0",
ref);
}
else
{
- snprintf(op_msg, OS_SIZE_1024, "%s %s.%s",msg,
+ snprintf(op_msg, OS_SIZE_1024, "%s %s.%s",msg,
name, p_alert_msg[j]?p_alert_msg[j]:"\0");
}
@@ -743,7 +743,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
goto clean_return;
}
}
-
+
/* Ending if we don't have anything else. */
if(!nbuf)
@@ -758,7 +758,7 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
free(name);
name = NULL;
}
-
+
/* Getting name already read */
name = _rkcl_get_name(nbuf, ref, &condition);
@@ -779,8 +779,8 @@ int rkcl_get_entry(FILE *fp, char *msg, void *p_list_p)
name = NULL;
}
vars = OSStore_Free(vars);
-
-
+
+
return(1);
}
diff --git a/src/rootcheck/config.c b/src/rootcheck/config.c
index 4142050..9cf9e6c 100755
--- a/src/rootcheck/config.c
+++ b/src/rootcheck/config.c
@@ -34,7 +34,7 @@ int Read_Rootcheck_Config(char * cfgfile)
modules|= CAGENT_CONFIG;
ReadConfig(modules, AGENTCONFIG, &rootcheck, NULL);
#endif
-
+
return(0);
}
diff --git a/src/rootcheck/db/._cis_debian_linux_rcl.txt b/src/rootcheck/db/._cis_debian_linux_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._cis_debian_linux_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._cis_rhel5_linux_rcl.txt b/src/rootcheck/db/._cis_rhel5_linux_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._cis_rhel5_linux_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._cis_rhel_linux_rcl.txt b/src/rootcheck/db/._cis_rhel_linux_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._cis_rhel_linux_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._rootkit_files.txt b/src/rootcheck/db/._rootkit_files.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._rootkit_files.txt and /dev/null differ
diff --git a/src/rootcheck/db/._rootkit_trojans.txt b/src/rootcheck/db/._rootkit_trojans.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._rootkit_trojans.txt and /dev/null differ
diff --git a/src/rootcheck/db/._system_audit_rcl.txt b/src/rootcheck/db/._system_audit_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._system_audit_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._win_applications_rcl.txt b/src/rootcheck/db/._win_applications_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._win_applications_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._win_audit_rcl.txt b/src/rootcheck/db/._win_audit_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._win_audit_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/db/._win_malware_rcl.txt b/src/rootcheck/db/._win_malware_rcl.txt
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/db/._win_malware_rcl.txt and /dev/null differ
diff --git a/src/rootcheck/os_string.c b/src/rootcheck/os_string.c
index a34846d..069f5bd 100755
--- a/src/rootcheck/os_string.c
+++ b/src/rootcheck/os_string.c
@@ -4,7 +4,7 @@
/* Included and modified strings.c from the OpenBSD project.
* Copyright bellow.
*/
-
+
/*
* Copyright (c) 1980, 1987, 1993
* The Regents of the University of California. All rights reserved.
@@ -136,9 +136,9 @@ struct exec
#ifdef AIX
-typedef struct aouthdr EXEC;
+typedef struct aouthdr EXEC;
#else
-typedef struct exec EXEC;
+typedef struct exec EXEC;
#endif
typedef struct _os_strings
@@ -162,25 +162,25 @@ int os_getch(os_strings *oss);
int os_string(char *file, char *regex)
{
int ch, cnt;
-
+
unsigned char *C;
unsigned char *bfr;
-
+
char line[OS_SIZE_1024 +1];
char *buf;
-
+
EXEC *head;
os_strings oss;
-
+
/* Return didn't match */
if(!file || !regex)
{
return(0);
}
-
-
- /* Allocating for the buffer */
+
+
+ /* Allocating for the buffer */
bfr = calloc(STR_MINLEN + 2, sizeof(char *));
if (!bfr)
{
@@ -198,21 +198,21 @@ int os_string(char *file, char *regex)
/* cleaning the line */
memset(line, '\0', OS_SIZE_1024 +1);
-
+
/* starting .. (from old strings.c) */
oss.foff = 0;
oss.head_len = 0;
-
+
oss.read_len = -1;
head = (EXEC *)oss.hbfr;
-
+
if ((oss.head_len = read(fileno(oss.fp), head, sizeof(EXEC))) == -1)
{
oss.head_len = 0;
oss.read_len = -1;
}
- else if (oss.head_len == sizeof(EXEC) && !N_BADMAG(*head))
+ else if (oss.head_len == sizeof(EXEC) && !N_BADMAG(*head))
{
oss.foff = N_TXTOFF(*head);
if (fseek(stdin, oss.foff, SEEK_SET) == -1)
@@ -236,20 +236,20 @@ int os_string(char *file, char *regex)
}
/* Read the file and perform the regex comparison */
- for (cnt = 0; (ch = os_getch(&oss)) != EOF;)
+ for (cnt = 0; (ch = os_getch(&oss)) != EOF;)
{
- if (ISSTR(ch))
+ if (ISSTR(ch))
{
if (!cnt)
C = bfr;
*C++ = ch;
if (++cnt < STR_MINLEN)
continue;
-
+
strncpy(line, (char *)bfr, STR_MINLEN +1);
buf = line;
buf+=strlen(line);
-
+
while ((ch = os_getch(&oss)) != EOF && ISSTR(ch))
{
@@ -294,7 +294,7 @@ int os_string(char *file, char *regex)
int os_getch(os_strings *oss)
{
++oss->foff;
- if (oss->head_len)
+ if (oss->head_len)
{
if (oss->hcnt < oss->head_len)
return((int)oss->hbfr[oss->hcnt++]);
diff --git a/src/rootcheck/rootcheck-config.c b/src/rootcheck/rootcheck-config.c
index 7b1059a..46ad77e 100755
--- a/src/rootcheck/rootcheck-config.c
+++ b/src/rootcheck/rootcheck-config.c
@@ -31,14 +31,14 @@
short eval_bool2(char *str, short default_val)
{
short ret = default_val;
-
+
if (str == NULL)
return(ret);
else if (strcmp(str, "yes") == 0)
ret = 1;
else if (strcmp(str, "no") == 0)
ret = 0;
-
+
free(str);
return(ret);
}
@@ -67,7 +67,7 @@ int Read_Rootcheck_Config(char * cfgfile)
char *(xml_scanall[])={xml_rootcheck, "scanall", NULL};
char *(xml_readall[])={xml_rootcheck, "readall", NULL};
char *(xml_time[])={xml_rootcheck, "frequency", NULL};
-
+
char *(xml_check_dev[])={xml_rootcheck, "check_dev", NULL};
char *(xml_check_files[])={xml_rootcheck, "check_files", NULL};
char *(xml_check_if[])={xml_rootcheck, "check_if", NULL};
@@ -75,22 +75,22 @@ int Read_Rootcheck_Config(char * cfgfile)
char *(xml_check_ports[])={xml_rootcheck, "check_ports", NULL};
char *(xml_check_sys[])={xml_rootcheck, "check_sys", NULL};
char *(xml_check_trojans[])={xml_rootcheck, "check_trojans", NULL};
-
+
#ifdef WIN32
-
+
char *(xml_check_winapps[])={xml_rootcheck, "check_winapps", NULL};
char *(xml_check_winaudit[])={xml_rootcheck, "check_winaudit", NULL};
char *(xml_check_winmalware[])={xml_rootcheck, "check_winmalware", NULL};
-
+
#else
-
+
char *(xml_check_unixaudit[])={xml_rootcheck, "check_unixaudit", NULL};
-
+
#endif
/* :) */
xml_time[2] = NULL;
-
+
if(OS_ReadXML(cfgfile,&xml) < 0)
{
merror("config_op: XML error: %s",xml.err);
@@ -126,8 +126,8 @@ int Read_Rootcheck_Config(char * cfgfile)
str = NULL;
}
#endif
-
-
+
+
/* Scan all flag */
if(!rootcheck.scanall)
{
@@ -140,8 +140,8 @@ int Read_Rootcheck_Config(char * cfgfile)
{
rootcheck.readall = eval_bool2(OS_GetOneContentforElement(&xml,xml_readall), 0);
}
-
-
+
+
/* Notifications type */
str = OS_GetOneContentforElement(&xml,xml_notify);
if(str)
@@ -156,9 +156,9 @@ int Read_Rootcheck_Config(char * cfgfile)
"'syslog' or 'queue' are allowed.",ARGV0);
return(-1);
}
-
+
free(str);
- str = NULL;
+ str = NULL;
}
else
{
@@ -168,15 +168,15 @@ int Read_Rootcheck_Config(char * cfgfile)
/* Getting work directory */
if(!rootcheck.workdir)
- rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir);
-
-
+ rootcheck.workdir = OS_GetOneContentforElement(&xml,xml_workdir);
+
+
rootcheck.rootkit_files = OS_GetOneContentforElement
(&xml,xml_rootkit_files);
rootcheck.rootkit_trojans = OS_GetOneContentforElement
(&xml,xml_rootkit_trojans);
-
- rootcheck.unixaudit = OS_GetContents
+
+ rootcheck.unixaudit = OS_GetContents
(&xml,xml_rootkit_unixaudit);
rootcheck.winaudit = OS_GetOneContentforElement
@@ -187,7 +187,7 @@ int Read_Rootcheck_Config(char * cfgfile)
rootcheck.winmalware = OS_GetOneContentforElement
(&xml,xml_rootkit_winmalware);
-
+
rootcheck.basedir = OS_GetOneContentforElement(&xml, xml_base_dir);
rootcheck.checks.rc_dev = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_dev), 1);
@@ -199,22 +199,22 @@ int Read_Rootcheck_Config(char * cfgfile)
rootcheck.checks.rc_trojans = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_trojans), 1);
#ifdef WIN32
-
+
rootcheck.checks.rc_winapps = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winapps), 1);
rootcheck.checks.rc_winaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winaudit), 1);
rootcheck.checks.rc_winmalware = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_winmalware), 1);
-
+
#else
-
+
rootcheck.checks.rc_unixaudit = eval_bool2(OS_GetOneContentforElement(&xml,xml_check_unixaudit), 1);
-
+
#endif
OS_ClearXML(&xml);
-
+
debug1("%s: DEBUG: Daemon set to '%d'",ARGV0, rootcheck.daemon);
debug1("%s: DEBUG: alert set to '%d'",ARGV0, rootcheck.notify);
-
+
return(0);
}
diff --git a/src/rootcheck/rootcheck.c b/src/rootcheck/rootcheck.c
index 0c78da7..00831b6 100755
--- a/src/rootcheck/rootcheck.c
+++ b/src/rootcheck/rootcheck.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
/*
* Rootcheck v 0.3
* Copyright (C) 2003 Daniel B. Cid <daniel at underlinux.com.br>
@@ -66,15 +66,15 @@ int main(int argc, char **argv)
int rootcheck_init(int test_config)
{
int c;
-
-#endif
-
- #ifdef OSSECHIDS
+
+#endif
+
+ #ifdef OSSECHIDS
char *cfg = DEFAULTCPATH;
#else
char *cfg = "./rootcheck.conf";
#endif
-
+
/* Zeroing the structure, initializing default values */
rootcheck.workdir = NULL;
rootcheck.basedir = NULL;
@@ -101,19 +101,19 @@ int rootcheck_init(int test_config)
rootcheck.checks.rc_ports = 1;
rootcheck.checks.rc_sys = 1;
rootcheck.checks.rc_trojans = 1;
-
+
#ifdef WIN32
-
+
rootcheck.checks.rc_winaudit = 1;
rootcheck.checks.rc_winmalware = 1;
rootcheck.checks.rc_winapps = 1;
-
+
#else
-
+
rootcheck.checks.rc_unixaudit = 1;
-
+
#endif
-
+
/* We store up to 255 alerts in there. */
os_calloc(256, sizeof(char *), rootcheck.alert_msg);
c = 0;
@@ -122,7 +122,7 @@ int rootcheck_init(int test_config)
rootcheck.alert_msg[c] = NULL;
c++;
}
-
+
#ifndef OSSECHIDS
rootcheck.notify = SYSLOG;
@@ -155,18 +155,18 @@ int rootcheck_init(int test_config)
break;
case 't':
test_config = 1;
- break;
+ break;
case 'r':
rootcheck.readall = 1;
- break;
+ break;
default:
rootcheck_help();
- break;
+ break;
}
}
-
+
#ifdef WIN32
/* Starting Winsock */
{
@@ -177,10 +177,10 @@ int rootcheck_init(int test_config)
}
}
#endif
-
-
+
+
#endif /* OSSECHIDS */
-
+
/* Staring message */
debug1(STARTED_MSG,ARGV0);
@@ -212,8 +212,8 @@ int rootcheck_init(int test_config)
verbose("%s: Rootcheck disabled. Exiting.", ARGV0);
return(1);
}
-
-
+
+
/* Checking if Unix audit file is configured. */
if(!rootcheck.unixaudit)
{
@@ -221,32 +221,32 @@ int rootcheck_init(int test_config)
log2file("%s: System audit file not configured.", ARGV0);
#endif
}
-
-
+
+
/* Setting default values */
if(rootcheck.workdir == NULL)
rootcheck.workdir = DEFAULTDIR;
#ifdef OSSECHIDS
-
+
/* Start up message */
#ifdef WIN32
verbose(STARTUP_MSG, "ossec-rootcheck", getpid());
#else
-
+
/* Connect to the queue if configured to do so */
if(rootcheck.notify == QUEUE)
{
debug1("%s: Starting queue ...",ARGV0);
-
+
/* Starting the queue. */
if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ {
merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH, strerror(errno));
-
+
/* 5 seconds to see if the agent starts */
sleep(5);
if((rootcheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
@@ -261,7 +261,7 @@ int rootcheck_init(int test_config)
}
#endif /* Not win32 */
-
+
#endif /* ossec hids */
@@ -277,7 +277,7 @@ int rootcheck_init(int test_config)
#ifndef OSSECHIDS
-
+
#ifndef WIN32
/* Start the signal handling */
StartSIG(ARGV0);
@@ -285,17 +285,17 @@ int rootcheck_init(int test_config)
#else
return(0);
-
+
#endif
-
+
debug1("%s: DEBUG: Running run_rk_check",ARGV0);
- run_rk_check();
+ run_rk_check();
-
- debug1("%s: DEBUG: Leaving...",ARGV0);
- return(0);
+ debug1("%s: DEBUG: Leaving...",ARGV0);
+
+ return(0);
}
/* EOF */
diff --git a/src/rootcheck/rootcheck.h b/src/rootcheck/rootcheck.h
index 04494a4..ca9b279 100755
--- a/src/rootcheck/rootcheck.h
+++ b/src/rootcheck/rootcheck.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __ROOTCHECK_H
#define __ROOTCHECK_H
@@ -29,7 +29,7 @@ rkconfig rootcheck;
/* rk_types */
#define ALERT_OK 0
-#define ALERT_SYSTEM_ERROR 1
+#define ALERT_SYSTEM_ERROR 1
#define ALERT_SYSTEM_CRIT 2
#define ALERT_ROOTKIT_FOUND 3
#define ALERT_POLICY_VIOLATION 4
@@ -52,11 +52,11 @@ int rk_check_file(char *file, char *pattern);
/* int rk_check_dir(char *dir, char *file, char *pattern) */
int rk_check_dir(char *dir, char *file, char *pattern);
-
+
/* pt_matches: Checks if pattern is present on string */
int pt_matches(char *str, char *pattern);
-/* pt_check_negate: checks if the patterns is made up
+/* pt_check_negate: checks if the patterns is made up
* completely of negate matches */
int pt_check_negate(char *pattern);
@@ -68,37 +68,37 @@ int is_registry(char *entry_name, char *reg_option, char *reg_value);
/* int rkcl_get_entry: Reads cl configuration file. */
int rkcl_get_entry(FILE *fp, char *msg, void *p_list);
-
+
/** char *normalize_string
* Normalizes a string, removing white spaces and tabs
* from the begining and the end of it.
*/
char *normalize_string(char *str);
-
+
/* Check if regex is present on the file.
* Similar to `strings file | grep -r regex`
- */
+ */
int os_string(char *file, char *regex);
/* check for NTFS ADS (Windows only)
*/
int os_check_ads(char *full_path);
-/* os_get_process_list: Get list of processes
+/* os_get_process_list: Get list of processes
*/
void *os_get_process_list();
/* is_process: Check is a process is running.
*/
int is_process(char *value, void *p_list);
-
+
/* del_plist:. Deletes the process list
*/
int del_plist(void *p_list);
-
+
/* Used to report messages */
int notify_rk(int rk_type, char *msg);
@@ -139,7 +139,7 @@ void check_rc_sys(char *basedir);
void check_rc_pids();
/* Verifies if "pid" is in the proc directory */
-int check_rc_readproc(int pid);
+int check_rc_readproc(int pid);
void check_rc_ports();
diff --git a/src/rootcheck/run_rk_check.c b/src/rootcheck/run_rk_check.c
index f915f09..0e2c805 100755
--- a/src/rootcheck/run_rk_check.c
+++ b/src/rootcheck/run_rk_check.c
@@ -10,7 +10,7 @@
* Foundation
*/
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -28,7 +28,7 @@ int notify_rk(int rk_type, char *msg)
else if(rk_type == ALERT_SYSTEM_ERROR)
printf("[ERR]: %s\n", msg);
else if(rk_type == ALERT_POLICY_VIOLATION)
- printf("[INFO]: %s\n", msg);
+ printf("[INFO]: %s\n", msg);
else
{
printf("[FAILED]: %s\n", msg);
@@ -37,12 +37,12 @@ int notify_rk(int rk_type, char *msg)
printf("\n");
return(0);
}
-
+
/* No need to alert on that to the server */
if(rk_type <= ALERT_SYSTEM_ERROR)
return(0);
- #ifdef OSSECHIDS
+ #ifdef OSSECHIDS
if(SendMSG(rootcheck.queue, msg, ROOTCHECK, ROOTCHECK_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
@@ -59,17 +59,17 @@ int notify_rk(int rk_type, char *msg)
}
#endif
- return(0);
+ return(0);
}
-
+
/* start_rk_daemon
* Start the rootkit daemon variables
*/
void start_rk_daemon()
{
return;
-
+
if(rootcheck.notify == QUEUE)
{
}
@@ -86,9 +86,9 @@ void run_rk_check()
FILE *fp;
OSList *plist;
-
+
#ifndef WIN32
- /* Hard coding basedir */
+ /* Hard coding basedir */
int i;
char basedir[] = "/";
@@ -102,22 +102,22 @@ void run_rk_check()
}
}
#else
-
+
/* Basedir for Windows */
char basedir[] = "C:\\";
-
+
#endif
-
-
+
+
/* Setting basedir */
if(rootcheck.basedir == NULL)
{
rootcheck.basedir = basedir;
}
-
+
time1 = time(0);
-
+
/*** Initial message ***/
if(rootcheck.notify != QUEUE)
{
@@ -128,15 +128,15 @@ void run_rk_check()
printf("Be patient, it may take a few minutes to complete...\n");
printf("\n");
}
-
-
+
+
/* Cleaning the global variables */
rk_sys_count = 0;
rk_sys_file[rk_sys_count] = NULL;
rk_sys_name[rk_sys_count] = NULL;
-
-
+
+
/* Sending scan start message */
notify_rk(ALERT_POLICY_VIOLATION, "Starting rootcheck scan.");
if(rootcheck.notify == QUEUE)
@@ -162,7 +162,7 @@ void run_rk_check()
fp = fopen(rootcheck.rootkit_files, "r");
if(!fp)
{
- merror("%s: No rootcheck_files file: '%s'",ARGV0,
+ merror("%s: No rootcheck_files file: '%s'",ARGV0,
rootcheck.rootkit_files);
}
@@ -175,8 +175,8 @@ void run_rk_check()
}
}
-
-
+
+
/*** Second check. look for trojan entries in common binaries ***/
if (rootcheck.checks.rc_trojans)
{
@@ -186,7 +186,7 @@ void run_rk_check()
merror("%s: No rootcheck_trojans file configured.", ARGV0);
#endif
}
-
+
else
{
fp = fopen(rootcheck.rootkit_trojans, "r");
@@ -210,7 +210,7 @@ void run_rk_check()
#ifdef WIN32
-
+
/*** Getting process list ***/
plist = os_get_process_list();
@@ -260,7 +260,7 @@ void run_rk_check()
}
}
}
-
+
/* Windows Apps */
if (rootcheck.checks.rc_winapps)
{
@@ -283,7 +283,7 @@ void run_rk_check()
}
}
}
-
+
/* Freeing process list */
del_plist((void *)plist);
@@ -292,13 +292,13 @@ void run_rk_check()
/** Checks for other non Windows. **/
#else
-
+
/*** Unix audit check ***/
if (rootcheck.checks.rc_unixaudit)
{
- if(rootcheck.unixaudit)
+ if(rootcheck.unixaudit)
{
/* Getting process list. */
plist = os_get_process_list();
@@ -330,53 +330,53 @@ void run_rk_check()
}
}
-
+
#endif
-
-
+
+
/*** Third check, looking for files on the /dev ***/
if (rootcheck.checks.rc_dev)
{
debug1("%s: DEBUG: Going into check_rc_dev", ARGV0);
check_rc_dev(rootcheck.basedir);
}
-
+
/*** Fourth check, scan the whole system looking for additional issues */
if (rootcheck.checks.rc_sys)
{
debug1("%s: DEBUG: Going into check_rc_sys", ARGV0);
check_rc_sys(rootcheck.basedir);
}
-
+
/*** Process checking ***/
if (rootcheck.checks.rc_pids)
{
- debug1("%s: DEBUG: Going into check_rc_pids", ARGV0);
+ debug1("%s: DEBUG: Going into check_rc_pids", ARGV0);
check_rc_pids();
}
/*** Check all the ports ***/
if (rootcheck.checks.rc_ports)
{
- debug1("%s: DEBUG: Going into check_rc_ports", ARGV0);
- check_rc_ports();
+ debug1("%s: DEBUG: Going into check_rc_ports", ARGV0);
+ check_rc_ports();
/*** Check open ports ***/
- debug1("%s: DEBUG: Going into check_open_ports", ARGV0);
+ debug1("%s: DEBUG: Going into check_open_ports", ARGV0);
check_open_ports();
}
-
+
/*** Check interfaces ***/
if (rootcheck.checks.rc_if)
{
- debug1("%s: DEBUG: Going into check_rc_if", ARGV0);
+ debug1("%s: DEBUG: Going into check_rc_if", ARGV0);
check_rc_if();
}
-
-
- debug1("%s: DEBUG: Completed with all checks.", ARGV0);
-
-
+
+
+ debug1("%s: DEBUG: Completed with all checks.", ARGV0);
+
+
/* Cleaning the global memory */
{
int li;
@@ -384,7 +384,7 @@ void run_rk_check()
{
if(!rk_sys_file[li] ||
!rk_sys_name[li])
- break;
+ break;
free(rk_sys_file[li]);
free(rk_sys_name[li]);
@@ -393,7 +393,7 @@ void run_rk_check()
/*** Final message ***/
time2 = time(0);
-
+
if(rootcheck.notify != QUEUE)
{
printf("\n");
@@ -411,9 +411,9 @@ void run_rk_check()
{
merror("%s: INFO: Ending rootcheck scan.", ARGV0);
}
-
-
- debug1("%s: DEBUG: Leaving run_rk_check",ARGV0);
+
+
+ debug1("%s: DEBUG: Leaving run_rk_check",ARGV0);
return;
}
diff --git a/src/rootcheck/unix-process.c b/src/rootcheck/unix-process.c
index 7c098ca..3b873d3 100755
--- a/src/rootcheck/unix-process.c
+++ b/src/rootcheck/unix-process.c
@@ -9,11 +9,11 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/main/license/ .
*/
-
+
#include "shared.h"
#include "rootcheck.h"
@@ -25,13 +25,13 @@ char *_os_get_runps(char *ps, int mpid)
char buf[OS_SIZE_2048 +1];
char command[OS_SIZE_1024 +1];
FILE *fp;
-
-
+
+
buf[0] = '\0';
command[0] = '\0';
- command[OS_SIZE_1024] = '\0';
-
-
+ command[OS_SIZE_1024] = '\0';
+
+
snprintf(command, OS_SIZE_1024, "%s -p %d 2> /dev/null", ps, mpid);
fp = popen(command, "r");
@@ -59,9 +59,9 @@ char *_os_get_runps(char *ps, int mpid)
while(*tmp_str == ' ')
tmp_str++;
-
+
nbuf = tmp_str;
-
+
tmp_str = strchr(nbuf, '\n');
if(tmp_str)
@@ -87,7 +87,7 @@ void *os_get_process_list()
int i = 1;
pid_t max_pid = MAX_PID;
OSList *p_list = NULL;
-
+
char ps[OS_SIZE_1024 +1];
@@ -110,7 +110,7 @@ void *os_get_process_list()
if(!p_list)
{
merror(LIST_ERROR, ARGV0);
- return(NULL);
+ return(NULL);
}
@@ -136,11 +136,11 @@ void *os_get_process_list()
OSList_AddData(p_list, p_info);
}
}
-
+
return((void *)p_list);
}
-
-
+
+
#endif
/* EOF */
diff --git a/src/rootcheck/util/._ads_dump.c b/src/rootcheck/util/._ads_dump.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/rootcheck/util/._ads_dump.c and /dev/null differ
diff --git a/src/rootcheck/util/ads_dump.c b/src/rootcheck/util/ads_dump.c
index c7996a0..68316bd 100644
--- a/src/rootcheck/util/ads_dump.c
+++ b/src/rootcheck/util/ads_dump.c
@@ -9,11 +9,11 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
-#include <dirent.h>
+#include <dirent.h>
#include <windows.h>
@@ -29,18 +29,18 @@ int ads_found = 0;
/* Print out streams of a file */
int os_get_streams(char *full_path)
{
- HANDLE file_h;
+ HANDLE file_h;
WIN32_STREAM_ID sid;
void *context = NULL;
- char stream_name[MAX_PATH +1];
- char final_name[MAX_PATH +1];
+ char stream_name[MAX_PATH +1];
+ char final_name[MAX_PATH +1];
DWORD dwRead, shs, dw1, dw2;
/* Opening file */
- file_h = CreateFile(full_path,
+ file_h = CreateFile(full_path,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
@@ -48,8 +48,8 @@ int os_get_streams(char *full_path)
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_POSIX_SEMANTICS,
NULL);
- if (file_h == INVALID_HANDLE_VALUE)
- {
+ if (file_h == INVALID_HANDLE_VALUE)
+ {
return 0;
}
@@ -63,7 +63,7 @@ int os_get_streams(char *full_path)
while(1)
{
- if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
+ if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
FALSE, FALSE, &context) == 0)
{
break;
@@ -75,14 +75,14 @@ int os_get_streams(char *full_path)
stream_name[0] = '\0';
stream_name[MAX_PATH] = '\0';
- if(BackupRead(file_h, (LPBYTE)stream_name,
- sid.dwStreamNameSize,
+ if(BackupRead(file_h, (LPBYTE)stream_name,
+ sid.dwStreamNameSize,
&dwRead, FALSE, FALSE, &context))
{
if(dwRead != 0)
{
char *tmp_pt;
- snprintf(final_name, MAX_PATH, "%s%S", full_path,
+ snprintf(final_name, MAX_PATH, "%s%S", full_path,
(WCHAR *)stream_name);
tmp_pt = strrchr(final_name, ':');
if(tmp_pt)
@@ -95,7 +95,7 @@ int os_get_streams(char *full_path)
}
/* Getting next */
- if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
+ if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
&dw1, &dw2, &context))
{
break;
@@ -115,7 +115,7 @@ int read_sys_file(char *file_name)
/* Getting streams */
os_get_streams(file_name);
-
+
if(stat(file_name, &statbuf) < 0)
{
return(0);
@@ -171,7 +171,7 @@ int read_sys_dir(char *dir_name)
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
{
continue;
}
diff --git a/src/rootcheck/win-common.c b/src/rootcheck/win-common.c
index 9b1a5cb..10a4545 100644
--- a/src/rootcheck/win-common.c
+++ b/src/rootcheck/win-common.c
@@ -9,19 +9,19 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
-
+
+
#include "shared.h"
#include "rootcheck.h"
-#ifdef WIN32
+#ifdef WIN32
/** Registry checking values **/
/* Global variables */
HKEY rk_sub_tree;
-
+
/* Default values */
#define MAX_KEY_LENGTH 255
#define MAX_KEY 2048
@@ -34,18 +34,18 @@ HKEY rk_sub_tree;
*/
int os_check_ads(char *full_path)
{
- HANDLE file_h;
+ HANDLE file_h;
WIN32_STREAM_ID sid;
void *context = NULL;
- char stream_name[MAX_PATH +1];
- char final_name[MAX_PATH +1];
+ char stream_name[MAX_PATH +1];
+ char final_name[MAX_PATH +1];
DWORD dwRead, shs, dw1, dw2;
/* Opening file */
- file_h = CreateFile(full_path,
+ file_h = CreateFile(full_path,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
@@ -53,8 +53,8 @@ int os_check_ads(char *full_path)
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_POSIX_SEMANTICS,
NULL);
- if (file_h == INVALID_HANDLE_VALUE)
- {
+ if (file_h == INVALID_HANDLE_VALUE)
+ {
return 0;
}
@@ -68,7 +68,7 @@ int os_check_ads(char *full_path)
while(1)
{
- if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
+ if(BackupRead(file_h, (LPBYTE) &sid, shs, &dwRead,
FALSE, FALSE, &context) == 0)
{
break;
@@ -80,8 +80,8 @@ int os_check_ads(char *full_path)
stream_name[0] = '\0';
stream_name[MAX_PATH] = '\0';
- if(BackupRead(file_h, (LPBYTE)stream_name,
- sid.dwStreamNameSize,
+ if(BackupRead(file_h, (LPBYTE)stream_name,
+ sid.dwStreamNameSize,
&dwRead, FALSE, FALSE, &context))
{
if(dwRead != 0)
@@ -91,9 +91,9 @@ int os_check_ads(char *full_path)
char op_msg[OS_SIZE_1024 +1];
snprintf(final_name, MAX_PATH, "%s", full_path);
-
+
max_path_size = strlen(final_name);
-
+
/* Copying from wide char to char. */
while((i < dwRead) && (max_path_size < MAX_PATH))
@@ -123,7 +123,7 @@ int os_check_ads(char *full_path)
}
/* Getting next */
- if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
+ if(!BackupSeek(file_h, sid.Size.LowPart, sid.Size.HighPart,
&dw1, &dw2, &context))
{
break;
@@ -154,7 +154,7 @@ char *__os_winreg_getkey(char *reg_entry)
/* Setting sub tree */
if((strcmp(reg_entry, "HKEY_LOCAL_MACHINE") == 0) ||
- (strcmp(reg_entry, "HKLM") == 0))
+ (strcmp(reg_entry, "HKLM") == 0))
{
rk_sub_tree = HKEY_LOCAL_MACHINE;
}
@@ -179,7 +179,7 @@ char *__os_winreg_getkey(char *reg_entry)
{
/* Setting sub tree to null */
rk_sub_tree = NULL;
-
+
/* Returning tmp_str to the previous value */
if(tmp_str && (*tmp_str == '\0'))
*tmp_str = '\\';
@@ -264,7 +264,7 @@ int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
var_storage[MAX_VALUE_NAME] = '\0';
-
+
/* Getting each value */
for(i=0;i<value_count;i++)
@@ -306,22 +306,22 @@ int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
*/
if(!reg_value)
{
- return(1);
+ return(1);
}
-
+
/* Writing value into a string */
switch(data_type)
{
int size_available;
-
+
case REG_SZ:
case REG_EXPAND_SZ:
snprintf(var_storage, MAX_VALUE_NAME, "%s", data_buffer);
break;
case REG_MULTI_SZ:
-
+
/* Printing multiple strings */
size_available = MAX_VALUE_NAME -3;
mt_data = data_buffer;
@@ -332,15 +332,15 @@ int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
{
strncat(var_storage, mt_data, size_available);
strncat(var_storage, " ", 2);
- size_available = MAX_VALUE_NAME -
+ size_available = MAX_VALUE_NAME -
(strlen(var_storage) +2);
}
mt_data += strlen(mt_data) +1;
}
-
+
break;
case REG_DWORD:
- snprintf(var_storage, MAX_VALUE_NAME,
+ snprintf(var_storage, MAX_VALUE_NAME,
"%x",(unsigned int)*data_buffer);
break;
default:
@@ -375,19 +375,19 @@ int __os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name,
return(0);
}
-
+
/* int __os_winreg_open_key(char *subkey)
* Open the registry key
*/
-int __os_winreg_open_key(char *subkey, char *full_key_name,
+int __os_winreg_open_key(char *subkey, char *full_key_name,
char *reg_option, char *reg_value)
{
int ret = 1;
HKEY oshkey;
-
+
if(RegOpenKeyEx(rk_sub_tree, subkey, 0, KEY_READ,&oshkey) != ERROR_SUCCESS)
{
return(0);
@@ -400,8 +400,8 @@ int __os_winreg_open_key(char *subkey, char *full_key_name,
ret = __os_winreg_querykey(oshkey, subkey, full_key_name,
reg_option, reg_value);
}
-
-
+
+
RegCloseKey(oshkey);
return(ret);
}
@@ -414,7 +414,7 @@ int is_registry(char *entry_name, char *reg_option, char *reg_value)
{
char *rk;
-
+
rk = __os_winreg_getkey(entry_name);
if(rk_sub_tree == NULL || rk == NULL)
{
diff --git a/src/rootcheck/win-process.c b/src/rootcheck/win-process.c
index 1d073c9..5b3908f 100644
--- a/src/rootcheck/win-process.c
+++ b/src/rootcheck/win-process.c
@@ -29,7 +29,7 @@ int os_win32_setdebugpriv(HANDLE h, int en)
LUID luid;
DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
- if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
+ if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
return(0);
}
@@ -51,11 +51,11 @@ int os_win32_setdebugpriv(HANDLE h, int en)
/* If en is set to true, we enable the privilege */
- if(en)
+ if(en)
{
tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
}
- else
+ else
{
tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
tpPrevious.Privileges[0].Attributes);
@@ -76,7 +76,7 @@ int os_win32_setdebugpriv(HANDLE h, int en)
void *os_get_process_list()
{
OSList *p_list = NULL;
-
+
HANDLE hsnap;
HANDLE hpriv;
PROCESSENTRY32 p_entry;
@@ -84,7 +84,7 @@ void *os_get_process_list()
/* Getting token for enable debug priv */
- if(!OpenThreadToken(GetCurrentThread(),
+ if(!OpenThreadToken(GetCurrentThread(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, FALSE, &hpriv))
{
if(GetLastError() == ERROR_NO_TOKEN)
@@ -97,7 +97,7 @@ void *os_get_process_list()
}
if(!OpenThreadToken(GetCurrentThread(),
- TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
+ TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
FALSE, &hpriv))
{
merror("%s: ERROR: os_get_win32_process_list -> "
@@ -111,7 +111,7 @@ void *os_get_process_list()
return(NULL);
}
}
-
+
/* Enabling debug privilege */
if(!os_win32_setdebugpriv(hpriv, 1))
@@ -149,7 +149,7 @@ void *os_get_process_list()
merror(LIST_ERROR, ARGV0);
return(0);
}
-
+
/* Getting each process name and path */
while(Process32Next( hsnap, &p_entry))
@@ -160,15 +160,15 @@ void *os_get_process_list()
/* Setting process name */
os_strdup(p_entry.szExeFile, p_name);
-
-
+
+
/* Getting additional information from modules */
HANDLE hmod = INVALID_HANDLE_VALUE;
MODULEENTRY32 m_entry;
m_entry.dwSize = sizeof(MODULEENTRY32);
-
+
/* Snapshot of the process */
- hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
+ hmod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
p_entry.th32ProcessID);
if(hmod == INVALID_HANDLE_VALUE)
{
diff --git a/src/shared/._Makefile b/src/shared/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._Makefile and /dev/null differ
diff --git a/src/shared/._agent_op.c b/src/shared/._agent_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._agent_op.c and /dev/null differ
diff --git a/src/shared/._debug_op.c b/src/shared/._debug_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._debug_op.c and /dev/null differ
diff --git a/src/shared/._dirtree_op.c b/src/shared/._dirtree_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._dirtree_op.c and /dev/null differ
diff --git a/src/shared/._file-queue.c b/src/shared/._file-queue.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._file-queue.c and /dev/null differ
diff --git a/src/shared/._file_op.c b/src/shared/._file_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._file_op.c and /dev/null differ
diff --git a/src/shared/._hash_op.c b/src/shared/._hash_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._hash_op.c and /dev/null differ
diff --git a/src/shared/._help.c b/src/shared/._help.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._help.c and /dev/null differ
diff --git a/src/shared/._list_op.c b/src/shared/._list_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._list_op.c and /dev/null differ
diff --git a/src/shared/._math_op.c b/src/shared/._math_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._math_op.c and /dev/null differ
diff --git a/src/shared/._mem_op.c b/src/shared/._mem_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._mem_op.c and /dev/null differ
diff --git a/src/shared/._mq_op.c b/src/shared/._mq_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._mq_op.c and /dev/null differ
diff --git a/src/shared/._privsep_op.c b/src/shared/._privsep_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._privsep_op.c and /dev/null differ
diff --git a/src/shared/._pthreads_op.c b/src/shared/._pthreads_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._pthreads_op.c and /dev/null differ
diff --git a/src/shared/._read-agents.c b/src/shared/._read-agents.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._read-agents.c and /dev/null differ
diff --git a/src/shared/._read-alert.c b/src/shared/._read-alert.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._read-alert.c and /dev/null differ
diff --git a/src/shared/._regex_op.c b/src/shared/._regex_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._regex_op.c and /dev/null differ
diff --git a/src/shared/._report_op.c b/src/shared/._report_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._report_op.c and /dev/null differ
diff --git a/src/shared/._rules_op.c b/src/shared/._rules_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._rules_op.c and /dev/null differ
diff --git a/src/shared/._sig_op.c b/src/shared/._sig_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._sig_op.c and /dev/null differ
diff --git a/src/shared/._store_op.c b/src/shared/._store_op.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/shared/._store_op.c and /dev/null differ
diff --git a/src/shared/._string_op.c b/src/shared/._string_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._string_op.c and /dev/null differ
diff --git a/src/shared/._validate_op.c b/src/shared/._validate_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._validate_op.c and /dev/null differ
diff --git a/src/shared/._wait_op.c b/src/shared/._wait_op.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/._wait_op.c and /dev/null differ
diff --git a/src/shared/agent_op.c b/src/shared/agent_op.c
index 00af15c..229043b 100755
--- a/src/shared/agent_op.c
+++ b/src/shared/agent_op.c
@@ -18,7 +18,7 @@
/** Checks if syscheck is to be executed/restarted.
* Returns 1 on success or 0 on failure (shouldn't be executed now).
*/
-int os_check_restart_syscheck()
+int os_check_restart_syscheck()
{
struct stat restart_status;
@@ -29,19 +29,19 @@ int os_check_restart_syscheck()
{
if(stat(SYSCHECK_RESTART, &restart_status) == -1)
return(0);
-
- unlink(SYSCHECK_RESTART);
+
+ unlink(SYSCHECK_RESTART);
}
else
{
if(stat(SYSCHECK_RESTART_PATH, &restart_status) == -1)
return(0);
-
- unlink(SYSCHECK_RESTART_PATH);
+
+ unlink(SYSCHECK_RESTART_PATH);
}
-
- return(1);
+
+ return(1);
}
@@ -84,8 +84,8 @@ char* os_read_agent_name()
fp = fopen(AGENT_INFO_FILE, "r");
else
fp = fopen(AGENT_INFO_FILEP, "r");
-
- /* We give 1 second for the file to be created... */
+
+ /* We give 1 second for the file to be created... */
if(!fp)
{
sleep(1);
@@ -93,9 +93,9 @@ char* os_read_agent_name()
if(isChroot())
fp = fopen(AGENT_INFO_FILE, "r");
else
- fp = fopen(AGENT_INFO_FILEP, "r");
+ fp = fopen(AGENT_INFO_FILEP, "r");
}
-
+
if(!fp)
{
debug1(FOPEN_ERROR, __local_name, AGENT_INFO_FILE);
@@ -111,7 +111,7 @@ char* os_read_agent_name()
char *ret = NULL;
os_strdup(buf, ret);
fclose(fp);
-
+
debug2("%s: os_read_agent_name returned (%s).", __local_name, ret);
return(ret);
@@ -203,12 +203,12 @@ char *os_read_agent_id()
* Returns NULL on error.
*
* Description:
- * Comma separated list of strings that used to identify what type
+ * Comma separated list of strings that used to identify what type
* of configuration is used for this agent.
* The profile name is set in the agent's etc/ossec.conf file
* It is matched with the ossec manager's agent.conf file to read
* configuration only applicable to this profile name.
- *
+ *
*/
char* os_read_agent_profile()
{
@@ -233,7 +233,7 @@ char* os_read_agent_profile()
/* Getting profile */
- if(fgets(buf, 1024, fp) && fgets(buf, 1024, fp) &&
+ if(fgets(buf, 1024, fp) && fgets(buf, 1024, fp) &&
fgets(buf, 1024, fp) && fgets(buf, 1024, fp))
{
char *ret = NULL;
@@ -260,7 +260,7 @@ char* os_read_agent_profile()
* Returns 1 on success or <= 0 on failure.
*/
/* cmoraes: changed function. added cfg_profile_name parameter */
-int os_write_agent_info(char *agent_name, char *agent_ip,
+int os_write_agent_info(char *agent_name, char *agent_ip,
char *agent_id, char *cfg_profile_name)
{
FILE *fp;
diff --git a/src/shared/custom_output_search_replace.c b/src/shared/custom_output_search_replace.c
new file mode 100644
index 0000000..5fd6319
--- /dev/null
+++ b/src/shared/custom_output_search_replace.c
@@ -0,0 +1,201 @@
+#include "shared.h"
+char * searchAndReplace2(char* orig, char* search, char*value)
+{
+ char *p;
+ size_t total_len = strlen(orig);
+ size_t token_len = strlen(search);
+ size_t value_len = strlen(value);
+
+ int inx_start = 0;
+ char * tmp = NULL;
+ int tmp_offset = 0;
+ int total_bytes_allocated = 0;
+ int from = 0;
+ p = strstr(orig, search);
+ if(p==NULL)
+ {
+ os_strdup(orig,tmp);
+
+ return tmp;
+ }
+ if (value==NULL)
+ {
+ value="";
+ }
+ inx_start = p - orig;
+
+ while (p != NULL)
+ {
+ if (inx_start > 0)
+ {
+ if (tmp == NULL)
+ {
+ int len_to_add = (inx_start);
+
+ tmp = (char*) malloc(sizeof(char) * len_to_add);
+ total_bytes_allocated += len_to_add;
+
+ strncpy(tmp, orig + tmp_offset, inx_start);
+ tmp_offset = inx_start;
+ }
+
+ total_bytes_allocated += value_len;
+ tmp = (char*) realloc(tmp, total_bytes_allocated);
+
+ strncpy(tmp + tmp_offset, value, value_len);
+ tmp_offset += value_len;
+
+
+ p = strstr(orig + inx_start + token_len, search);
+
+ if(p!=NULL)
+ {
+ inx_start = p - orig;
+ from = inx_start + token_len;
+ if (inx_start - tmp_offset > 0)
+ {
+ total_bytes_allocated += inx_start - from;
+ tmp = (char*) realloc(tmp, total_bytes_allocated);
+ strncpy(tmp + tmp_offset, orig + from, inx_start - from);
+ tmp_offset += inx_start - from;
+ }
+ }//No more coincidences.
+ else
+ {
+ from = inx_start + token_len;
+ }
+ }
+
+ }
+ if ((from < total_len) && from>0)
+ {
+ total_bytes_allocated += total_len - from;//((from - (int)token_len) + (int)value_len);
+ tmp = (char*) realloc(tmp, total_bytes_allocated+1);
+ strncpy(tmp + tmp_offset, orig + from, total_len - from);
+ }
+ tmp[total_bytes_allocated]='\0';
+
+ return tmp;
+}
+#include "shared.h"
+char * searchAndReplace(char* orig, char* search, char*value)
+{
+ char *p;
+ size_t total_len = strlen(orig);
+ size_t token_len = strlen(search);
+ size_t value_len = strlen(value);
+
+ int inx_start = 0;
+ char * tmp = NULL;
+ int tmp_offset = 0;
+ int total_bytes_allocated = 0;
+ int from = 0;
+ p = strstr(orig, search);
+ if(p==NULL)
+ {
+ os_strdup(orig,tmp);
+
+ return tmp;
+ }
+ if (value==NULL)
+ {
+ value="";
+ }
+ inx_start = p - orig;
+
+ while (p != NULL)
+ {
+ if (inx_start > 0)
+ {
+ if (tmp == NULL)
+ {
+ int len_to_add = (inx_start);
+
+ tmp = (char*) malloc(sizeof(char) * len_to_add);
+ total_bytes_allocated += len_to_add;
+
+ strncpy(tmp, orig + tmp_offset, inx_start);
+ tmp_offset = inx_start;
+ }
+
+ total_bytes_allocated += value_len;
+ tmp = (char*) realloc(tmp, total_bytes_allocated);
+
+ strncpy(tmp + tmp_offset, value, value_len);
+ tmp_offset += value_len;
+
+
+ p = strstr(orig + inx_start + token_len, search);
+
+ if(p!=NULL)
+ {
+ inx_start = p - orig;
+ from = inx_start + token_len;
+ if (inx_start - tmp_offset > 0)
+ {
+ total_bytes_allocated += inx_start - from;
+ tmp = (char*) realloc(tmp, total_bytes_allocated);
+ strncpy(tmp + tmp_offset, orig + from, inx_start - from);
+ tmp_offset += inx_start - from;
+ }
+ }//No more coincidences.
+ else
+ {
+ from = inx_start + token_len;
+ }
+ }
+
+ }
+ if ((from < total_len) && from>0)
+ {
+ total_bytes_allocated += total_len - from;//((from - (int)token_len) + (int)value_len);
+ tmp = (char*) realloc(tmp, total_bytes_allocated+1);
+ strncpy(tmp + tmp_offset, orig + from, total_len - from);
+ }
+ tmp[total_bytes_allocated]='\0';
+
+ return tmp;
+}
+
+//escape newlines characters. Returns a new allocated string.
+char* escape_newlines(char *orig)
+{
+ const char *ptr;
+ char *ret, *retptr;
+ int size;
+
+ ptr = orig;
+ size = 1;
+ while (*ptr)
+ {
+ if ((*ptr == '\n') ||(*ptr == '\r'))
+ size += 2;
+ else
+ size += 1;
+ ptr++;
+ }
+
+ ret = malloc (size);
+ ptr = orig;
+ retptr = ret;
+ while (*ptr) {
+ if (*ptr == '\n') {
+ *retptr = '\\';
+ *(retptr+1) = 'n';
+ retptr += 2;
+ }
+ else if (*ptr == '\r') {
+ *retptr = '\\';
+ *(retptr+1) = 'n';
+ retptr += 2;
+ }
+ else {
+ *retptr = *ptr;
+ retptr ++;
+ }
+ ptr++;
+ }
+ *retptr = '\0';
+
+ return ret;
+}
diff --git a/src/shared/debug_op.c b/src/shared/debug_op.c
index 8b492c8..6be1f8c 100755
--- a/src/shared/debug_op.c
+++ b/src/shared/debug_op.c
@@ -42,13 +42,13 @@ void _log(const char * msg,va_list args)
va_list args2;
FILE *fp;
-
+
tm = time(NULL);
p = localtime(&tm);
/* Duplicating args */
va_copy(args2, args);
-
+
/* If under chroot, log directly to /logs/ossec.log */
if(chroot_flag == 1)
@@ -70,7 +70,7 @@ void _log(const char * msg,va_list args)
if(fp)
{
(void)fprintf(fp,"%d/%02d/%02d %02d:%02d:%02d ",
- p->tm_year+1900,p->tm_mon+1,
+ p->tm_year+1900,p->tm_mon+1,
p->tm_mday,p->tm_hour,p->tm_min,p->tm_sec);
(void)vfprintf(fp, msg, args);
#ifdef WIN32
@@ -157,15 +157,15 @@ void log2file(const char * msg,... )
_log(msg, args);
daemon_flag = dbg_tmp;
-
+
va_end(args);
}
void ErrorExit(const char *msg, ...)
{
va_list args;
-
- #ifdef WIN32
+
+ #ifdef WIN32
/* If not MA */
#ifndef MA
WinSetError();
@@ -198,13 +198,13 @@ void print_out(const char *msg, ...)
/* Print to stderr */
(void)vfprintf(stderr, msg, args);
-
+
#ifdef WIN32
(void)fprintf(stderr, "\r\n");
#else
(void)fprintf(stderr, "\n");
#endif
-
+
va_end(args);
}
diff --git a/src/shared/dirtree_op.c b/src/shared/dirtree_op.c
index 4ff5e0b..47adbb4 100755
--- a/src/shared/dirtree_op.c
+++ b/src/shared/dirtree_op.c
@@ -12,15 +12,15 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
-/* Common API for dealing with directory trees */
+
+/* Common API for dealing with directory trees */
#include "shared.h"
-/* Create the tree
+/* Create the tree
* Return NULL on error
*/
OSDirTree *OSDirTree_Create()
@@ -32,16 +32,16 @@ OSDirTree *OSDirTree_Create()
{
return(NULL);
}
-
+
my_tree->first_node = NULL;
my_tree->last_node = NULL;
-
+
return(my_tree);
}
-/* Get first node from tree (starting from parent)
+/* Get first node from tree (starting from parent)
* Returns null on invalid tree (not initialized)
*/
OSTreeNode *OSDirTree_GetFirstNode(OSDirTree *tree)
@@ -55,7 +55,7 @@ OSTreeNode *OSDirTree_GetFirstNode(OSDirTree *tree)
* Internal call, looks up for an entry in the middle of the tree.
* Should not be called directly.
*/
-OSDirTree *_OSTreeNode_Add(OSDirTree *tree, char *str,
+OSDirTree *_OSTreeNode_Add(OSDirTree *tree, char *str,
void *data, char sep)
{
char *tmp_str;
@@ -83,7 +83,7 @@ OSDirTree *_OSTreeNode_Add(OSDirTree *tree, char *str,
tree->first_node = NULL;
tree->last_node = NULL;
}
-
+
curnode = tree->first_node;
@@ -109,7 +109,7 @@ OSDirTree *_OSTreeNode_Add(OSDirTree *tree, char *str,
{
os_calloc(1, sizeof(OSTreeNode), newnode);
//printf("XXXX Adding node: %s\n", str);
-
+
if(!tree->first_node && !tree->last_node)
{
@@ -147,11 +147,11 @@ OSDirTree *_OSTreeNode_Add(OSDirTree *tree, char *str,
{
*tmp_str = sep;
}
-
+
return(tree);
}
-
+
/** void OSDirTree_AddToTree
@@ -169,16 +169,16 @@ void OSDirTree_AddToTree(OSDirTree *tree, char *str, void *data, char sep)
char *tmp_str;
OSTreeNode *newnode;
OSTreeNode *curnode;
-
-
+
+
/* First character doesn't count as a separator */
tmp_str = strchr(str +1, sep);
if(tmp_str)
{
*tmp_str = '\0';
}
-
-
+
+
curnode = tree->first_node;
while(curnode)
{
@@ -187,7 +187,7 @@ void OSDirTree_AddToTree(OSDirTree *tree, char *str, void *data, char sep)
/* If we have other elements, keep going */
if(tmp_str)
{
- curnode->child = _OSTreeNode_Add(curnode->child,
+ curnode->child = _OSTreeNode_Add(curnode->child,
tmp_str +1, data, sep);
}
break;
@@ -214,7 +214,7 @@ void OSDirTree_AddToTree(OSDirTree *tree, char *str, void *data, char sep)
tree->last_node->next = newnode;
tree->last_node = newnode;
}
-
+
newnode->next = NULL;
os_strdup(str, newnode->value);
@@ -222,7 +222,7 @@ void OSDirTree_AddToTree(OSDirTree *tree, char *str, void *data, char sep)
/* If we have other elements, keep going */
if(tmp_str)
{
- newnode->child = _OSTreeNode_Add(newnode->child,
+ newnode->child = _OSTreeNode_Add(newnode->child,
tmp_str +1, data, sep);
newnode->data = NULL;
}
@@ -291,7 +291,7 @@ void *OSDirTree_SearchTree(OSDirTree *tree, char *str, char sep)
{
*tmp_str = sep;
}
-
+
return(ret);
}
diff --git a/src/shared/file-queue.c b/src/shared/file-queue.c
index cf07d2d..d0c316d 100755
--- a/src/shared/file-queue.c
+++ b/src/shared/file-queue.c
@@ -33,13 +33,13 @@ void file_sleep()
{
#ifndef WIN32
struct timeval fp_timeout;
-
+
fp_timeout.tv_sec = FQ_TIMEOUT;
fp_timeout.tv_usec = 0;
/* Waiting for the select timeout */
select(0, NULL, NULL, NULL, &fp_timeout);
-
+
#else
/* Windows don't like select that way */
Sleep((FQ_TIMEOUT + 2) * 1000);
@@ -71,7 +71,7 @@ void GetFile_Queue(file_queue *fileq)
ALERTS,
fileq->year,
fileq->mon,
- fileq->day);
+ fileq->day);
}
}
@@ -80,7 +80,7 @@ void GetFile_Queue(file_queue *fileq)
/** int Handle_Queue(file_queue *fileq)
* Re Handle the file queue.
*/
-int Handle_Queue(file_queue *fileq, int flags)
+int Handle_Queue(file_queue *fileq, int flags)
{
/* Closing if it is open */
if(!(flags & CRALERT_FP_SET))
@@ -116,7 +116,7 @@ int Handle_Queue(file_queue *fileq, int flags)
}
}
-
+
/* File change time */
if(fstat(fileno(fileq->fp), &fileq->f_status) < 0)
{
@@ -125,9 +125,9 @@ int Handle_Queue(file_queue *fileq, int flags)
fileq->fp = NULL;
return(-1);
}
-
+
fileq->last_change = fileq->f_status.st_mtime;
-
+
return(1);
}
@@ -145,29 +145,29 @@ int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
}
fileq->last_change = 0;
fileq->flags = 0;
-
+
fileq->day = p->tm_mday;
fileq->year = p->tm_year+1900;
-
+
strncpy(fileq->mon, s_month[p->tm_mon], 4);
memset(fileq->file_name, '\0',MAX_FQUEUE + 1);
/* Setting the supplied flags */
fileq->flags = flags;
-
+
/* Getting latest file */
GetFile_Queue(fileq);
-
+
/* Always seek end when starting the queue */
if(Handle_Queue(fileq, fileq->flags) < 0)
{
return(-1);
}
- return(0);
+ return(0);
}
@@ -180,7 +180,7 @@ alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
int i = 0;
alert_data *al_data;
-
+
/* If the file queue is not available, try to access it */
if(!fileq->fp)
{
@@ -191,7 +191,7 @@ alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
}
}
-
+
/* Getting currently file */
if(p->tm_mday != fileq->day)
{
@@ -218,7 +218,7 @@ alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
}
}
-
+
/* Try up to timeout times to get an event */
while(i < timeout)
{
@@ -227,12 +227,12 @@ alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
{
return(al_data);
}
-
- i++;
+
+ i++;
file_sleep();
}
-
+
/* Returning NULL if timeout expires. */
return(NULL);
}
diff --git a/src/shared/file_op.c b/src/shared/file_op.c
index 1bb7efd..6ed6b07 100755
--- a/src/shared/file_op.c
+++ b/src/shared/file_op.c
@@ -11,7 +11,7 @@
*/
-/* Functions to handle operation with files
+/* Functions to handle operation with files
*/
@@ -53,7 +53,7 @@
#ifndef PRODUCT_DATACENTER_SERVER_CORE_V
#define PRODUCT_DATACENTER_SERVER_CORE_V 0x00000027
#define PRODUCT_DATACENTER_SERVER_CORE_V_C "Datacenter Edition (core) "
-#endif
+#endif
#ifndef PRODUCT_DATACENTER_SERVER_V
#define PRODUCT_DATACENTER_SERVER_V 0x00000025
@@ -251,7 +251,7 @@ int CreatePID(char *name, int pid)
{
char file[256];
FILE *fp;
-
+
if(isChroot())
{
snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,pid);
@@ -265,18 +265,20 @@ int CreatePID(char *name, int pid)
fp = fopen(file,"a");
if(!fp)
return(-1);
-
+
fprintf(fp,"%d\n",pid);
-
+
+ chmod(file, 0640);
+
fclose(fp);
-
+
return(0);
}
int DeletePID(char *name)
{
char file[256];
-
+
if(isChroot())
{
snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,(int)getpid());
@@ -289,9 +291,9 @@ int DeletePID(char *name)
if(File_DateofChange(file) < 0)
return(-1);
-
- unlink(file);
-
+
+ unlink(file);
+
return(0);
}
@@ -310,7 +312,7 @@ int UnmergeFiles(char *finalpath, char *optdir)
finalfp = fopen(finalpath, "r");
if(!finalfp)
{
- merror("%s: ERROR: Unable to read merged file: '%s'.",
+ merror("%s: ERROR: Unable to read merged file: '%s'.",
__local_name, finalpath);
return(0);
}
@@ -323,7 +325,7 @@ int UnmergeFiles(char *finalpath, char *optdir)
break;
}
-
+
/* Initiator. */
if(buf[0] != '!')
continue;
@@ -361,7 +363,7 @@ int UnmergeFiles(char *finalpath, char *optdir)
if(!fp)
{
ret = 0;
- merror("%s: ERROR: Unable to unmerge file '%s'.",
+ merror("%s: ERROR: Unable to unmerge file '%s'.",
__local_name, final_name);
}
@@ -431,7 +433,7 @@ int MergeAppendFile(char *finalpath, char *files)
finalfp = fopen(finalpath, "w");
if(!finalfp)
{
- merror("%s: ERROR: Unable to create merged file: '%s'.",
+ merror("%s: ERROR: Unable to create merged file: '%s'.",
__local_name, finalpath);
return(0);
}
@@ -444,7 +446,7 @@ int MergeAppendFile(char *finalpath, char *files)
finalfp = fopen(finalpath, "a");
if(!finalfp)
{
- merror("%s: ERROR: Unable to create merged file: '%s'.",
+ merror("%s: ERROR: Unable to append merged file: '%s'.",
__local_name, finalpath);
return(0);
}
@@ -502,7 +504,7 @@ int MergeFiles(char *finalpath, char **files)
finalfp = fopen(finalpath, "w");
if(!finalfp)
{
- merror("%s: ERROR: Unable to create merged file: '%s'.",
+ merror("%s: ERROR: Unable to create merged file: '%s'.",
__local_name, finalpath);
return(0);
}
@@ -567,7 +569,7 @@ char *getuname()
if(ret == NULL)
return(NULL);
- snprintf(ret, 255, "%s %s %s %s %s - %s %s",
+ snprintf(ret, 255, "%s %s %s %s %s - %s %s",
uts_buf.sysname,
uts_buf.nodename,
uts_buf.release,
@@ -583,9 +585,9 @@ char *getuname()
ret = calloc(256, sizeof(char));
if(ret == NULL)
return(NULL);
-
+
snprintf(ret, 255, "No system info available - %s %s",
- __name, __version);
+ __name, __version);
return(ret);
}
@@ -642,7 +644,7 @@ void goDaemonLight()
/* Going to / */
chdir("/");
-
+
return;
}
@@ -700,7 +702,7 @@ void goDaemon()
/* Going to / */
chdir("/");
-
+
/* Closing stdin, stdout and stderr */
/*
fclose(stdin);
@@ -714,7 +716,7 @@ void goDaemon()
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
*/
-
+
return;
}
@@ -739,7 +741,7 @@ int checkVista()
strstr(m_uname, "Windows 7"))
{
isVista = 1;
- verbose("%s: INFO: System is Vista or Windows Server 2008.",
+ verbose("%s: INFO: System is Vista, Windows 7 or Windows Server 2008.",
__local_name);
}
@@ -761,7 +763,7 @@ char *getuname()
typedef BOOL (WINAPI *PGPI)(DWORD, DWORD, DWORD, DWORD, PDWORD);
- /* Extracted from ms web site
+ /* Extracted from ms web site
* http://msdn.microsoft.com/library/en-us/sysinfo/base/getting_the_system_version.asp
*/
OSVERSIONINFOEX osvi;
@@ -777,14 +779,14 @@ char *getuname()
if(!(bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi)))
{
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
- if (!GetVersionEx((OSVERSIONINFO *)&osvi))
+ if (!GetVersionEx((OSVERSIONINFO *)&osvi))
return(NULL);
}
/* Allocating the memory */
os_calloc(OS_SIZE_1024 +1, sizeof(char), ret);
ret[OS_SIZE_1024] = '\0';
-
+
switch(osvi.dwPlatformId)
{
/* Test for the Windows NT product family. */
@@ -815,7 +817,7 @@ char *getuname()
/* Getting product version. */
pGPI = (PGPI) GetProcAddress(
- GetModuleHandle(TEXT("kernel32.dll")),
+ GetModuleHandle(TEXT("kernel32.dll")),
"GetProductInfo");
pGPI( 6, 0, 0, 0, &dwType);
@@ -940,7 +942,7 @@ char *getuname()
strncat(ret, PRODUCT_WEB_SERVER_CORE_C, ret_size -1);
break;
}
-
+
ret_size-=strlen(ret) +1;
}
@@ -948,18 +950,18 @@ char *getuname()
else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2)
{
pGNSI = (PGNSI) GetProcAddress(
- GetModuleHandle("kernel32.dll"),
+ GetModuleHandle("kernel32.dll"),
"GetNativeSystemInfo");
if(NULL != pGNSI)
pGNSI(&si);
if( GetSystemMetrics(89) )
- strncat(ret, "Microsoft Windows Server 2003 R2 ",
+ strncat(ret, "Microsoft Windows Server 2003 R2 ",
ret_size -1);
else if(osvi.wProductType == VER_NT_WORKSTATION &&
si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_AMD64)
{
- strncat(ret,
+ strncat(ret,
"Microsoft Windows XP Professional x64 Edition ",
ret_size -1 );
}
@@ -967,7 +969,7 @@ char *getuname()
{
strncat(ret, "Microsoft Windows Server 2003, ",ret_size-1);
}
-
+
ret_size-=strlen(ret) +1;
}
@@ -977,7 +979,7 @@ char *getuname()
ret_size-=strlen(ret) +1;
}
-
+
else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0)
{
strncat(ret, "Microsoft Windows 2000 ", ret_size -1);
@@ -1009,15 +1011,15 @@ char *getuname()
strncat(ret, "Workstation 4.0 ", ret_size -1);
else if( osvi.wSuiteMask & VER_SUITE_PERSONAL )
strncat(ret, "Home Edition ", ret_size -1);
- else
+ else
strncat(ret, "Professional ",ret_size -1);
/* Fixing size */
- ret_size-=strlen(ret) +1;
+ ret_size-=strlen(ret) +1;
}
/* Test for the server type. */
- else if( osvi.wProductType == VER_NT_SERVER ||
+ else if( osvi.wProductType == VER_NT_SERVER ||
osvi.wProductType == VER_NT_DOMAIN_CONTROLLER )
{
if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==2)
@@ -1026,7 +1028,7 @@ char *getuname()
PROCESSOR_ARCHITECTURE_IA64 )
{
if( osvi.wSuiteMask & VER_SUITE_DATACENTER )
- strncat(ret,
+ strncat(ret,
"Datacenter Edition for Itanium-based Systems ",
ret_size -1);
else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
@@ -1034,7 +1036,7 @@ char *getuname()
"Enterprise Edition for Itanium-based Systems ",
ret_size -1);
- ret_size-=strlen(ret) +1;
+ ret_size-=strlen(ret) +1;
}
else if ( si.wProcessorArchitecture==
@@ -1046,11 +1048,11 @@ char *getuname()
else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
strncat(ret, "Enterprise x64 Edition ",
ret_size -1 );
- else
+ else
strncat(ret, "Standard x64 Edition ",
ret_size -1 );
- ret_size-=strlen(ret) +1;
+ ret_size-=strlen(ret) +1;
}
else
@@ -1062,10 +1064,10 @@ char *getuname()
strncat(ret,"Enterprise Edition ",ret_size -1);
else if ( osvi.wSuiteMask == VER_SUITE_BLADE )
strncat(ret,"Web Edition ",ret_size -1 );
- else
+ else
strncat(ret, "Standard Edition ",ret_size -1);
- ret_size-=strlen(ret) +1;
+ ret_size-=strlen(ret) +1;
}
}
else if(osvi.dwMajorVersion==5 && osvi.dwMinorVersion==0)
@@ -1074,25 +1076,25 @@ char *getuname()
strncat(ret, "Datacenter Server ",ret_size -1);
else if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
strncat(ret, "Advanced Server ",ret_size -1 );
- else
+ else
strncat(ret, "Server ",ret_size -1);
- ret_size-=strlen(ret) +1;
+ ret_size-=strlen(ret) +1;
}
else if(osvi.dwMajorVersion <= 4) /* Windows NT 4.0 */
{
if( osvi.wSuiteMask & VER_SUITE_ENTERPRISE )
strncat(ret, "Server 4.0, Enterprise Edition ",
ret_size -1 );
- else
+ else
strncat(ret, "Server 4.0 ",ret_size -1);
-
+
ret_size-=strlen(ret) +1;
}
}
}
/* Test for specific product on Windows NT 4.0 SP5 and earlier */
- else
+ else
{
HKEY hKey;
char szProductType[81];
@@ -1105,7 +1107,7 @@ char *getuname()
if(lRet == ERROR_SUCCESS)
{
char __wv[32];
-
+
lRet = RegQueryValueEx( hKey, "ProductType", NULL, NULL,
(LPBYTE) szProductType, &dwBufLen);
RegCloseKey( hKey );
@@ -1122,7 +1124,7 @@ char *getuname()
ret_size-=strlen(ret) +1;
memset(__wv, '\0', 32);
- snprintf(__wv, 31,
+ snprintf(__wv, 31,
"%d.%d ",
(int)osvi.dwMajorVersion,
(int)osvi.dwMinorVersion);
@@ -1135,9 +1137,9 @@ char *getuname()
/* Display service pack (if any) and build number. */
- if( osvi.dwMajorVersion == 4 &&
+ if( osvi.dwMajorVersion == 4 &&
lstrcmpi( osvi.szCSDVersion, "Service Pack 6" ) == 0 )
- {
+ {
HKEY hKey;
LONG lRet;
char __wp[64];
@@ -1148,8 +1150,8 @@ char *getuname()
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\Q246009",
0, KEY_QUERY_VALUE, &hKey );
if( lRet == ERROR_SUCCESS )
- snprintf(__wp, 63, "Service Pack 6a (Build %d)",
- (int)osvi.dwBuildNumber & 0xFFFF );
+ snprintf(__wp, 63, "Service Pack 6a (Build %d)",
+ (int)osvi.dwBuildNumber & 0xFFFF );
else /* Windows NT 4.0 prior to SP6a */
{
snprintf(__wp, 63, "%s (Build %d)",
@@ -1183,13 +1185,13 @@ char *getuname()
{
strncat(ret, "Microsoft Windows 95 ", ret_size -1);
ret_size-=strlen(ret) +1;
- }
+ }
if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 10)
{
strncat(ret, "Microsoft Windows 98 ", ret_size -1);
ret_size-=strlen(ret) +1;
- }
+ }
if (osvi.dwMajorVersion == 4 && osvi.dwMinorVersion == 90)
{
@@ -1197,7 +1199,7 @@ char *getuname()
ret_size -1);
ret_size-=strlen(ret) +1;
- }
+ }
break;
case VER_PLATFORM_WIN32s:
@@ -1211,10 +1213,10 @@ char *getuname()
/* Adding ossec version */
snprintf(os_v, 128, " - %s %s", __name, __version);
strncat(ret, os_v, ret_size -1);
-
-
+
+
/* Returning system information */
- return(ret);
+ return(ret);
}
#endif
diff --git a/src/shared/hash_op.c b/src/shared/hash_op.c
index 36edfef..20b7392 100755
--- a/src/shared/hash_op.c
+++ b/src/shared/hash_op.c
@@ -12,9 +12,9 @@
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
-/* Common API for dealing with hashes/maps */
+
+/* Common API for dealing with hashes/maps */
#include "shared.h"
@@ -68,7 +68,7 @@ OSHash *OSHash_Create()
self->initial_seed = os_getprime(random() % self->rows);
self->constant = os_getprime(random() % self->rows);
-
+
return(self);
}
@@ -82,8 +82,8 @@ void *OSHash_Free(OSHash *self)
int i = 0;
OSHashNode *curr_node;
OSHashNode *next_node;
-
-
+
+
/* Freeing each entry */
while(i <= self->rows)
{
@@ -103,7 +103,7 @@ void *OSHash_Free(OSHash *self)
free(self->table);
free(self);
- return(NULL);
+ return(NULL);
}
@@ -144,7 +144,7 @@ int OSHash_setSize(OSHash *self, int new_size)
return(1);
}
-
+
/* Getting next prime */
self->rows = os_getprime(new_size);
if(self->rows == 0)
@@ -152,7 +152,7 @@ int OSHash_setSize(OSHash *self, int new_size)
return(0);
}
-
+
/* If we fail, the hash should not be used anymore */
self->table = realloc(self->table, (self->rows +1) * sizeof(OSHashNode *));
if(!self->table)
@@ -187,7 +187,7 @@ int OSHash_Update(OSHash *self, char *key, void *data)
unsigned int index;
OSHashNode *curr_node;
-
+
/* Generating hash of the message */
hash_key = _os_genhash(self, key);
@@ -195,7 +195,7 @@ int OSHash_Update(OSHash *self, char *key, void *data)
/* Getting array index */
index = hash_key % self->rows;
-
+
/* Checking for duplicated entries in the index */
curr_node = self->table[index];
@@ -228,7 +228,7 @@ int OSHash_Add(OSHash *self, char *key, void *data)
OSHashNode *curr_node;
OSHashNode *new_node;
-
+
/* Generating hash of the message */
hash_key = _os_genhash(self, key);
@@ -236,7 +236,7 @@ int OSHash_Add(OSHash *self, char *key, void *data)
/* Getting array index */
index = hash_key % self->rows;
-
+
/* Checking for duplicated entries in the index */
curr_node = self->table[index];
@@ -251,7 +251,7 @@ int OSHash_Add(OSHash *self, char *key, void *data)
curr_node = curr_node->next;
}
-
+
/* Creating new node */
new_node = calloc(1, sizeof(OSHashNode));
if(!new_node)
@@ -274,7 +274,7 @@ int OSHash_Add(OSHash *self, char *key, void *data)
new_node->next = self->table[index];
self->table[index] = new_node;
}
-
+
return(2);
}
@@ -291,7 +291,7 @@ void *OSHash_Get(OSHash *self, char *key)
unsigned int index;
OSHashNode *curr_node;
-
+
/* Generating hash of the message */
hash_key = _os_genhash(self, key);
@@ -299,7 +299,7 @@ void *OSHash_Get(OSHash *self, char *key)
/* Getting array index */
index = hash_key % self->rows;
-
+
/* Getting entry */
curr_node = self->table[index];
@@ -310,7 +310,7 @@ void *OSHash_Get(OSHash *self, char *key)
{
return(curr_node->data);
}
-
+
curr_node = curr_node->next;
}
diff --git a/src/shared/list_op.c b/src/shared/list_op.c
index 9273358..660dfbb 100755
--- a/src/shared/list_op.c
+++ b/src/shared/list_op.c
@@ -10,13 +10,13 @@
* Foundation
*/
-/* Common API for dealing with lists */
+/* Common API for dealing with lists */
#include "shared.h"
-/* Create the list
+/* Create the list
* Return NULL on error
*/
OSList *OSList_Create()
@@ -26,14 +26,14 @@ OSList *OSList_Create()
my_list = calloc(1, sizeof(OSList));
if(!my_list)
return(NULL);
-
+
my_list->first_node = NULL;
my_list->last_node = NULL;
my_list->cur_node = NULL;
my_list->currently_size = 0;
my_list->max_size = 0;
my_list->free_data_function = NULL;
-
+
return(my_list);
}
@@ -48,7 +48,7 @@ int OSList_SetMaxSize(OSList *list, int max_size)
{
return(0);
}
-
+
/* Minimum size is 1 */
if(max_size <= 1)
{
@@ -70,7 +70,7 @@ int OSList_SetFreeDataPointer(OSList *list, void *free_data_function)
{
return(0);
}
-
+
list->free_data_function = free_data_function;
return(1);
}
@@ -104,12 +104,12 @@ OSListNode *OSList_GetNextNode(OSList *list)
{
if(list->cur_node == NULL)
return(NULL);
-
+
list->cur_node = list->cur_node->next;
-
+
return(list->cur_node);
}
-
+
/* Get the prev node from the list
* Returns NULL at the beginning
@@ -123,11 +123,11 @@ OSListNode *OSList_GetPrevNode(OSList *list)
return(list->cur_node);
}
-
+
/* Get the currently node.
* Returns null when no currently node is available
- */
+ */
OSListNode *OSList_GetCurrentlyNode(OSList *list)
{
return(list->cur_node);
@@ -138,15 +138,15 @@ OSListNode *OSList_GetCurrentlyNode(OSList *list)
void OSList_DeleteOldestNode(OSList *list)
{
OSListNode *next;
-
+
if(list->first_node)
{
next = list->first_node->next;
if(next)
next->prev = NULL;
else
- list->last_node = next;
-
+ list->last_node = next;
+
free(list->first_node);
list->first_node = next;
}
@@ -216,14 +216,14 @@ void OSList_DeleteCurrentlyNode(OSList *list)
{
OSListNode *prev;
OSListNode *next;
-
+
if(list->cur_node == NULL)
return;
-
+
prev = list->cur_node->prev;
next = list->cur_node->next;
-
+
/* Setting the previous node of the next one
* and the next node of the previous one.. :)
*/
@@ -247,7 +247,7 @@ void OSList_DeleteCurrentlyNode(OSList *list)
list->last_node = NULL;
list->first_node = NULL;
}
-
+
/* Freeing the node memory */
free(list->cur_node);
@@ -263,7 +263,7 @@ void OSList_DeleteCurrentlyNode(OSList *list)
*/
int OSList_AddData(OSList *list, void *data)
{
- OSListNode *newnode;
+ OSListNode *newnode;
/* Allocating memory for new node */
@@ -284,20 +284,20 @@ int OSList_AddData(OSList *list, void *data)
{
list->first_node = newnode;
}
-
+
/* If we have a last node, set the next to new node */
if(list->last_node)
{
list->last_node->next = newnode;
}
-
-
+
+
/* newnode become last node */
list->last_node = newnode;
/* Increment list size */
list->currently_size++;
-
+
/* if currently_size higher than the maximum size, remove the
* oldest node (first one)
*/
@@ -315,10 +315,10 @@ int OSList_AddData(OSList *list, void *data)
{
list->free_data_function(list->first_node->data);
}
-
+
/* Clearing the memory */
free(list->first_node);
-
+
/* First node become the ex first->next */
list->first_node = newnode;
@@ -326,7 +326,7 @@ int OSList_AddData(OSList *list, void *data)
list->currently_size--;
}
}
-
+
return(1);
}
diff --git a/src/shared/math_op.c b/src/shared/math_op.c
index 52b0f27..b08f854 100755
--- a/src/shared/math_op.c
+++ b/src/shared/math_op.c
@@ -25,14 +25,14 @@ int os_getprime(int val)
{
int i;
int max_i;
-
+
/* Value can't be even */
if((val % 2) == 0)
{
val++;
}
-
-
+
+
do
{
/* We just need to check odd numbers up until half
diff --git a/src/shared/mem_op.c b/src/shared/mem_op.c
index 9cb1597..8ba4ccb 100755
--- a/src/shared/mem_op.c
+++ b/src/shared/mem_op.c
@@ -86,22 +86,22 @@ void os_FreeArray(char *ch1, char **ch2)
free(ch1);
ch1 = NULL;
}
-
+
/* Cleaning chat ** */
if(ch2)
{
char **nch2 = ch2;
-
+
while(*ch2 != NULL)
{
free(*ch2);
ch2++;
}
-
+
free(nch2);
nch2 = NULL;
}
-
+
return;
}
diff --git a/src/shared/mq_op.c b/src/shared/mq_op.c
index 6e1c7e0..3f1d037 100755
--- a/src/shared/mq_op.c
+++ b/src/shared/mq_op.c
@@ -22,12 +22,12 @@
*/
int StartMQ(char * path, short int type)
{
-
+
if(type == READ)
{
return(OS_BindUnixDomain(path, 0660, OS_MAXSTR + 512));
}
-
+
/* We give up to 21 seconds for the other end to
* start
*/
@@ -63,7 +63,7 @@ int StartMQ(char * path, short int type)
sleep(2);
if((rc = OS_ConnectUnixDomain(path, OS_MAXSTR + 256)) < 0)
{
- merror(QUEUE_ERROR, __local_name, path,
+ merror(QUEUE_ERROR, __local_name, path,
strerror(errno));
return(-1);
}
@@ -89,8 +89,8 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
/* Checking for global locks */
os_wait();
-
-
+
+
if(loc == SECURE_MQ)
{
loc = message[0];
@@ -101,14 +101,14 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
merror(FORMAT_ERROR, __local_name);
return(0);
}
-
+
message++; /* Pointing now to the location */
if(strncmp(message, "keepalive",9) == 0)
{
return(0);
}
-
+
snprintf(tmpstr,OS_MAXSTR,"%c:%s->%s",loc, locmsg, message);
}
else
@@ -119,7 +119,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
if(queue < 0)
return(-1);
-
+
/* We attempt 5 times to send the message if
* the receiver socket is busy.
* After the first error, we wait 1 second.
@@ -140,7 +140,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
return(-1);
}
-
+
/* Unable to send. Socket busy */
sleep(1);
if(OS_SendUnix(queue, tmpstr, 0) < 0)
@@ -163,10 +163,10 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
{
/* Message is going to be lost
* if the application does not care
- * about checking the error
- */
+ * about checking the error
+ */
close(queue);
- queue = -1;
+ queue = -1;
return(-1);
}
}
diff --git a/src/shared/privsep_op.c b/src/shared/privsep_op.c
index 1e0ce18..b24cb31 100755
--- a/src/shared/privsep_op.c
+++ b/src/shared/privsep_op.c
@@ -29,30 +29,30 @@
int Privsep_GetUser(char * name)
{
int os_uid = -1;
-
+
struct passwd *pw;
pw = getpwnam(name);
if(pw == NULL)
return(OS_INVALID);
os_uid = (int)pw->pw_uid;
- endpwent();
-
+ endpwent();
+
return(os_uid);
}
int Privsep_GetGroup(char * name)
{
int os_gid = -1;
-
+
struct group *grp;
grp = getgrnam(name);
if(grp == NULL)
return(OS_INVALID);
os_gid = (int)grp->gr_gid;
- endgrent();
-
+ endgrent();
+
return(os_gid);
}
@@ -72,16 +72,16 @@ int Privsep_SetUser(uid_t uid)
int Privsep_SetGroup(gid_t gid)
{
if (setgroups(1, &gid) == -1)
- return(OS_INVALID);
-
+ return(OS_INVALID);
+
#ifndef HPUX
if(setegid(gid) < 0)
return(OS_INVALID);
#endif
-
+
if(setgid(gid) < 0)
return(OS_INVALID);
-
+
return(OS_SUCCESS);
}
@@ -89,12 +89,12 @@ int Privsep_Chroot(char * path)
{
if(chdir(path) < 0)
return(OS_INVALID);
-
+
if(chroot(path) < 0)
return(OS_INVALID);
-
+
chdir("/");
-
+
return(OS_SUCCESS);
}
diff --git a/src/shared/read-agents.c b/src/shared/read-agents.c
index e92b8d0..814fb9d 100755
--- a/src/shared/read-agents.c
+++ b/src/shared/read-agents.c
@@ -22,7 +22,7 @@ void free_agents(char **agent_list)
int i;
if(!agent_list)
return;
-
+
for(i = 0;;i++)
{
if(agent_list[i] == NULL)
@@ -40,8 +40,8 @@ void free_agents(char **agent_list)
#ifndef WIN32
/* Print syscheck attributes. */
-#define sk_strchr(x,y,z) z = strchr(x, y); if(z == NULL) return(0); else { *z = '\0'; z++; }
-int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
+#define sk_strchr(x,y,z) z = strchr(x, y); if(z == NULL) return(0); else { *z = '\0'; z++; }
+int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
int is_win, int number_of_changes)
{
char *p_size, *p_perm, *p_uid, *p_gid, *p_md5, *p_sha1;
@@ -64,7 +64,7 @@ int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
sk_strchr(uid, ':', gid);
sk_strchr(gid, ':', md5);
sk_strchr(md5, ':', sha1);
-
+
p_size = size;
p_perm = perm;
p_uid = uid;
@@ -106,14 +106,14 @@ int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
case 1:
printf("- 1st time modified.\n");
break;
- case 2:
+ case 2:
printf("- 2nd time modified.\n");
break;
- case 3:
+ case 3:
printf("- 3rd time modified.\n");
break;
default:
- printf("- Being ignored (3 or more changes).\n");
+ printf("- Being ignored (3 or more changes).\n");
}
}
else
@@ -124,22 +124,22 @@ int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
perm_str[35] = '\0';
perm_int = atoi(perm);
- snprintf(perm_str, 35,
+ snprintf(perm_str, 35,
"%c%c%c%c%c%c%c%c%c",
(perm_int & S_IRUSR)? 'r' : '-',
(perm_int & S_IWUSR)? 'w' : '-',
-
+
(perm_int & S_ISUID)? 's' :
(perm_int & S_IXUSR)? 'x' : '-',
-
+
(perm_int & S_IRGRP)? 'r' : '-',
(perm_int & S_IWGRP)? 'w' : '-',
-
+
(perm_int & S_ISGID)? 's' :
(perm_int & S_IXGRP)? 'x' : '-',
-
-
+
+
(perm_int & S_IROTH)? 'r' : '-',
(perm_int & S_IWOTH)? 'w' : '-',
(perm_int & S_ISVTX)? 't' :
@@ -156,7 +156,7 @@ int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
}
printf(" Md5: %s%s\n", (strcmp(md5,p_md5) == 0)? " ": " >", md5);
printf(" Sha1:%s%s\n", (strcmp(sha1,p_sha1) == 0)? " ": " >", sha1);
-
+
/* Fixing entries. */
perm[-1] = ':';
@@ -171,12 +171,12 @@ int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
/* Print information about a specific file. */
-int _do_print_file_syscheck(FILE *fp, char *fname,
+int _do_print_file_syscheck(FILE *fp, char *fname,
int update_counter, int csv_output)
{
int f_found = 0;
struct tm *tm_time;
-
+
char read_day[24 +1];
char buf[OS_MAXSTR + 1];
@@ -184,7 +184,7 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
OSStore *files_list;
fpos_t init_pos;
-
+
buf[OS_MAXSTR] = '\0';
read_day[24] = '\0';
@@ -212,8 +212,8 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
printf("\n** ERROR: fgetpos failed.\n");
return(0);
}
-
-
+
+
while(fgets(buf, OS_MAXSTR, fp) != NULL)
{
if(buf[0] == '!' || buf[0] == '#' || buf[0] == '+')
@@ -224,15 +224,15 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
char *changed_attrs;
char *prev_attrs;
-
+
if(strlen(buf) < 16)
{
fgetpos(fp, &init_pos);
continue;
}
-
- /* Removing new line. */
- buf[strlen(buf) -1] = '\0';
+
+ /* Removing new line. */
+ buf[strlen(buf) -1] = '\0';
/* with update counter, we only modify the last entry. */
@@ -259,26 +259,26 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
changed_attrs = buf + 3;
-
+
changed_file_name = strchr(changed_attrs, '!');
if(!changed_file_name)
{
fgetpos(fp, &init_pos);
continue;
}
-
-
+
+
/* Getting time of change. */
changed_file_name[-1] = '\0';
changed_file_name++;
change_time = (time_t)atoi(changed_file_name);
-
+
changed_file_name = strchr(changed_file_name, ' ');
- changed_file_name++;
-
+ changed_file_name++;
+
/* Checking if the name should be printed. */
- if(!OSMatch_Execute(changed_file_name, strlen(changed_file_name),
+ if(!OSMatch_Execute(changed_file_name, strlen(changed_file_name),
®))
{
fgetpos(fp, &init_pos);
@@ -287,8 +287,8 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
f_found = 1;
-
-
+
+
/* Reset the values. */
if(update_counter)
{
@@ -319,45 +319,45 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
}
}
- printf("\n**Counter updated for file '%s'\n\n",
+ printf("\n**Counter updated for file '%s'\n\n",
changed_file_name);
return(0);
}
-
+
tm_time = localtime(&change_time);
strftime(read_day, 23, "%Y %h %d %T", tm_time);
-
- if(!csv_output)
- printf("\n%s,%d - %s\n", read_day, number_changes,
+
+ if(!csv_output)
+ printf("\n%s,%d - %s\n", read_day, number_changes,
changed_file_name);
- else
- printf("%s,%s,%d\n", read_day, changed_file_name,
+ else
+ printf("%s,%s,%d\n", read_day, changed_file_name,
number_changes);
-
-
+
+
prev_attrs = OSStore_Get(files_list, changed_file_name);
if(prev_attrs)
{
char *new_attrs;
os_strdup(changed_attrs, new_attrs);
- _do_print_attrs_syscheck(prev_attrs, changed_attrs,
- csv_output,
+ _do_print_attrs_syscheck(prev_attrs, changed_attrs,
+ csv_output,
changed_file_name[0] == '/'?0:1,
number_changes);
-
+
free(files_list->cur_node->data);
- files_list->cur_node->data = new_attrs;
+ files_list->cur_node->data = new_attrs;
}
else
{
char *new_name;
char *new_attrs;
-
+
os_strdup(changed_attrs, new_attrs);
os_strdup(changed_file_name, new_name);
OSStore_Put(files_list, new_name, new_attrs);
- _do_print_attrs_syscheck(NULL,
+ _do_print_attrs_syscheck(NULL,
changed_attrs, csv_output,
changed_file_name[0] == '/'?0:1,
number_changes);
@@ -372,7 +372,7 @@ int _do_print_file_syscheck(FILE *fp, char *fname,
printf("\n** No entries found.\n");
}
OSMatch_FreePattern(®);
-
+
return(0);
}
@@ -383,16 +383,16 @@ int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
{
int f_found = 0;
struct tm *tm_time;
-
+
char read_day[24 +1];
char saved_read_day[24 +1];
char buf[OS_MAXSTR + 1];
-
+
buf[OS_MAXSTR] = '\0';
read_day[24] = '\0';
saved_read_day[0] = '\0';
saved_read_day[24] = '\0';
-
+
while(fgets(buf, OS_MAXSTR, fp) != NULL)
{
if(buf[0] == '!' || buf[0] == '#')
@@ -401,13 +401,13 @@ int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
time_t change_time = 0;
char *changed_file_name;
-
+
if(strlen(buf) < 16)
continue;
-
- /* Removing new line. */
- buf[strlen(buf) -1] = '\0';
-
+
+ /* Removing new line. */
+ buf[strlen(buf) -1] = '\0';
+
/* Checking number of changes. */
if(buf[1] == '!')
@@ -422,23 +422,23 @@ int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
number_changes = 4;
}
}
-
+
changed_file_name = strchr(buf +3, '!');
if(!changed_file_name)
continue;
-
-
+
+
f_found = 1;
-
-
+
+
/* Getting time of change. */
changed_file_name++;
change_time = atoi(changed_file_name);
-
+
changed_file_name = strchr(changed_file_name, ' ');
- changed_file_name++;
-
+ changed_file_name++;
+
tm_time = localtime(&change_time);
strftime(read_day, 23, "%Y %h %d", tm_time);
if(strcmp(read_day, saved_read_day) != 0)
@@ -448,12 +448,12 @@ int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
strncpy(saved_read_day, read_day, 23);
}
strftime(read_day, 23, "%Y %h %d %T", tm_time);
-
- if(!csv_output)
- printf("%s,%d - %s\n", read_day, number_changes,
+
+ if(!csv_output)
+ printf("%s,%d - %s\n", read_day, number_changes,
changed_file_name);
- else
- printf("%s,%s,%d\n", read_day, changed_file_name,
+ else
+ printf("%s,%s,%d\n", read_day, changed_file_name,
number_changes);
}
}
@@ -462,13 +462,13 @@ int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
{
printf("\n** No entries found.\n");
}
-
+
return(0);
}
/* Print syscheck db (of modified files. */
-int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
+int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
int all_files, int csv_output, int update_counter)
{
FILE *fp;
@@ -493,7 +493,7 @@ int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
fp = fopen(tmp_file, "r+");
}
-
+
else if(!print_registry)
{
/* Printing database */
@@ -560,12 +560,12 @@ int _do_get_rootcheckscan(FILE *fp)
/* Print syscheck db (of modified files. */
-int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
+int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
int csv_output, int show_last)
{
int i = 0;
int f_found = 0;
-
+
/* Current time. */
time_t c_time;
@@ -573,7 +573,7 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
time_t s_time = 0;
time_t i_time = 0;
struct tm *tm_time;
-
+
char old_day[24 +1];
char read_day[24 +1];
char buf[OS_MAXSTR + 1];
@@ -589,14 +589,14 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
char *(ns_events[]) = {"Application Found:",
"Windows Audit:",
"Windows Malware:",
- NULL};
-
+ NULL};
+
buf[OS_MAXSTR] = '\0';
old_day[24] = '\0';
read_day[24] = '\0';
-
+
c_time = time(0);
fseek(fp, 0, SEEK_SET);
@@ -607,13 +607,13 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
{
tm_time = localtime((time_t *)&time_last_scan);
strftime(read_day, 23, "%Y %h %d %T", tm_time);
-
+
printf("\nLast scan: %s\n\n", read_day);
}
else if(resolved)
printf("\nResolved events: \n\n");
else
- printf("\nOutstanding events: \n\n");
+ printf("\nOutstanding events: \n\n");
}
@@ -629,7 +629,7 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
if(tmp_str)
*tmp_str = '\0';
-
+
/* Getting initial time. */
tmp_str = strchr(buf + 1, '!');
if(!tmp_str)
@@ -643,10 +643,10 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
tmp_str = strchr(tmp_str, ' ');
if(!tmp_str)
continue;
- tmp_str++;
-
+ tmp_str++;
+
+
-
/* Checking for resolved. */
if(time_last_scan > (s_time + 86400))
{
@@ -670,12 +670,12 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
{
if(strncmp(tmp_str, ig_events[i], strlen(ig_events[i]) -1) == 0)
break;
- i++;
+ i++;
}
if(ig_events[i])
continue;
-
+
/* Checking events that are not system audit. */
i = 0;
while(ns_events[i])
@@ -684,13 +684,13 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
break;
i++;
}
-
+
tm_time = localtime((time_t *)&s_time);
strftime(read_day, 23, "%Y %h %d %T", tm_time);
tm_time = localtime((time_t *)&i_time);
strftime(old_day, 23, "%Y %h %d %T", tm_time);
-
+
if(!csv_output)
{
@@ -711,11 +711,11 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
printf("%s,%s,%s,%s%s\n", resolved == 0?"outstanding":"resolved",
read_day, old_day,
ns_events[i] != NULL?"":"System Audit: ",
- tmp_str);
+ tmp_str);
}
-
-
-
+
+
+
f_found++;
}
@@ -723,14 +723,14 @@ int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
{
printf("** No entries found.\n");
}
-
+
return(0);
}
/* Print rootcheck db */
-int print_rootcheck(char *sk_name, char *sk_ip, char *fname, int resolved,
+int print_rootcheck(char *sk_name, char *sk_ip, char *fname, int resolved,
int csv_output, int show_last)
{
int ltime = 0;
@@ -748,7 +748,7 @@ int print_rootcheck(char *sk_name, char *sk_ip, char *fname, int resolved,
fp = fopen(tmp_file, "r+");
}
-
+
else
{
/* Printing database */
@@ -793,14 +793,14 @@ int print_rootcheck(char *sk_name, char *sk_ip, char *fname, int resolved,
#endif
-/* Delete syscheck db */
+/* Delete syscheck db */
int delete_syscheck(char *sk_name, char *sk_ip, int full_delete)
{
FILE *fp;
char tmp_file[513];
tmp_file[512] = '\0';
-
+
/* Deleting related files */
snprintf(tmp_file, 512, "%s/(%s) %s->syscheck",
SYSCHECK_DIR,
@@ -811,7 +811,7 @@ int delete_syscheck(char *sk_name, char *sk_ip, int full_delete)
if(fp)
fclose(fp);
- if(full_delete)
+ if(full_delete)
unlink(tmp_file);
@@ -856,14 +856,14 @@ int delete_syscheck(char *sk_name, char *sk_ip, int full_delete)
-/* Delete rootcheck db */
+/* Delete rootcheck db */
int delete_rootcheck(char *sk_name, char *sk_ip, int full_delete)
{
FILE *fp;
char tmp_file[513];
tmp_file[512] = '\0';
-
+
/* Deleting related files */
snprintf(tmp_file, 512, "%s/(%s) %s->rootcheck",
ROOTCHECK_DIR,
@@ -874,7 +874,7 @@ int delete_rootcheck(char *sk_name, char *sk_ip, int full_delete)
if(fp)
fclose(fp);
- if(full_delete)
+ if(full_delete)
unlink(tmp_file);
@@ -911,11 +911,11 @@ int delete_agentinfo(char *name)
/* Deleting syscheck */
delete_syscheck(sk_name, sk_ip, 1);
-
+
return(1);
}
-
+
/** char *print_agent_status(int status)
* Prints the text representation of the agent status.
@@ -951,7 +951,7 @@ int send_msg_to_agent(int msocket, char *msg, char *agt_id, char *exec)
char agt_msg[OS_SIZE_1024 +1];
agt_msg[OS_SIZE_1024] = '\0';
-
+
if(!exec)
{
@@ -977,7 +977,7 @@ int send_msg_to_agent(int msocket, char *msg, char *agt_id, char *exec)
}
-
+
if((rc = OS_SendUnix(msocket, agt_msg, 0)) < 0)
{
if(rc == OS_SOCKBUSY)
@@ -1006,7 +1006,7 @@ int send_msg_to_agent(int msocket, char *msg, char *agt_id, char *exec)
int connect_to_remoted()
{
int arq = -1;
-
+
if((arq = StartMQ(ARQUEUE, WRITE)) < 0)
{
merror(ARQ_ERROR, __local_name);
@@ -1030,15 +1030,15 @@ int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
/* Agent name of null, means it is the server info. */
if(agent_name == NULL)
{
- snprintf(buf, 1024, "%s/rootcheck",
+ snprintf(buf, 1024, "%s/rootcheck",
ROOTCHECK_DIR);
}
else
{
- snprintf(buf, 1024, "%s/(%s) %s->rootcheck",
+ snprintf(buf, 1024, "%s/(%s) %s->rootcheck",
ROOTCHECK_DIR, agent_name, agent_ip);
}
-
+
/* If file is not there, set to unknown. */
fp = fopen(buf, "r");
@@ -1050,7 +1050,7 @@ int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
os_strdup("Unknown", agt_info->syscheck_endtime);
return(0);
}
-
+
while(fgets(buf, 1024, fp) != NULL)
{
@@ -1076,7 +1076,7 @@ int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
tmp_str = strchr(agt_info->syscheck_time, '\n');
if(tmp_str)
*tmp_str = '\0';
-
+
continue;
}
@@ -1094,10 +1094,10 @@ int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
tmp_str = strchr(agt_info->syscheck_endtime, '\n');
if(tmp_str)
*tmp_str = '\0';
-
+
continue;
}
-
+
tmp_str = strstr(buf, "Starting rootcheck scan");
if(tmp_str)
@@ -1146,7 +1146,7 @@ int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
os_strdup("Unknown", agt_info->syscheck_time);
if(!agt_info->syscheck_endtime)
os_strdup("Unknown", agt_info->syscheck_endtime);
-
+
fclose(fp);
return(0);
}
@@ -1165,7 +1165,7 @@ char *_get_agent_keepalive(char *agent_name, char *agent_ip)
{
return(strdup("Not available"));
}
-
+
snprintf(buf, 1024, "%s/%s-%s", AGENTINFO_DIR, agent_name, agent_ip);
if(stat(buf, &file_status) < 0)
{
@@ -1184,7 +1184,7 @@ int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
FILE *fp;
char buf[1024 +1];
-
+
/* Getting server info. */
if(!agent_name)
{
@@ -1217,7 +1217,7 @@ int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
return(0);
}
-
+
snprintf(buf, 1024, "%s/%s-%s", AGENTINFO_DIR, agent_name, agent_ip);
fp = fopen(buf, "r");
if(!fp)
@@ -1226,8 +1226,8 @@ int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
os_strdup("Unknown", agt_info->version);
return(0);
}
-
-
+
+
if(fgets(buf, 1024, fp))
{
char *ossec_version = NULL;
@@ -1236,8 +1236,8 @@ int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
ossec_version = strchr(buf, '\n');
if(ossec_version)
*ossec_version = '\0';
-
-
+
+
ossec_version = strstr(buf, " - ");
if(ossec_version)
{
@@ -1263,10 +1263,10 @@ int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
}
fclose(fp);
-
+
os_strdup("Unknown", agt_info->os);
os_strdup("Unknown", agt_info->version);
-
+
return(0);
}
@@ -1280,7 +1280,7 @@ agent_info *get_agent_info(char *agent_name, char *agent_ip)
char tmp_file[513];
char *agent_ip_pt = NULL;
char *tmp_str = NULL;
-
+
agent_info *agt_info = NULL;
tmp_file[512] = '\0';
@@ -1318,7 +1318,7 @@ agent_info *get_agent_info(char *agent_name, char *agent_ip)
if(tmp_str)
*tmp_str = '\0';
-
+
/* Setting back the ip address. */
if(agent_ip_pt)
@@ -1339,7 +1339,7 @@ int get_agent_status(char *agent_name, char *agent_ip)
{
char tmp_file[513];
char *agent_ip_pt = NULL;
-
+
struct stat file_status;
tmp_file[512] = '\0';
@@ -1348,9 +1348,9 @@ int get_agent_status(char *agent_name, char *agent_ip)
/* Server info. */
if(agent_name == NULL)
{
- return(GA_STATUS_ACTIVE);
+ return(GA_STATUS_ACTIVE);
}
-
+
/* Removing the "/", since it is not present on the file. */
if((agent_ip_pt = strchr(agent_ip, '/')))
@@ -1372,7 +1372,7 @@ int get_agent_status(char *agent_name, char *agent_ip)
{
return(GA_STATUS_INV);
}
-
+
if(file_status.st_mtime > (time(0) - (3*NOTIFY_TIME + 30)))
{
@@ -1383,28 +1383,28 @@ int get_agent_status(char *agent_name, char *agent_ip)
}
-
+
/* List available agents.
*/
char **get_agents(int flag)
{
int f_size = 0;
-
+
char **f_files = NULL;
DIR *dp;
struct dirent *entry;
-
+
/* Opening the directory given */
dp = opendir(AGENTINFO_DIR);
- if(!dp)
+ if(!dp)
{
merror("%s: Error opening directory: '%s': %s ",
__local_name,
AGENTINFO_DIR,
strerror(errno));
return(NULL);
- }
+ }
/* Reading directory */
@@ -1413,7 +1413,7 @@ char **get_agents(int flag)
int status = 0;
char tmp_file[513];
tmp_file[512] = '\0';
-
+
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
(strcmp(entry->d_name,"..") == 0))
@@ -1428,7 +1428,7 @@ char **get_agents(int flag)
if(stat(tmp_file, &file_status) < 0)
continue;
-
+
if(file_status.st_mtime > (time(0) - (3*NOTIFY_TIME + 30)))
{
status = 1;
@@ -1441,7 +1441,7 @@ char **get_agents(int flag)
continue;
}
}
-
+
f_files = (char **)realloc(f_files, (f_size +2) * sizeof(char *));
if(!f_files)
{
@@ -1453,9 +1453,9 @@ char **get_agents(int flag)
if(flag == GA_ALL_WSTATUS)
{
char agt_stat[512];
-
+
snprintf(agt_stat, sizeof(agt_stat) -1, "%s %s",
- entry->d_name, status == 1?"active":"disconnected");
+ entry->d_name, status == 1?"active":"disconnected");
os_strdup(agt_stat, f_files[f_size]);
}
@@ -1463,15 +1463,15 @@ char **get_agents(int flag)
{
os_strdup(entry->d_name, f_files[f_size]);
}
-
+
f_files[f_size +1] = NULL;
-
+
f_size++;
}
-
+
closedir(dp);
return(f_files);
}
-
+
/* EOF */
diff --git a/src/shared/read-alert.c b/src/shared/read-alert.c
index fbf84d0..b5d8a3b 100755
--- a/src/shared/read-alert.c
+++ b/src/shared/read-alert.c
@@ -48,9 +48,9 @@
#define NEWMD5_BEGIN "New md5sum is : "
#define NEWMD5_BEGIN_SZ 16
#define OLDSHA1_BEGIN "Old sha1sum was: "
-#define OLDSHA1_BEGIN_SZ 17
+#define OLDSHA1_BEGIN_SZ 17
#define NEWSHA1_BEGIN "New sha1sum is : "
-#define NEWSHA1_BEGIN_SZ 17
+#define NEWSHA1_BEGIN_SZ 17
/** void FreeAlertData(alert_data *al_data)
@@ -59,7 +59,7 @@
void FreeAlertData(alert_data *al_data)
{
char **p;
-
+
if(al_data->alertid)
{
free(al_data->alertid);
@@ -124,7 +124,7 @@ void FreeAlertData(alert_data *al_data)
{
free(al_data->new_sha1);
al_data->new_sha1 = NULL;
- }
+ }
if(al_data->log)
{
p = al_data->log;
@@ -182,15 +182,15 @@ alert_data *GetAlertData(int flag, FILE *fp)
char *geoipdatadst = NULL;
#endif
int level, rule, srcport = 0, dstport = 0;
-
-
+
+
char str[OS_BUFFER_SIZE+1];
str[OS_BUFFER_SIZE]='\0';
while(fgets(str, OS_BUFFER_SIZE, fp) != NULL)
{
-
+
/* Enf of alert */
if(strcmp(str, "\n") == 0 && log_size > 0)
{
@@ -222,13 +222,13 @@ alert_data *GetAlertData(int flag, FILE *fp)
al_data->old_sha1 = old_sha1;
al_data->new_sha1 = new_sha1;
-
+
return(al_data);
}
_r = 0;
}
-
-
+
+
/* Checking for the header */
if(strncmp(ALERT_BEGIN, str, ALERT_BEGIN_SZ) == 0)
{
@@ -246,7 +246,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
os_realloc(alertid, (z + 1)*sizeof(char *), alertid);
strncpy(alertid, p, z);
alertid[z] = '\0';
-
+
/* Searching for email flag */
p = strchr(p, ' ');
if(!p)
@@ -255,10 +255,10 @@ alert_data *GetAlertData(int flag, FILE *fp)
}
p++;
-
-
- /* Checking for the flags */
- if((flag & CRALERT_MAIL_SET) &&
+
+
+ /* Checking for the flags */
+ if((flag & CRALERT_MAIL_SET) &&
(strncmp(ALERT_MAIL, p, ALERT_MAIL_SZ) != 0))
{
continue;
@@ -286,16 +286,16 @@ alert_data *GetAlertData(int flag, FILE *fp)
if(_r < 1)
continue;
-
-
+
+
/*** Extract information from the event ***/
-
+
/* r1 means: 2006 Apr 13 16:15:17 /var/log/auth.log */
if(_r == 1)
{
/* Clear new line */
os_clearnl(str, p);
-
+
p = strchr(str, ':');
if(p)
{
@@ -318,22 +318,22 @@ alert_data *GetAlertData(int flag, FILE *fp)
/* If not, str is date and p is the location */
if(date || location)
merror("ZZZ Merror date or location not NULL");
-
+
os_strdup(str, date);
- os_strdup(p, location);
+ os_strdup(p, location);
_r = 2;
log_size = 0;
continue;
}
-
+
else if(_r == 2)
{
/* Rule begin */
if(strncmp(RULE_BEGIN, str, RULE_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + RULE_BEGIN_SZ;
rule = atoi(p);
@@ -348,17 +348,17 @@ alert_data *GetAlertData(int flag, FILE *fp)
if(!p)
goto l_error;
-
+
level = atoi(p);
-
+
/* Getting the comment */
p = strchr(p, '\'');
if(!p)
goto l_error;
-
+
p++;
os_strdup(p, comment);
-
+
/* Must have the closing \' */
p = strrchr(comment, '\'');
if(p)
@@ -370,12 +370,12 @@ alert_data *GetAlertData(int flag, FILE *fp)
goto l_error;
}
}
-
+
/* srcip */
else if(strncmp(SRCIP_BEGIN, str, SRCIP_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + SRCIP_BEGIN_SZ;
os_strdup(p, srcip);
}
@@ -392,7 +392,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
else if(strncmp(SRCPORT_BEGIN, str, SRCPORT_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + SRCPORT_BEGIN_SZ;
srcport = atoi(p);
}
@@ -400,7 +400,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
else if(strncmp(DSTIP_BEGIN, str, DSTIP_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + DSTIP_BEGIN_SZ;
os_strdup(p, dstip);
}
@@ -417,7 +417,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
else if(strncmp(DSTPORT_BEGIN, str, DSTPORT_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + DSTPORT_BEGIN_SZ;
dstport = atoi(p);
}
@@ -425,7 +425,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
else if(strncmp(USER_BEGIN, str, USER_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
-
+
p = str + USER_BEGIN_SZ;
os_strdup(p, user);
}
@@ -475,12 +475,12 @@ alert_data *GetAlertData(int flag, FILE *fp)
{
filename[strlen(filename) -1] = '\0';
}
- }
+ }
issyscheck = 0;
}
-
+
os_realloc(log, (log_size +2)*sizeof(char *), log);
- os_strdup(str, log[log_size]);
+ os_strdup(str, log[log_size]);
log_size++;
log[log_size] = NULL;
}
@@ -488,7 +488,7 @@ alert_data *GetAlertData(int flag, FILE *fp)
continue;
l_error:
-
+
/* Freeing the memory */
_r = 0;
if(date)
@@ -561,11 +561,6 @@ alert_data *GetAlertData(int flag, FILE *fp)
free(new_sha1);
new_sha1 = NULL;
}
- if(alertid)
- {
- free(alertid);
- alertid = NULL;
- }
while(log_size > 0)
{
log_size--;
@@ -577,6 +572,12 @@ alert_data *GetAlertData(int flag, FILE *fp)
}
}
+ if(alertid)
+ {
+ free(alertid);
+ alertid = NULL;
+ }
+
/* We need to clean end of file before returning */
clearerr(fp);
return(NULL);
diff --git a/src/shared/regex_op.c b/src/shared/regex_op.c
index c0ddaaf..8bb0322 100755
--- a/src/shared/regex_op.c
+++ b/src/shared/regex_op.c
@@ -24,11 +24,11 @@
int OS_PRegex(char *str, char *regex)
{
regex_t preg;
-
+
if(!str || !regex)
return(0);
-
-
+
+
if(regcomp(&preg, regex, REG_EXTENDED|REG_NOSUB) != 0)
{
merror("%s: Posix Regex compile error (%s).", __local_name, regex);
@@ -44,7 +44,7 @@ int OS_PRegex(char *str, char *regex)
regfree(&preg);
return(1);
-
+
}
#endif
diff --git a/src/shared/report_op.c b/src/shared/report_op.c
index 1c4eea7..0b20d37 100755
--- a/src/shared/report_op.c
+++ b/src/shared/report_op.c
@@ -36,12 +36,12 @@ void l_print_out(const char *msg, ...)
/* Sort function used by OSStore sort.
- * Returns if d1 > d2.
+ * Returns if d1 > d2.
*/
void *_os_report_sort_compare(void *d1, void *d2)
{
OSList *d1l = (OSList *)d1;
- OSList *d2l = (OSList *)d2;
+ OSList *d2l = (OSList *)d2;
if(d1l->currently_size > d2l->currently_size)
{
@@ -72,7 +72,7 @@ void _os_header_print(int t, char *hname)
int _os_report_str_int_compare(char *str, int id)
{
int pt_check = 0;
-
+
do
{
if((*str == ',')||(*str == ' '))
@@ -227,7 +227,7 @@ int _report_filter_value(char *filter_by, int prev_filter)
{
merror("%s: ERROR: Invalid relation '%s'.", __local_name, filter_by);
return(-1);
- }
+ }
}
@@ -238,13 +238,13 @@ int _os_report_print_related(int print_related, OSList *st_data)
OSListNode *list_entry;
alert_data *list_aldata;
alert_data *saved_aldata;
-
-
+
+
list_entry = OSList_GetFirstNode(st_data);
while(list_entry)
{
saved_aldata = (alert_data *)list_entry->data;
-
+
/* Removing duplicates. */
list_entry = list_entry->prev;
while(list_entry)
@@ -382,7 +382,7 @@ void os_report_printtop(void *topstore_pt, char *hname, int print_related)
int dopdout = 0;
OSStore *topstore = (OSStore *)topstore_pt;
OSStoreNode *next_node;
-
+
next_node = OSStore_GetFirstNode(topstore);
while(next_node)
{
@@ -393,11 +393,11 @@ void os_report_printtop(void *topstore_pt, char *hname, int print_related)
/* With location we leave more space to be clearer. */
if(!print_related)
{
- if(strlen(lkey) > 46)
+ if(strlen(lkey) > 76)
{
- lkey[44] = '.';
- lkey[45] = '.';
- lkey[46] = '\0';
+ lkey[74] = '.';
+ lkey[75] = '.';
+ lkey[76] = '\0';
}
if(!dopdout)
@@ -405,7 +405,7 @@ void os_report_printtop(void *topstore_pt, char *hname, int print_related)
_os_header_print(print_related, hname);
dopdout = 1;
}
- l_print_out("%-48s|%-8d|", (char *)next_node->key, st_data->currently_size);
+ l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size);
}
@@ -417,7 +417,7 @@ void os_report_printtop(void *topstore_pt, char *hname, int print_related)
_os_header_print(print_related, hname);
dopdout = 1;
}
- l_print_out("%-48s|%-8d|", (char *)next_node->key, st_data->currently_size);
+ l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size);
if(print_related & REPORT_REL_LOCATION)
_os_report_print_related(REPORT_REL_LOCATION, st_data);
@@ -445,7 +445,7 @@ void os_report_printtop(void *topstore_pt, char *hname, int print_related)
l_print_out(" ");
l_print_out(" ");
}
- return;
+ return;
}
@@ -457,11 +457,11 @@ void os_ReportdStart(report_filter *r_filter)
char *first_alert = NULL;
char *last_alert = NULL;
void **data_to_clean = NULL;
-
-
- time_t tm;
- struct tm *p;
-
+
+
+ time_t tm;
+ struct tm *p;
+
file_queue *fileq;
alert_data *al_data;
@@ -504,7 +504,7 @@ void os_ReportdStart(report_filter *r_filter)
r_filter->top_group = OSStore_Create();
r_filter->top_location = OSStore_Create();
r_filter->top_files = OSStore_Create();
-
+
Init_FileQueue(fileq, p, CRALERT_READ_ALL|CRALERT_FP_SET);
@@ -520,7 +520,7 @@ void os_ReportdStart(report_filter *r_filter)
}
alerts_processed++;
-
+
/* Checking the filters. */
if(!_os_report_check_filters(al_data, r_filter))
@@ -528,8 +528,8 @@ void os_ReportdStart(report_filter *r_filter)
FreeAlertData(al_data);
continue;
}
-
-
+
+
alerts_filtered++;
data_to_clean = os_AddPtArray(al_data, data_to_clean);
@@ -538,13 +538,13 @@ void os_ReportdStart(report_filter *r_filter)
if(!first_alert)
first_alert = al_data->date;
last_alert = al_data->date;
-
-
+
+
/* Adding source ip if it is set properly. */
if(al_data->srcip != NULL && strcmp(al_data->srcip, "(none)") != 0)
_os_report_add_tostore(al_data->srcip, r_filter->top_srcip, al_data);
-
+
/* Adding user if it is set properly. */
if(al_data->user != NULL && strcmp(al_data->user, "(none)") != 0)
_os_report_add_tostore(al_data->user, r_filter->top_user, al_data);
@@ -557,10 +557,10 @@ void os_ReportdStart(report_filter *r_filter)
mrule[76] = '\0';
snprintf(mlevel, 16, "Severity %d" , al_data->level);
snprintf(mrule, 76, "%d - %s" , al_data->rule, al_data->comment);
-
- _os_report_add_tostore(strdup(mlevel), r_filter->top_level,
+
+ _os_report_add_tostore(strdup(mlevel), r_filter->top_level,
al_data);
- _os_report_add_tostore(strdup(mrule), r_filter->top_rule,
+ _os_report_add_tostore(strdup(mrule), r_filter->top_rule,
al_data);
}
@@ -582,8 +582,8 @@ void os_ReportdStart(report_filter *r_filter)
mgroup++;
continue;
}
-
- _os_report_add_tostore(tmp_str, r_filter->top_group,
+
+ _os_report_add_tostore(tmp_str, r_filter->top_group,
al_data);
mgroup++;
}
@@ -595,21 +595,21 @@ void os_ReportdStart(report_filter *r_filter)
tmp_str++;
if(*tmp_str != '\0')
{
- _os_report_add_tostore(tmp_str, r_filter->top_group,
+ _os_report_add_tostore(tmp_str, r_filter->top_group,
al_data);
}
}
}
- /* Adding to the location top filter. */
- _os_report_add_tostore(al_data->location, r_filter->top_location,
+ /* Adding to the location top filter. */
+ _os_report_add_tostore(al_data->location, r_filter->top_location,
al_data);
-
+
if(al_data->filename != NULL)
{
- _os_report_add_tostore(al_data->filename, r_filter->top_files,
+ _os_report_add_tostore(al_data->filename, r_filter->top_files,
al_data);
}
}
@@ -620,15 +620,15 @@ void os_ReportdStart(report_filter *r_filter)
if(!r_filter->report_name)
merror("%s: INFO: Report completed and zero alerts post-filter.", __local_name);
else
- merror("%s: INFO: Report '%s' completed and zero alerts post-filter.", __local_name, r_filter->report_name);
+ merror("%s: INFO: Report '%s' completed and zero alerts post-filter.", __local_name, r_filter->report_name);
return;
}
-
+
if(r_filter->report_name)
verbose("%s: INFO: Report '%s' completed. Creating output...", __local_name, r_filter->report_name);
else
- verbose("%s: INFO: Report completed. Creating output...", __local_name);
+ verbose("%s: INFO: Report completed. Creating output...", __local_name);
l_print_out(" ");
@@ -637,14 +637,14 @@ void os_ReportdStart(report_filter *r_filter)
else
l_print_out("Report completed. ==");
l_print_out("------------------------------------------------");
-
+
l_print_out("->Processed alerts: %d", alerts_processed);
l_print_out("->Post-filtering alerts: %d", alerts_filtered);
l_print_out("->First alert: %s", first_alert);
l_print_out("->Last alert: %s", last_alert);
l_print_out(" ");
l_print_out(" ");
-
+
OSStore_Sort(r_filter->top_srcip, _os_report_sort_compare);
OSStore_Sort(r_filter->top_user, _os_report_sort_compare);
OSStore_Sort(r_filter->top_level, _os_report_sort_compare);
@@ -652,22 +652,22 @@ void os_ReportdStart(report_filter *r_filter)
OSStore_Sort(r_filter->top_location, _os_report_sort_compare);
OSStore_Sort(r_filter->top_rule, _os_report_sort_compare);
OSStore_Sort(r_filter->top_files, _os_report_sort_compare);
-
+
if(r_filter->top_srcip)
os_report_printtop(r_filter->top_srcip, "Source ip", 0);
-
+
if(r_filter->top_user)
os_report_printtop(r_filter->top_user, "Username", 0);
-
+
if(r_filter->top_level)
os_report_printtop(r_filter->top_level, "Level", 0);
-
+
if(r_filter->top_group)
os_report_printtop(r_filter->top_group, "Group", 0);
-
+
if(r_filter->top_location)
os_report_printtop(r_filter->top_location, "Location", 0);
-
+
if(r_filter->top_rule)
os_report_printtop(r_filter->top_rule, "Rule", 0);
@@ -677,34 +677,34 @@ void os_ReportdStart(report_filter *r_filter)
/* Print related events. */
if(r_filter->related_srcip)
- os_report_printtop(r_filter->top_srcip, "Source ip",
+ os_report_printtop(r_filter->top_srcip, "Source ip",
r_filter->related_srcip);
if(r_filter->related_user)
- os_report_printtop(r_filter->top_user, "Username",
+ os_report_printtop(r_filter->top_user, "Username",
r_filter->related_user);
if(r_filter->related_level)
- os_report_printtop(r_filter->top_level, "Level",
+ os_report_printtop(r_filter->top_level, "Level",
r_filter->related_level);
if(r_filter->related_group)
- os_report_printtop(r_filter->top_group, "Group",
+ os_report_printtop(r_filter->top_group, "Group",
r_filter->related_group);
-
+
if(r_filter->related_location)
- os_report_printtop(r_filter->top_location, "Location",
+ os_report_printtop(r_filter->top_location, "Location",
r_filter->related_location);
-
+
if(r_filter->related_rule)
- os_report_printtop(r_filter->top_rule, "Rule",
+ os_report_printtop(r_filter->top_rule, "Rule",
r_filter->related_rule);
if(r_filter->related_file)
- os_report_printtop(r_filter->top_files, "Filename",
+ os_report_printtop(r_filter->top_files, "Filename",
r_filter->related_file);
-
-
+
+
/* If we have to dump the alerts. */
if(data_to_clean)
{
@@ -736,43 +736,43 @@ void os_ReportdStart(report_filter *r_filter)
* report_filter *r_filter)
* Checks the configuration filters.
*/
-int os_report_configfilter(char *filter_by, char *filter_value,
+int os_report_configfilter(char *filter_by, char *filter_value,
report_filter *r_filter, int arg_type)
{
if(!filter_by || !filter_value)
{
return(-1);
}
-
+
if(arg_type == REPORT_FILTER)
{
if(strcmp(filter_by, "group") == 0)
{
- r_filter->group = filter_value;
+ r_filter->group = filter_value;
}
else if(strcmp(filter_by, "rule") == 0)
{
- r_filter->rule = filter_value;
+ r_filter->rule = filter_value;
}
else if(strcmp(filter_by, "level") == 0)
{
- r_filter->level = filter_value;
+ r_filter->level = filter_value;
}
else if(strcmp(filter_by, "location") == 0)
{
- r_filter->location = filter_value;
+ r_filter->location = filter_value;
}
else if(strcmp(filter_by, "user") == 0)
{
- r_filter->user = filter_value;
+ r_filter->user = filter_value;
}
else if(strcmp(filter_by, "srcip") == 0)
{
- r_filter->srcip = filter_value;
+ r_filter->srcip = filter_value;
}
else if(strcmp(filter_by, "filename") == 0)
{
- r_filter->files = filter_value;
+ r_filter->files = filter_value;
}
else
{
@@ -784,7 +784,7 @@ int os_report_configfilter(char *filter_by, char *filter_value,
{
if(strcmp(filter_by, "group") == 0)
{
- r_filter->related_group =
+ r_filter->related_group =
_report_filter_value(filter_value, r_filter->related_group);
if(r_filter->related_group == -1)
@@ -792,7 +792,7 @@ int os_report_configfilter(char *filter_by, char *filter_value,
}
else if(strcmp(filter_by, "rule") == 0)
{
- r_filter->related_rule =
+ r_filter->related_rule =
_report_filter_value(filter_value, r_filter->related_rule);
if(r_filter->related_rule == -1)
@@ -800,7 +800,7 @@ int os_report_configfilter(char *filter_by, char *filter_value,
}
else if(strcmp(filter_by, "level") == 0)
{
- r_filter->related_level =
+ r_filter->related_level =
_report_filter_value(filter_value, r_filter->related_level);
if(r_filter->related_level == -1)
@@ -808,7 +808,7 @@ int os_report_configfilter(char *filter_by, char *filter_value,
}
else if(strcmp(filter_by, "location") == 0)
{
- r_filter->related_location =
+ r_filter->related_location =
_report_filter_value(filter_value, r_filter->related_location);
if(r_filter->related_location == -1)
@@ -816,7 +816,7 @@ int os_report_configfilter(char *filter_by, char *filter_value,
}
else if(strcmp(filter_by, "srcip") == 0)
{
- r_filter->related_srcip =
+ r_filter->related_srcip =
_report_filter_value(filter_value, r_filter->related_srcip);
if(r_filter->related_srcip == -1)
@@ -824,17 +824,17 @@ int os_report_configfilter(char *filter_by, char *filter_value,
}
else if(strcmp(filter_by, "user") == 0)
{
- r_filter->related_user =
+ r_filter->related_user =
_report_filter_value(filter_value, r_filter->related_user);
-
+
if(r_filter->related_user == -1)
return(-1);
}
else if(strcmp(filter_by, "filename") == 0)
{
- r_filter->related_file =
+ r_filter->related_file =
_report_filter_value(filter_value, r_filter->related_file);
-
+
if(r_filter->related_file == -1)
return(-1);
}
diff --git a/src/shared/rules_op.c b/src/shared/rules_op.c
index ed83480..d4a6b5f 100755
--- a/src/shared/rules_op.c
+++ b/src/shared/rules_op.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -25,7 +25,7 @@
/** Prototypes **/
-int _OS_GetRulesAttributes(char **attributes,
+int _OS_GetRulesAttributes(char **attributes,
char **values,
RuleInfo *ruleinfo_pt);
RuleInfo *_OS_AllocateRule();
@@ -36,8 +36,8 @@ RuleInfo *_OS_AllocateRule();
/* Rules_OP_ReadRules, v0.3, 2005/03/21
* Read the log rules.
* v0.3: Fixed many memory problems.
- */
-int OS_ReadXMLRules(char *rulefile,
+ */
+int OS_ReadXMLRules(char *rulefile,
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data)
{
@@ -45,9 +45,9 @@ int OS_ReadXMLRules(char *rulefile,
XML_NODE node = NULL;
- /** XML variables **/
+ /** XML variables **/
/* These are the available options for the rule configuration */
-
+
char *xml_group = "group";
char *xml_rule = "rule";
@@ -62,7 +62,7 @@ int OS_ReadXMLRules(char *rulefile,
char *xml_comment = "description";
char *xml_ignore = "ignore";
char *xml_check_if_ignored = "check_if_ignored";
-
+
char *xml_srcip = "srcip";
char *xml_srcport = "srcport";
char *xml_dstip = "dstip";
@@ -76,16 +76,16 @@ int OS_ReadXMLRules(char *rulefile,
char *xml_status = "status";
char *xml_action = "action";
char *xml_compiled = "compiled_rule";
-
+
char *xml_if_sid = "if_sid";
char *xml_if_group = "if_group";
char *xml_if_level = "if_level";
char *xml_fts = "if_fts";
-
+
char *xml_if_matched_regex = "if_matched_regex";
char *xml_if_matched_group = "if_matched_group";
char *xml_if_matched_sid = "if_matched_sid";
-
+
char *xml_same_source_ip = "same_source_ip";
char *xml_same_src_port = "same_src_port";
char *xml_same_dst_port = "same_dst_port";
@@ -95,16 +95,16 @@ int OS_ReadXMLRules(char *rulefile,
char *xml_dodiff = "check_diff";
char *xml_different_url = "different_url";
-
+
char *xml_notsame_source_ip = "not_same_source_ip";
char *xml_notsame_user = "not_same_user";
char *xml_notsame_agent = "not_same_agent";
char *xml_notsame_id = "not_same_id";
char *xml_options = "options";
-
+
char *rulepath;
-
+
int i;
@@ -126,9 +126,9 @@ int OS_ReadXMLRules(char *rulefile,
debug1("%s is the rulefile", rulefile);
debug1("Not modifing the rule path");
}
-
-
- /* Reading the XML */
+
+
+ /* Reading the XML */
if(OS_ReadXML(rulepath,&xml) < 0)
{
merror(XML_ERROR, __local_name, rulepath, xml.err, xml.err_line);
@@ -139,7 +139,7 @@ int OS_ReadXMLRules(char *rulefile,
/* Debug wrapper */
debug1("%s: DEBUG: read xml for rule '%s'.", __local_name, rulepath);
-
+
/* Applying any variable found */
if(OS_ApplyVariables(&xml) != 0)
@@ -151,7 +151,7 @@ int OS_ReadXMLRules(char *rulefile,
/* Debug wrapper */
debug1("%s: DEBUG: XML Variables applied.", __local_name);
-
+
/* Getting the root elements */
node = OS_GetElementsbyNode(&xml, NULL);
@@ -159,13 +159,13 @@ int OS_ReadXMLRules(char *rulefile,
{
merror(CONFIG_ERROR, __local_name, rulepath);
OS_ClearXML(&xml);
- return(-1);
+ return(-1);
}
/* Zeroing the rule memory -- not used anymore */
free(rulepath);
-
+
/* Checking if there is any invalid global option */
i = 0;
@@ -201,7 +201,7 @@ int OS_ReadXMLRules(char *rulefile,
}
- /* Getting the rules now */
+ /* Getting the rules now */
i = 0;
while(node[i])
{
@@ -209,7 +209,7 @@ int OS_ReadXMLRules(char *rulefile,
XML_NODE rule = NULL;
- /* Getting all rules for a global group */
+ /* Getting all rules for a global group */
rule = OS_GetElementsbyNode(&xml,node[i]);
if(rule == NULL)
{
@@ -222,15 +222,15 @@ int OS_ReadXMLRules(char *rulefile,
{
/* Rules options */
int k = 0;
- char *regex = NULL, *match = NULL, *url = NULL,
+ char *regex = NULL, *match = NULL, *url = NULL,
*if_matched_regex = NULL, *if_matched_group = NULL,
*user = NULL, *id = NULL, *srcport = NULL,
*dstport = NULL, *status = NULL, *hostname = NULL,
*extra_data = NULL, *program_name = NULL;
-
+
RuleInfo *config_ruleinfo = NULL;
XML_NODE rule_opt = NULL;
-
+
/* Checking if the rule element is correct */
if((!rule[j]->element)||
@@ -245,12 +245,12 @@ int OS_ReadXMLRules(char *rulefile,
/* Checking for the attributes of the rule */
if((!rule[j]->attributes) || (!rule[j]->values))
{
- merror(RL_INV_RULE, __local_name, rulefile);
+ merror(RL_INV_RULE, __local_name, rulefile);
OS_ClearXML(&xml);
return(-1);
}
-
+
/* Attribute block */
config_ruleinfo = _OS_AllocateRule();
@@ -276,19 +276,19 @@ int OS_ReadXMLRules(char *rulefile,
* be fine
*/
os_strdup(node[i]->values[0], config_ruleinfo->group);
-
- /* Getting rules options */
+
+ /* Getting rules options */
rule_opt = OS_GetElementsbyNode(&xml, rule[j]);
if(rule_opt == NULL)
{
merror(RL_NO_OPT, __local_name, config_ruleinfo->sigid);
OS_ClearXML(&xml);
- return(-1);
+ return(-1);
}
-
- /* Reading the whole rule block */
+
+ /* Reading the whole rule block */
while(rule_opt[k])
{
if((!rule_opt[k]->element)||(!rule_opt[k]->content))
@@ -318,7 +318,7 @@ int OS_ReadXMLRules(char *rulefile,
}
else if(strcasecmp(rule_opt[k]->element,xml_day_time) == 0)
{
- config_ruleinfo->day_time =
+ config_ruleinfo->day_time =
OS_IsValidTime(rule_opt[k]->content);
if(!config_ruleinfo->day_time)
{
@@ -333,7 +333,7 @@ int OS_ReadXMLRules(char *rulefile,
}
else if(strcasecmp(rule_opt[k]->element,xml_week_day) == 0)
{
- config_ruleinfo->week_day =
+ config_ruleinfo->week_day =
OS_IsValidDay(rule_opt[k]->content);
if(!config_ruleinfo->week_day)
@@ -376,25 +376,25 @@ int OS_ReadXMLRules(char *rulefile,
int ip_s = 0;
/* Getting size of source ip list */
- while(config_ruleinfo->srcip &&
+ while(config_ruleinfo->srcip &&
config_ruleinfo->srcip[ip_s])
{
ip_s++;
}
- config_ruleinfo->srcip =
+ config_ruleinfo->srcip =
realloc(config_ruleinfo->srcip,
(ip_s + 2) * sizeof(os_ip *));
/* Allocating memory for the individual entries */
- os_calloc(1, sizeof(os_ip),
+ os_calloc(1, sizeof(os_ip),
config_ruleinfo->srcip[ip_s]);
config_ruleinfo->srcip[ip_s +1] = NULL;
/* Checking if the ip is valid */
- if(!OS_IsValidIP(rule_opt[k]->content,
+ if(!OS_IsValidIP(rule_opt[k]->content,
config_ruleinfo->srcip[ip_s]))
{
merror(INVALID_IP, __local_name, rule_opt[k]->content);
@@ -451,7 +451,7 @@ int OS_ReadXMLRules(char *rulefile,
else if(strcasecmp(rule_opt[k]->element,xml_srcport) == 0)
{
srcport = os_LoadString(srcport, rule_opt[k]->content);
-
+
if(!(config_ruleinfo->alert_opts & DO_PACKETINFO))
config_ruleinfo->alert_opts |= DO_PACKETINFO;
}
@@ -491,7 +491,7 @@ int OS_ReadXMLRules(char *rulefile,
}
else if(strcasecmp(rule_opt[k]->element,xml_action) == 0)
{
- config_ruleinfo->action =
+ config_ruleinfo->action =
os_LoadString(config_ruleinfo->action,
rule_opt[k]->content);
}
@@ -552,9 +552,9 @@ int OS_ReadXMLRules(char *rulefile,
{
if(!OS_StrIsNum(rule_opt[k]->content))
{
- merror(INVALID_CONFIG, __local_name,
+ merror(INVALID_CONFIG, __local_name,
xml_if_level,
- rule_opt[k]->content);
+ rule_opt[k]->content);
return(-1);
}
@@ -595,7 +595,7 @@ int OS_ReadXMLRules(char *rulefile,
rule_opt[k]->content);
return(-1);
}
- config_ruleinfo->if_matched_sid =
+ config_ruleinfo->if_matched_sid =
atoi(rule_opt[k]->content);
}
@@ -684,7 +684,7 @@ int OS_ReadXMLRules(char *rulefile,
else if(strcasecmp(rule_opt[k]->element,
xml_options) == 0)
{
- if(strcmp("alert_by_email",
+ if(strcmp("alert_by_email",
rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_MAILALERT))
@@ -700,7 +700,7 @@ int OS_ReadXMLRules(char *rulefile,
config_ruleinfo->alert_opts&=0xfff-DO_MAILALERT;
}
}
- else if(strcmp("log_alert",
+ else if(strcmp("log_alert",
rule_opt[k]->content) == 0)
{
if(!(config_ruleinfo->alert_opts & DO_LOGALERT))
@@ -723,7 +723,7 @@ int OS_ReadXMLRules(char *rulefile,
}
}
else
- {
+ {
merror(XML_VALUEERR, __local_name, xml_options,
rule_opt[k]->content);
@@ -732,7 +732,7 @@ int OS_ReadXMLRules(char *rulefile,
rule_opt[k]->content);
OS_ClearXML(&xml);
return(-1);
- }
+ }
}
else if(strcasecmp(rule_opt[k]->element,
xml_ignore) == 0)
@@ -816,13 +816,13 @@ int OS_ReadXMLRules(char *rulefile,
return(-1);
}
}
- /* XXX As new features are added into ../analysisd/rules.c
- * This code needs to be updated to match, but is out of date
- * it's become a nightmare to correct with out just make the
- * problem for someone later.
+ /* XXX As new features are added into ../analysisd/rules.c
+ * This code needs to be updated to match, but is out of date
+ * it's become a nightmare to correct with out just make the
+ * problem for someone later.
*
- * This hack will allow any crap xml to pass without an
- * error. The correct fix is to refactor the code so that
+ * This hack will allow any crap xml to pass without an
+ * error. The correct fix is to refactor the code so that
* ../analysisd/rules* and this code are not duplicates
*
else
@@ -858,7 +858,7 @@ int OS_ReadXMLRules(char *rulefile,
os_strdup(if_matched_group, config_ruleinfo->if_group);
}
}
-
+
/* If_matched_sid, we need to get the if_sid */
if(config_ruleinfo->if_matched_sid &&
@@ -1075,14 +1075,14 @@ int OS_ReadXMLRules(char *rulefile,
/* Calling the function provided. */
ruleact_function(config_ruleinfo, data);
-
+
j++; /* next rule */
} /* while(rule[j]) */
OS_ClearNode(rule);
i++;
-
+
} /* while (node[i]) */
/* Cleaning global node */
@@ -1102,15 +1102,15 @@ int OS_ReadXMLRules(char *rulefile,
RuleInfo *_OS_AllocateRule()
{
RuleInfo *ruleinfo_pt = NULL;
-
-
+
+
/* Allocation memory for structure */
ruleinfo_pt = (RuleInfo *)calloc(1,sizeof(RuleInfo));
if(ruleinfo_pt == NULL)
{
ErrorExit(MEM_ERROR,__local_name);
}
-
+
/* Default values */
ruleinfo_pt->level = -1;
@@ -1118,10 +1118,10 @@ RuleInfo *_OS_AllocateRule()
/* Default category is syslog */
ruleinfo_pt->category = SYSLOG;
- ruleinfo_pt->ar = NULL;
-
+ ruleinfo_pt->ar = NULL;
+
ruleinfo_pt->context = 0;
-
+
/* Default sigid of -1 */
ruleinfo_pt->sigid = -1;
ruleinfo_pt->firedtimes = 0;
@@ -1130,11 +1130,11 @@ RuleInfo *_OS_AllocateRule()
ruleinfo_pt->ignore_time = 0;
ruleinfo_pt->timeframe = 0;
ruleinfo_pt->time_ignored = 0;
-
- ruleinfo_pt->context_opts = 0;
- ruleinfo_pt->alert_opts = 0;
- ruleinfo_pt->ignore = 0;
- ruleinfo_pt->ckignore = 0;
+
+ ruleinfo_pt->context_opts = 0;
+ ruleinfo_pt->alert_opts = 0;
+ ruleinfo_pt->ignore = 0;
+ ruleinfo_pt->ckignore = 0;
ruleinfo_pt->day_time = NULL;
ruleinfo_pt->week_day = NULL;
@@ -1147,16 +1147,16 @@ RuleInfo *_OS_AllocateRule()
ruleinfo_pt->comment = NULL;
ruleinfo_pt->info = NULL;
ruleinfo_pt->cve = NULL;
-
+
ruleinfo_pt->if_sid = NULL;
ruleinfo_pt->if_group = NULL;
ruleinfo_pt->if_level = NULL;
-
+
ruleinfo_pt->if_matched_regex = NULL;
ruleinfo_pt->if_matched_group = NULL;
ruleinfo_pt->if_matched_sid = 0;
-
- ruleinfo_pt->user = NULL;
+
+ ruleinfo_pt->user = NULL;
ruleinfo_pt->srcip = NULL;
ruleinfo_pt->srcport = NULL;
ruleinfo_pt->dstip = NULL;
@@ -1167,7 +1167,7 @@ RuleInfo *_OS_AllocateRule()
ruleinfo_pt->hostname = NULL;
ruleinfo_pt->program_name = NULL;
ruleinfo_pt->action = NULL;
-
+
/* Zeroing last matched events */
ruleinfo_pt->__frequency = 0;
ruleinfo_pt->last_events = NULL;
@@ -1175,10 +1175,10 @@ RuleInfo *_OS_AllocateRule()
/* zeroing the list of previous matches */
ruleinfo_pt->sid_prev_matched = NULL;
ruleinfo_pt->group_prev_matched = NULL;
-
+
ruleinfo_pt->sid_search = NULL;
ruleinfo_pt->group_search = NULL;
-
+
ruleinfo_pt->event_search = NULL;
return(ruleinfo_pt);
@@ -1193,7 +1193,7 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
RuleInfo *ruleinfo_pt)
{
int k = 0;
-
+
char *xml_id = "id";
char *xml_level = "level";
char *xml_maxsize = "maxsize";
@@ -1203,8 +1203,8 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
char *xml_noalert = "noalert";
char *xml_ignore_time = "ignore";
char *xml_overwrite = "overwrite";
-
-
+
+
/* Getting attributes */
while(attributes[k])
{
@@ -1218,7 +1218,7 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
{
if(OS_StrIsNum(values[k]) && (strlen(values[k]) <= 6 ))
{
- ruleinfo_pt->sigid = atoi(values[k]);
+ ruleinfo_pt->sigid = atoi(values[k]);
}
else
{
@@ -1247,7 +1247,7 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
ruleinfo_pt->maxsize = atoi(values[k]);
/* adding EXTRAINFO options */
- if(ruleinfo_pt->maxsize > 0 &&
+ if(ruleinfo_pt->maxsize > 0 &&
!(ruleinfo_pt->alert_opts & DO_EXTRAINFO))
{
ruleinfo_pt->alert_opts |= DO_EXTRAINFO;
@@ -1288,7 +1288,7 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
/* Rule accuracy */
else if(strcasecmp(attributes[k],xml_accuracy) == 0)
{
- merror("%s: XXX: Use of 'accuracy' isn't supported. Ignoring.",
+ merror("%s: XXX: Use of 'accuracy' isn't supported. Ignoring.",
__local_name);
}
/* Rule ignore_time */
@@ -1301,7 +1301,7 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
else
{
merror(XML_VALUEERR,__local_name, attributes[k], values[k]);
- return(-1);
+ return(-1);
}
}
/* Rule noalert */
@@ -1339,9 +1339,9 @@ int _OS_GetRulesAttributes(char **attributes, char **values,
/* print rule */
void OS_PrintRuleinfo(RuleInfo *rule)
{
- debug1("%s: __local_name: Print Rule:%d, level %d, ignore: %d, frequency:%d",
+ debug1("%s: __local_name: Print Rule:%d, level %d, ignore: %d, frequency:%d",
__local_name,
- rule->sigid,
+ rule->sigid,
rule->level,
rule->ignore_time,
rule->frequency);
diff --git a/src/shared/sig_op.c b/src/shared/sig_op.c
index 424a8cc..f31a654 100755
--- a/src/shared/sig_op.c
+++ b/src/shared/sig_op.c
@@ -31,9 +31,9 @@ char *pidfile = NULL;
void HandleSIG()
{
merror(SIGNAL_RECV, pidfile);
-
+
DeletePID(pidfile);
-
+
exit(1);
}
@@ -50,7 +50,7 @@ void StartSIG(char *process_name)
go to HandleSIG() */
pidfile = process_name;
- signal(SIGHUP, SIG_IGN);
+ signal(SIGHUP, SIG_IGN);
signal(SIGINT, HandleSIG);
signal(SIGQUIT, HandleSIG);
signal(SIGTERM, HandleSIG);
diff --git a/src/shared/store_op.c b/src/shared/store_op.c
index 92d7894..c3feacc 100644
--- a/src/shared/store_op.c
+++ b/src/shared/store_op.c
@@ -12,13 +12,13 @@
/* Common API for dealing with ordered lists.
* Provides a fast search on average (n/2).
- */
+ */
#include "shared.h"
-/* Create the list storage
+/* Create the list storage
* Return NULL on error
*/
OSStore *OSStore_Create()
@@ -28,20 +28,20 @@ OSStore *OSStore_Create()
my_list = calloc(1, sizeof(OSStore));
if(!my_list)
return(NULL);
-
+
my_list->first_node = NULL;
my_list->last_node = NULL;
my_list->cur_node = NULL;
my_list->currently_size = 0;
my_list->max_size = 0;
my_list->free_data_function = NULL;
-
+
return(my_list);
}
-/* Deletes the list storage
+/* Deletes the list storage
* Return NULL on error
*/
OSStore *OSStore_Free(OSStore *list)
@@ -73,7 +73,7 @@ OSStore *OSStore_Free(OSStore *list)
free(list);
list = NULL;
-
+
return(list);
}
@@ -89,7 +89,7 @@ int OSStore_SetMaxSize(OSStore *list, int max_size)
{
return(0);
}
-
+
/* Minimum size is 1 */
if(max_size <= 1)
{
@@ -112,7 +112,7 @@ int OSStore_SetFreeDataPointer(OSStore *list, void *free_data_function)
{
return(0);
}
-
+
list->free_data_function = free_data_function;
return(1);
}
@@ -144,34 +144,34 @@ int OSStore_Sort(OSStore *list, void*(sort_data_function)(void *d1, void *d2))
/* In here, this node should stay where it is. */
else if(movenode == list->cur_node->prev)
{
- break;
+ break;
}
/* In here we need to replace the nodes. */
else
{
newnode = list->cur_node;
-
+
if(list->cur_node->prev)
list->cur_node->prev->next = list->cur_node->next;
-
+
if(list->cur_node->next)
list->cur_node->next->prev = list->cur_node->prev;
else
- list->last_node = list->cur_node->prev;
-
- list->cur_node = list->cur_node->prev;
+ list->last_node = list->cur_node->prev;
+
+ list->cur_node = list->cur_node->prev;
+
-
newnode->next = movenode->next;
newnode->prev = movenode;
if(movenode->next)
movenode->next->prev = newnode;
-
+
movenode->next = newnode;
-
+
break;
}
}
@@ -184,21 +184,21 @@ int OSStore_Sort(OSStore *list, void*(sort_data_function)(void *d1, void *d2))
if(list->cur_node->prev)
list->cur_node->prev->next = list->cur_node->next;
-
+
if(list->cur_node->next)
list->cur_node->next->prev = list->cur_node->prev;
- else
- list->last_node = list->cur_node->prev;
-
+ else
+ list->last_node = list->cur_node->prev;
+
list->cur_node = list->cur_node->prev;
-
+
newnode->prev = NULL;
newnode->next = list->first_node;
list->first_node->prev = newnode;
-
- list->first_node = newnode;
+
+ list->first_node = newnode;
}
-
+
list->cur_node = list->cur_node->next;
}
@@ -254,7 +254,7 @@ void *OSStore_Get(OSStore *list, char *key)
{
int chk_rc;
list->cur_node = list->first_node;
-
+
while(list->cur_node)
{
if((chk_rc = strcmp(list->cur_node->key, key)) >= 0)
@@ -263,7 +263,7 @@ void *OSStore_Get(OSStore *list, char *key)
if(chk_rc == 0)
return(list->cur_node->data);
- /* Not found */
+ /* Not found */
return(NULL);
}
@@ -281,7 +281,7 @@ int OSStore_Check(OSStore *list, char *key)
{
int chk_rc;
list->cur_node = list->first_node;
-
+
while(list->cur_node)
{
if((chk_rc = strcmp(list->cur_node->key, key)) >= 0)
@@ -290,7 +290,7 @@ int OSStore_Check(OSStore *list, char *key)
if(chk_rc == 0)
return(1);
- /* Not found */
+ /* Not found */
return(0);
}
@@ -311,7 +311,7 @@ int OSStore_NCheck(OSStore *list, char *key)
while(list->cur_node)
{
- if((chk_rc = strncmp(list->cur_node->key, key,
+ if((chk_rc = strncmp(list->cur_node->key, key,
list->cur_node->key_size)) >= 0)
{
/* Found */
@@ -368,7 +368,7 @@ void OSStore_Delete(OSStore *list, char *key)
int OSStore_Put(OSStore *list, char *key, void *data)
{
int chk_rc;
- OSStoreNode *newnode;
+ OSStoreNode *newnode;
/* Allocating memory for new node */
@@ -392,9 +392,9 @@ int OSStore_Put(OSStore *list, char *key, void *data)
list->first_node = newnode;
list->last_node = newnode;
}
-
-
- /* Store the data in order */
+
+
+ /* Store the data in order */
else
{
list->cur_node = list->first_node;
@@ -407,18 +407,18 @@ int OSStore_Put(OSStore *list, char *key, void *data)
{
return(1);
}
-
+
/* If there is no prev node, it is because
- * this is the first node.
+ * this is the first node.
*/
if(list->cur_node->prev)
list->cur_node->prev->next = newnode;
else
list->first_node = newnode;
-
-
+
+
newnode->prev = list->cur_node->prev;
-
+
list->cur_node->prev = newnode;
newnode->next = list->cur_node;
break;
@@ -435,11 +435,11 @@ int OSStore_Put(OSStore *list, char *key, void *data)
list->last_node = newnode;
}
}
-
+
/* Increment list size */
list->currently_size++;
-
+
return(1);
}
diff --git a/src/shared/string_op.c b/src/shared/string_op.c
index 274da39..f458793 100755
--- a/src/shared/string_op.c
+++ b/src/shared/string_op.c
@@ -35,17 +35,34 @@ void os_trimcrlf(char *str)
}
/* Remove offending char (e.g., double quotes) from source */
-char *os_strip_char(const char *source, char remove) {
- char *clean = malloc( strlen(source) + 1 );
+char *os_strip_char(char *source, char remove) {
+ char *clean;
+ char *iterator = source;
+ int length = 0;
int i;
- for( i=0; *source; source++ ) {
- if ( *source != remove ) {
- clean[i] = *source;
+ // Figure out how much memory to allocate
+ for( ; *iterator; iterator++ ) {
+ if ( *iterator != remove ) {
+ length++;
+ }
+ }
+
+ // Allocate the memory
+ if( (clean = malloc( length + 1 )) == NULL ) {
+ // Return NULL
+ return NULL;
+ }
+ memset(clean, '\0', length + 1);
+
+ // Remove the characters
+ iterator=source;
+ for( i=0; *iterator; iterator++ ) {
+ if ( *iterator != remove ) {
+ clean[i] = *iterator;
i++;
}
}
- clean[i] = 0;
return clean;
}
@@ -54,10 +71,14 @@ char *os_strip_char(const char *source, char remove) {
int os_substr(char *dest, const char *src, int position, int length) {
dest[0]='\0';
+ if( length <= 0 ) {
+ // Unsupported negative length string
+ return -3;
+ }
if( src == NULL ) {
return -2;
}
- if( position > strlen(src) ) {
+ if( position >= strlen(src) ) {
return -1;
}
diff --git a/src/shared/tests/._Makefile b/src/shared/tests/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/tests/._Makefile and /dev/null differ
diff --git a/src/shared/tests/._hash_test.c b/src/shared/tests/._hash_test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/tests/._hash_test.c and /dev/null differ
diff --git a/src/shared/tests/._ip_test.c b/src/shared/tests/._ip_test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/tests/._ip_test.c and /dev/null differ
diff --git a/src/shared/tests/._merge_test.c b/src/shared/tests/._merge_test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/tests/._merge_test.c and /dev/null differ
diff --git a/src/shared/tests/._prime_test.c b/src/shared/tests/._prime_test.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/shared/tests/._prime_test.c and /dev/null differ
diff --git a/src/shared/tests/hash_test.c b/src/shared/tests/hash_test.c
index d1464cf..367d028 100755
--- a/src/shared/tests/hash_test.c
+++ b/src/shared/tests/hash_test.c
@@ -9,7 +9,7 @@ int main(int argc, char **argv)
char *tmp;
char buf[1024];
OSHash *mhash;
-
+
mhash = OSHash_Create();
while(1)
@@ -22,13 +22,13 @@ int main(int argc, char **argv)
if(strncmp(buf, "get ", 4) == 0)
{
printf("Getting key: '%s'\n", buf + 4);
- printf("Found: '%s'\n", (char *)OSHash_Get(mhash, buf + 4));
+ printf("Found: '%s'\n", (char *)OSHash_Get(mhash, buf + 4));
}
else
{
printf("Adding key: '%s'\n", buf);
i = OSHash_Add(mhash, strdup(buf), strdup(buf));
-
+
printf("rc = %d\n", i);
}
}
diff --git a/src/shared/tests/ip_test.c b/src/shared/tests/ip_test.c
index 149f1b9..685905a 100755
--- a/src/shared/tests/ip_test.c
+++ b/src/shared/tests/ip_test.c
@@ -14,7 +14,7 @@ int main(int argc, char **argv)
{
printf("Invalid ip\n");
}
-
+
if(OS_IPFound(argv[2], &myip))
{
printf("IP MATCHED!\n");
diff --git a/src/shared/validate_op.c b/src/shared/validate_op.c
index 2e60434..25132ee 100755
--- a/src/shared/validate_op.c
+++ b/src/shared/validate_op.c
@@ -17,8 +17,8 @@
#include "shared.h"
-char *ip_address_regex =
- "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/?"
+char *ip_address_regex =
+ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/?"
"([0-9]{0,2}|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$";
/* Global vars */
@@ -38,7 +38,7 @@ static char *_read_file(char *high_name, char *low_name, char *defines_file)
char *buf_pt;
char *tmp_buffer;
char *ret;
-
+
#ifndef WIN32
if(isChroot())
{
@@ -52,7 +52,7 @@ static char *_read_file(char *high_name, char *low_name, char *defines_file)
snprintf(def_file,OS_FLSIZE,"%s", defines_file);
#endif
-
+
fp = fopen(def_file, "r");
if(!fp)
{
@@ -97,7 +97,7 @@ static char *_read_file(char *high_name, char *low_name, char *defines_file)
}
tmp_buffer = buf_pt;
-
+
/* Getting the equal */
buf_pt = strchr(buf_pt, '=');
if(!buf_pt)
@@ -125,12 +125,12 @@ static char *_read_file(char *high_name, char *low_name, char *defines_file)
{
*tmp_buffer = '\0';
}
-
+
os_strdup(buf_pt, ret);
fclose(fp);
return(ret);
}
-
+
fclose(fp);
return(NULL);
}
@@ -214,7 +214,7 @@ int getDefine_Int(char *high_name, char *low_name, int min, int max)
char *value;
char *pt;
-
+
/* We first try to read from the local define file. */
value = _read_file(high_name, low_name, OSSEC_LDEFINES);
if(!value)
@@ -261,13 +261,13 @@ int OS_IPFound(char *ip_address, os_ip *that_ip)
{
return(!_true);
}
-
+
/* If negate is set */
if(that_ip->ip[0] == '!')
{
_true = 0;
}
-
+
/* Checking if ip is in thatip & netmask */
if((net.s_addr & that_ip->netmask) == that_ip->ip_address)
{
@@ -278,7 +278,7 @@ int OS_IPFound(char *ip_address, os_ip *that_ip)
return(!_true);
}
-
+
/** int OS_IPFoundList(char *ip_address, os_ip **list_of_ips)
* Checks if ip_address is present on the "list_of_ips".
* Returns 1 on success or 0 on failure.
@@ -294,16 +294,16 @@ int OS_IPFoundList(char *ip_address, os_ip **list_of_ips)
{
return(!_true);
}
-
+
while(*list_of_ips)
{
os_ip *l_ip = *list_of_ips;
-
+
if(l_ip->ip[0] == '!')
{
_true = 0;
}
-
+
if((net.s_addr & l_ip->netmask) == l_ip->ip_address)
{
return(_true);
@@ -312,9 +312,9 @@ int OS_IPFoundList(char *ip_address, os_ip **list_of_ips)
}
return(!_true);
-}
+}
+
-
/** int OS_IsValidIP(char *ip)
* Validates if an ip address is in the right
* format.
@@ -337,13 +337,13 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
{
os_strdup(ip_address, final_ip->ip);
}
-
+
if(*ip_address == '!')
{
ip_address++;
}
-
- #ifndef WIN32
+
+ #ifndef WIN32
/* checking against the basic regex */
if(!OS_PRegex(ip_address, ip_address_regex))
{
@@ -361,8 +361,8 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
tmp_ip = ip_address;
while(*tmp_ip != '\0')
{
- if((*tmp_ip < '0' ||
- *tmp_ip > '9') &&
+ if((*tmp_ip < '0' ||
+ *tmp_ip > '9') &&
*tmp_ip != '.' &&
*tmp_ip != '/')
{
@@ -380,13 +380,13 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
- /* Getting the cidr/netmask if available */
+ /* Getting the cidr/netmask if available */
tmp_str = strchr(ip_address,'/');
if(tmp_str)
{
int cidr;
struct in_addr net;
-
+
*tmp_str = '\0';
tmp_str++;
@@ -425,7 +425,7 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
}
}
}
-
+
if((net.s_addr = inet_addr(ip_address)) <= 0)
{
if(strcmp("0.0.0.0", ip_address) == 0)
@@ -455,7 +455,7 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
{
struct in_addr net;
nmask = 32;
-
+
if(strcmp("any", ip_address) == 0)
{
net.s_addr = 0;
@@ -465,14 +465,14 @@ int OS_IsValidIP(char *ip_address, os_ip *final_ip)
{
return(0);
}
-
+
if(final_ip)
{
final_ip->ip_address = net.s_addr;
if(!_mask_inited)
_init_masks();
-
+
final_ip->netmask = htonl(_netmasks[nmask]);
}
@@ -506,11 +506,11 @@ int OS_IsonTime(char *time_str, char *ossec_time)
/* Comparing against min/max value */
if((strncmp(time_str, ossec_time, 5) >= 0)&&
- (strncmp(time_str, ossec_time+5,5) <= 0))
+ (strncmp(time_str, ossec_time+5,5) <= 0))
{
return(_true);
}
-
+
return(!_true);
}
@@ -534,13 +534,13 @@ char *__gethour(char *str, char *ossec_hour)
int _size = 0;
int chour = 0;
int cmin = 0;
-
+
/* Invalid time format */
if(!isdigit((int)*str))
{
merror(INVALID_TIME, __local_name, str);
}
-
+
/* Hour */
chour = atoi(str);
@@ -553,7 +553,7 @@ char *__gethour(char *str, char *ossec_hour)
return(NULL);
}
-
+
/* Going after the hour */
while(isdigit((int)*str))
{
@@ -567,8 +567,8 @@ char *__gethour(char *str, char *ossec_hour)
merror(INVALID_TIME, __local_name, str);
return(NULL);
}
-
-
+
+
/* Getting minute */
if(*str == ':')
{
@@ -586,7 +586,7 @@ char *__gethour(char *str, char *ossec_hour)
/* Removing spaces */
RM_WHITE(str);
-
+
if((*str == 'a') || (*str == 'A'))
{
str++;
@@ -603,19 +603,19 @@ char *__gethour(char *str, char *ossec_hour)
if((*str == 'm') || (*str == 'M'))
{
chour += 12;
-
+
/* New hour must be valid */
if(chour < 0 || chour >= 24)
{
merror(INVALID_TIME, __local_name, str);
return(NULL);
}
-
+
snprintf(ossec_hour, 6, "%02d:%02d", chour, cmin);
str++;
return(str);
}
-
+
}
else
{
@@ -635,17 +635,17 @@ char *OS_IsValidTime(char *time_str)
char first_hour[7];
char second_hour[7];
int ng = 0;
-
+
/* Must be not null */
if(!time_str)
return(NULL);
-
-
+
+
/* Clearing memory */
memset(first_hour, '\0', 7);
memset(second_hour, '\0', 7);
-
-
+
+
/* Removing white spaces */
RM_WHITE(time_str);
@@ -660,7 +660,7 @@ char *OS_IsValidTime(char *time_str)
RM_WHITE(time_str);
}
-
+
/* Getting first hour */
time_str = __gethour(time_str, first_hour);
if(!time_str)
@@ -668,7 +668,7 @@ char *OS_IsValidTime(char *time_str)
/* Removing white spaces */
RM_WHITE(time_str);
-
+
if(*time_str != '-')
{
return(NULL);
@@ -683,7 +683,7 @@ char *OS_IsValidTime(char *time_str)
time_str = __gethour(time_str, second_hour);
if(!time_str)
return(NULL);
-
+
RM_WHITE(time_str);
if(*time_str != '\0')
{
@@ -691,14 +691,14 @@ char *OS_IsValidTime(char *time_str)
}
os_calloc(13, sizeof(char), ret);
-
+
/* Fixing dump hours */
if(strcmp(first_hour,second_hour) > 0)
{
snprintf(ret, 12, "!%s%s", second_hour, first_hour);
return(ret);
}
-
+
/* For the normal times */
snprintf(ret, 12, "%c%s%s", ng == 0?'.':'!', first_hour, second_hour);
return(ret);
@@ -715,8 +715,8 @@ int OS_IsAfterTime(char *time_str, char *ossec_time)
/* Unique times can't have a !. */
if(*ossec_time == '!')
return(0);
-
-
+
+
ossec_time++;
/* Comparing against min/max value */
@@ -760,7 +760,7 @@ int OS_IsonDay(int week_day, char *ossec_day)
/* Negative */
if(ossec_day[7] == '!')
_true = 0;
-
+
if(week_day < 0 || week_day > 7)
{
return(0);
@@ -769,8 +769,8 @@ int OS_IsonDay(int week_day, char *ossec_day)
/* It is on the right day */
if(ossec_day[week_day] == 1)
return(_true);
-
- return(!_true);
+
+ return(!_true);
}
@@ -793,7 +793,7 @@ char *OS_IsValidDay(char *day_str)
int i = 0, ng = 0;
char *ret;
char day_ret[9] = {0,0,0,0,0,0,0,0,0};
- char *(days[]) =
+ char *(days[]) =
{
"sunday", "sun", "monday", "mon", "tuesday", "tue",
"wednesday", "wed", "thursday", "thu", "friday",
@@ -804,10 +804,10 @@ char *OS_IsValidDay(char *day_str)
/* Must be a valid string */
if(!day_str)
return(NULL);
-
-
+
+
RM_WHITE(day_str);
-
+
/* checking for negatives */
if(*day_str == '!')
{
@@ -851,7 +851,7 @@ char *OS_IsValidDay(char *day_str)
merror(INVALID_DAY, __local_name, day_str);
return(NULL);
}
-
+
day_str += strlen(days[i]);
if(IS_SEP(day_str))
@@ -892,7 +892,7 @@ char *OS_IsValidDay(char *day_str)
merror(INVALID_DAY, __local_name, day_str);
return(NULL);
}
-
+
return(ret);
}
diff --git a/src/shared/wait_op.c b/src/shared/wait_op.c
index bc5c0c2..53bc664 100755
--- a/src/shared/wait_op.c
+++ b/src/shared/wait_op.c
@@ -24,7 +24,7 @@ void os_setwait()
/* For same threads. */
__wait_lock = 1;
-
+
if(isChroot())
{
fp = fopen(WAIT_FILE, "w");
@@ -48,7 +48,7 @@ void os_setwait()
void os_delwait()
{
__wait_lock = 0;
-
+
if(isChroot())
{
unlink(WAIT_FILE);
@@ -66,7 +66,7 @@ void os_delwait()
* Works as a simple inter process lock (only the main
* process is allowed to lock).
*/
-#ifdef WIN32
+#ifdef WIN32
void os_wait()
{
if(!__wait_lock)
@@ -95,7 +95,7 @@ void os_wait()
void os_wait()
{
struct stat file_status;
-
+
/* If the wait file is not present, keep going.
*/
@@ -109,7 +109,7 @@ void os_wait()
if(stat(WAIT_FILE_PATH, &file_status) == -1)
return;
}
-
+
/* Wait until the lock is gone. */
verbose(WAITING_MSG, __local_name);
diff --git a/src/syscheckd/._Makefile b/src/syscheckd/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._Makefile and /dev/null differ
diff --git a/src/syscheckd/._config.c b/src/syscheckd/._config.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._config.c and /dev/null differ
diff --git a/src/syscheckd/._create_db.c b/src/syscheckd/._create_db.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._create_db.c and /dev/null differ
diff --git a/src/syscheckd/._run_check.c b/src/syscheckd/._run_check.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._run_check.c and /dev/null differ
diff --git a/src/syscheckd/._run_realtime.c b/src/syscheckd/._run_realtime.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._run_realtime.c and /dev/null differ
diff --git a/src/syscheckd/._seechanges.c b/src/syscheckd/._seechanges.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._seechanges.c and /dev/null differ
diff --git a/src/syscheckd/._syscheck-baseline.c b/src/syscheckd/._syscheck-baseline.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._syscheck-baseline.c and /dev/null differ
diff --git a/src/syscheckd/._syscheck.c b/src/syscheckd/._syscheck.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._syscheck.c and /dev/null differ
diff --git a/src/syscheckd/._syscheck.h b/src/syscheckd/._syscheck.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/syscheckd/._syscheck.h and /dev/null differ
diff --git a/src/syscheckd/._win-registry.c b/src/syscheckd/._win-registry.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/syscheckd/._win-registry.c and /dev/null differ
diff --git a/src/syscheckd/config.c b/src/syscheckd/config.c
index 2a33b15..0ee30e4 100755
--- a/src/syscheckd/config.c
+++ b/src/syscheckd/config.c
@@ -55,7 +55,7 @@ int Read_Syscheck_Config(char * cfgfile)
modules|= CAGENT_CONFIG;
ReadConfig(modules, AGENTCONFIG, &syscheck, NULL);
#endif
-
+
#ifndef WIN32
/* We must have at least one directory to check */
@@ -78,7 +78,7 @@ int Read_Syscheck_Config(char * cfgfile)
return(1);
}
#endif
-
+
return(0);
}
diff --git a/src/syscheckd/create_db.c b/src/syscheckd/create_db.c
index 7cbbaad..7cd5a65 100755
--- a/src/syscheckd/create_db.c
+++ b/src/syscheckd/create_db.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -40,7 +40,7 @@ int check_file(char *file_name)
/* New file */
sleep(1);
-
+
debug2("%s: DEBUG: new file '%s'.", ARGV0, file_name);
return(0);
}
@@ -55,7 +55,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
char *buf;
char sha1s = '+';
struct stat statbuf;
-
+
/* Checking if file is to be ignored */
if(syscheck.ignore)
@@ -63,10 +63,10 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
int i = 0;
while(syscheck.ignore[i] != NULL)
{
- if(strncasecmp(syscheck.ignore[i], file_name,
+ if(strncasecmp(syscheck.ignore[i], file_name,
strlen(syscheck.ignore[i])) == 0)
{
- return(0);
+ return(0);
}
i++;
@@ -79,7 +79,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
int i = 0;
while(syscheck.ignore_regex[i] != NULL)
{
- if(OSMatch_Execute(file_name, strlen(file_name),
+ if(OSMatch_Execute(file_name, strlen(file_name),
syscheck.ignore_regex[i]))
{
return(0);
@@ -99,13 +99,20 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
merror("%s: Error accessing '%s'.",ARGV0, file_name);
return(-1);
}
-
+
if(S_ISDIR(statbuf.st_mode))
{
#ifdef DEBUG
verbose("%s: Reading dir: %s\n",ARGV0, file_name);
#endif
+ #ifdef WIN32
+ /* Directory links are not supported */
+ if (GetFileAttributes(file_name) & FILE_ATTRIBUTE_REPARSE_POINT) {
+ merror("%s: WARN: Links are not supported: '%s'", ARGV0, file_name);
+ return(-1);
+ }
+ #endif
return(read_dir(file_name, opts, restriction));
}
@@ -113,20 +120,20 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
/* restricting file types. */
if(restriction)
{
- if(!OSMatch_Execute(file_name, strlen(file_name),
+ if(!OSMatch_Execute(file_name, strlen(file_name),
restriction))
{
return(0);
}
}
-
-
+
+
/* No S_ISLNK on windows */
#ifdef WIN32
if(S_ISREG(statbuf.st_mode))
#else
if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode))
- #endif
+ #endif
{
os_md5 mf_sum;
os_sha1 sf_sum;
@@ -166,7 +173,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
#else
if(OS_MD5_SHA1_File(file_name, syscheck.prefilter_cmd, mf_sum, sf_sum) < 0)
#endif
-
+
{
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
@@ -183,16 +190,16 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
if(opts & CHECK_SEECHANGES)
sha1s = 'n';
else
- sha1s = '-';
+ sha1s = '-';
}
-
-
+
+
buf = OSHash_Get(syscheck.fp, file_name);
if(!buf)
{
- char alert_msg[912 +1];
-
- alert_msg[912] = '\0';
+ char alert_msg[916 +1]; /* 912 -> 916 to accommodate a long */
+
+ alert_msg[916] = '\0';
if(opts & CHECK_SEECHANGES)
{
@@ -204,15 +211,15 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
}
}
-
- snprintf(alert_msg, 912, "%c%c%c%c%c%c%d:%d:%d:%d:%s:%s",
+
+ snprintf(alert_msg, 916, "%c%c%c%c%c%c%ld:%d:%d:%d:%s:%s",
opts & CHECK_SIZE?'+':'-',
opts & CHECK_PERM?'+':'-',
opts & CHECK_OWNER?'+':'-',
opts & CHECK_GROUP?'+':'-',
opts & CHECK_MD5SUM?'+':'-',
sha1s,
- opts & CHECK_SIZE?(int)statbuf.st_size:0,
+ opts & CHECK_SIZE?(long)statbuf.st_size:0,
opts & CHECK_PERM?(int)statbuf.st_mode:0,
opts & CHECK_OWNER?(int)statbuf.st_uid:0,
opts & CHECK_GROUP?(int)statbuf.st_gid:0,
@@ -226,9 +233,11 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
/* Sending the new checksum to the analysis server */
- alert_msg[912] = '\0';
- snprintf(alert_msg, 912, "%d:%d:%d:%d:%s:%s %s",
- opts & CHECK_SIZE?(int)statbuf.st_size:0,
+ alert_msg[916] = '\0';
+
+ /* changed by chris st_size int to long, 912 to 916*/
+ snprintf(alert_msg, 916, "%ld:%d:%d:%d:%s:%s %s",
+ opts & CHECK_SIZE?(long)statbuf.st_size:0,
opts & CHECK_PERM?(int)statbuf.st_mode:0,
opts & CHECK_OWNER?(int)statbuf.st_uid:0,
opts & CHECK_GROUP?(int)statbuf.st_gid:0,
@@ -241,7 +250,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
{
char alert_msg[OS_MAXSTR +1];
char c_sum[256 +2];
-
+
c_sum[0] = '\0';
c_sum[256] = '\0';
alert_msg[0] = '\0';
@@ -267,18 +276,18 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
}
else
{
- snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
+ snprintf(alert_msg, 916, "%s %s", c_sum, file_name);
}
}
else
{
- snprintf(alert_msg, 912, "%s %s", c_sum, file_name);
+ snprintf(alert_msg, 916, "%s %s", c_sum, file_name);
}
send_syscheck_msg(alert_msg);
}
}
-
-
+
+
/* Sleeping in here too */
if(__counter >= (syscheck.sleep_after))
{
@@ -288,7 +297,7 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
__counter++;
- #ifdef DEBUG
+ #ifdef DEBUG
verbose("%s: file '%s %s'",ARGV0, file_name, mf_sum);
#endif
}
@@ -309,24 +318,24 @@ int read_file(char *file_name, int opts, OSMatch *restriction)
int read_dir(char *dir_name, int opts, OSMatch *restriction)
{
int dir_size;
-
- char f_name[PATH_MAX +2];
+
+ char f_name[PATH_MAX +2];
DIR *dp;
-
+
struct dirent *entry;
f_name[PATH_MAX +1] = '\0';
-
+
/* Directory should be valid */
if((dir_name == NULL)||((dir_size = strlen(dir_name)) > PATH_MAX))
{
merror(NULL_ERROR, ARGV0);
-
+
return(-1);
}
-
-
+
+
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
@@ -336,7 +345,7 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction)
if(read_file(dir_name, opts, restriction) == 0)
return(0);
}
-
+
#ifdef WIN32
int di = 0;
char *(defaultfilesn[])= {
@@ -360,20 +369,20 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction)
if(defaultfilesn[di] == NULL)
{
merror("%s: WARN: Error opening directory: '%s': %s ",
- ARGV0, dir_name, strerror(errno));
+ ARGV0, dir_name, strerror(errno));
}
-
+
#else
-
+
merror("%s: WARN: Error opening directory: '%s': %s ",
ARGV0,
dir_name,
strerror(errno));
#endif
-
+
return(-1);
}
-
+
/* Checking for real time flag. */
if(opts & CHECK_REALTIME)
@@ -387,25 +396,25 @@ int read_dir(char *dir_name, int opts, OSMatch *restriction)
while((entry = readdir(dp)) != NULL)
{
char *s_name;
-
+
/* Just ignore . and .. */
if((strcmp(entry->d_name,".") == 0) ||
- (strcmp(entry->d_name,"..") == 0))
+ (strcmp(entry->d_name,"..") == 0))
continue;
-
+
strncpy(f_name, dir_name, PATH_MAX);
-
+
s_name = f_name;
-
+
s_name += dir_size;
/* checking if the file name is already null terminated */
if(*(s_name-1) != '/')
*s_name++ = '/';
-
+
*s_name = '\0';
-
+
strncpy(s_name, entry->d_name, PATH_MAX - dir_size -2);
/* Check integrity of the file */
@@ -446,7 +455,7 @@ int create_db()
{
ErrorExit("%s: Unable to create syscheck database."
". Exiting.",ARGV0);
- return(0);
+ return(0);
}
if(!OSHash_setSize(syscheck.fp, 2048))
@@ -455,14 +464,14 @@ int create_db()
return(0);
}
-
+
/* dir_name can't be null */
if((syscheck.dir == NULL) || (syscheck.dir[0] == NULL))
{
merror("%s: No directories to check.",ARGV0);
return(-1);
}
-
+
merror("%s: INFO: Starting syscheck database (pre-scan).", ARGV0);
@@ -487,7 +496,7 @@ int create_db()
if(syscheck.realtime && (syscheck.realtime->fd >= 0))
verbose("%s: INFO: Real time file monitoring started.", ARGV0);
#endif
-
+
merror("%s: INFO: Finished creating syscheck database (pre-scan "
"completed).", ARGV0);
return(0);
diff --git a/src/syscheckd/run_check.c b/src/syscheckd/run_check.c
index 685284a..82de351 100755
--- a/src/syscheckd/run_check.c
+++ b/src/syscheckd/run_check.c
@@ -92,7 +92,7 @@ void send_sk_db()
}
create_db(1);
-
+
/* Sending scan ending message */
sleep(syscheck.tsleep +10);
@@ -103,26 +103,26 @@ void send_sk_db()
send_rootcheck_msg("Ending syscheck scan.");
}
}
-
-
+
+
/* start_daemon
- * Run periodicaly the integrity checking
+ * Run periodicaly the integrity checking
*/
void start_daemon()
{
int day_scanned = 0;
int curr_day = 0;
-
+
time_t curr_time = 0;
-
+
time_t prev_time_rk = 0;
time_t prev_time_sk = 0;
char curr_hour[12];
struct tm *p;
-
+
/* To be used by select. */
#ifdef USEINOTIFY
@@ -130,11 +130,11 @@ void start_daemon()
fd_set rfds;
#endif
-
+
/*
- * SCHED_BATCH forces the kernel to assume this is a cpu intensive
+ * SCHED_BATCH forces the kernel to assume this is a cpu intensive
* process
- * and gives it a lower priority. This keeps ossec-syscheckd
+ * and gives it a lower priority. This keeps ossec-syscheckd
* from reducing
* the interactity of an ssh session when checksumming large files.
* This is available in kernel flavors >= 2.6.16
@@ -142,28 +142,28 @@ void start_daemon()
#ifdef SCHED_BATCH
struct sched_param pri;
int status;
-
+
pri.sched_priority = 0;
status = sched_setscheduler(0, SCHED_BATCH, &pri);
-
+
debug1("%s: Setting SCHED_BATCH returned: %d", ARGV0, status);
#endif
-
-
+
+
#ifdef DEBUG
verbose("%s: Starting daemon ..",ARGV0);
#endif
-
-
-
+
+
+
/* Some time to settle */
memset(curr_hour, '\0', 12);
sleep(syscheck.tsleep * 10);
- /* If the scan time/day is set, reset the
- * syscheck.time/rootcheck.time
+ /* If the scan time/day is set, reset the
+ * syscheck.time/rootcheck.time
*/
if(syscheck.scan_time || syscheck.scan_day)
{
@@ -183,20 +183,20 @@ void start_daemon()
{
prev_time_rk = time(0);
}
-
-
+
+
/* Before entering in daemon mode itself */
prev_time_sk = time(0);
sleep(syscheck.tsleep * 10);
-
+
/* If the scan_time or scan_day is set, we need to handle the
* current day/time on the loop.
*/
if(syscheck.scan_time || syscheck.scan_day)
{
- curr_time = time(0);
+ curr_time = time(0);
p = localtime(&curr_time);
@@ -210,7 +210,7 @@ void start_daemon()
curr_day = p->tm_mday;
-
+
if(syscheck.scan_time && syscheck.scan_day)
{
if((OS_IsAfterTime(curr_hour, syscheck.scan_time)) &&
@@ -236,18 +236,18 @@ void start_daemon()
}
}
-
- /* Checking every SYSCHECK_WAIT */
+
+ /* Checking every SYSCHECK_WAIT */
while(1)
{
int run_now = 0;
curr_time = time(0);
-
+
/* Checking if syscheck should be restarted, */
run_now = os_check_restart_syscheck();
-
+
/* Checking if a day_time or scan_time is set. */
if(syscheck.scan_time || syscheck.scan_day)
{
@@ -260,11 +260,15 @@ void start_daemon()
day_scanned = 0;
curr_day = p->tm_mday;
}
-
-
+
+
/* Checking for the time of the scan. */
if(!day_scanned && syscheck.scan_time && syscheck.scan_day)
{
+ /* Assign hour/min/sec values */
+ snprintf(curr_hour, 9, "%02d:%02d:%02d",
+ p->tm_hour, p->tm_min, p->tm_sec);
+
if((OS_IsAfterTime(curr_hour, syscheck.scan_time)) &&
(OS_IsonDay(p->tm_wday, syscheck.scan_day)))
{
@@ -272,11 +276,11 @@ void start_daemon()
run_now = 1;
}
}
-
+
else if(!day_scanned && syscheck.scan_time)
{
/* Assign hour/min/sec values */
- snprintf(curr_hour, 9, "%02d:%02d:%02d",
+ snprintf(curr_hour, 9, "%02d:%02d:%02d",
p->tm_hour, p->tm_min, p->tm_sec);
if(OS_IsAfterTime(curr_hour, syscheck.scan_time))
@@ -296,8 +300,8 @@ void start_daemon()
}
}
}
-
-
+
+
/* If time elapsed is higher than the rootcheck_time,
* run it.
@@ -311,7 +315,7 @@ void start_daemon()
}
}
-
+
/* If time elapsed is higher than the syscheck time,
* run syscheck time.
*/
@@ -326,8 +330,8 @@ void start_daemon()
syscheck.scan_on_start = 1;
}
-
-
+
+
else
{
/* Sending scan start message */
@@ -348,7 +352,7 @@ void start_daemon()
run_dbcheck();
}
-
+
/* Sending scan ending message */
sleep(syscheck.tsleep + 20);
if(syscheck.dir[0])
@@ -356,16 +360,16 @@ void start_daemon()
merror("%s: INFO: Ending syscheck scan.", ARGV0);
send_rootcheck_msg("Ending syscheck scan.");
}
-
+
/* Sending database completed message */
send_syscheck_msg(HC_SK_DB_COMPLETED);
debug2("%s: DEBUG: Sending database completed message.", ARGV0);
-
+
prev_time_sk = time(0);
- }
+ }
#ifdef USEINOTIFY
@@ -379,7 +383,7 @@ void start_daemon()
FD_SET(syscheck.realtime->fd, &rfds);
- run_now = select(syscheck.realtime->fd + 1, &rfds,
+ run_now = select(syscheck.realtime->fd + 1, &rfds,
NULL, NULL, &selecttime);
if(run_now < 0)
{
@@ -436,7 +440,7 @@ void start_daemon()
int c_read_file(char *file_name, char *oldsum, char *newsum)
{
int size = 0, perm = 0, owner = 0, group = 0, md5sum = 0, sha1sum = 0, seechanges = 0;
-
+
struct stat statbuf;
os_md5 mf_sum;
@@ -446,8 +450,8 @@ int c_read_file(char *file_name, char *oldsum, char *newsum)
/* Cleaning sums */
strncpy(mf_sum, "xxx", 4);
strncpy(sf_sum, "xxx", 4);
-
-
+
+
/* Stating the file */
#ifdef WIN32
@@ -477,12 +481,12 @@ int c_read_file(char *file_name, char *oldsum, char *newsum)
/* owner */
if(oldsum[2] == '+')
- owner = 1;
-
+ owner = 1;
+
/* group */
if(oldsum[3] == '+')
group = 1;
-
+
/* md5 sum */
if(oldsum[4] == '+')
md5sum = 1;
@@ -501,8 +505,8 @@ int c_read_file(char *file_name, char *oldsum, char *newsum)
sha1sum = 0;
seechanges = 1;
}
-
-
+
+
/* Generating new checksum */
#ifdef WIN32
if(S_ISREG(statbuf.st_mode))
@@ -542,11 +546,12 @@ int c_read_file(char *file_name, char *oldsum, char *newsum)
}
}
#endif
-
+
newsum[0] = '\0';
newsum[255] = '\0';
- snprintf(newsum,255,"%d:%d:%d:%d:%s:%s",
- size == 0?0:(int)statbuf.st_size,
+ /* chris: changed st_size int to long */
+ snprintf(newsum,255,"%ld:%d:%d:%d:%s:%s",
+ size == 0?0:(long)statbuf.st_size,
perm == 0?0:(int)statbuf.st_mode,
owner== 0?0:(int)statbuf.st_uid,
group== 0?0:(int)statbuf.st_gid,
diff --git a/src/syscheckd/run_realtime.c b/src/syscheckd/run_realtime.c
index 9f5b42f..839e5b8 100755
--- a/src/syscheckd/run_realtime.c
+++ b/src/syscheckd/run_realtime.c
@@ -140,7 +140,7 @@ int realtime_start()
merror("%s: ERROR: Unable to initialize inotify.", ARGV0);
return(-1);
}
- #endif
+ #endif
return(1);
}
@@ -167,10 +167,10 @@ int realtime_adddir(char *dir)
wd = inotify_add_watch(syscheck.realtime->fd,
dir,
- REALTIME_MONITOR_FLAGS);
+ REALTIME_MONITOR_FLAGS);
if(wd < 0)
{
- merror("%s: ERROR: Unable to add directory to real time "
+ merror("%s: ERROR: Unable to add directory to real time "
"monitoring: '%s'. %d %d", ARGV0, dir, wd, errno);
}
else
@@ -212,13 +212,13 @@ int realtime_process()
len = read(syscheck.realtime->fd, buf, REALTIME_EVENT_BUFFER);
- if (len < 0)
+ if (len < 0)
{
merror("%s: ERROR: Unable to read from real time buffer.", ARGV0);
- }
+ }
else if (len > 0)
{
- while (i < len)
+ while (i < len)
{
event = (struct inotify_event *) &buf[i];
@@ -232,7 +232,7 @@ int realtime_process()
snprintf(wdchar, 32, "%d", event->wd);
- snprintf(final_name, MAX_LINE, "%s/%s",
+ snprintf(final_name, MAX_LINE, "%s/%s",
(char *)OSHash_Get(syscheck.realtime->dirtb, wdchar),
event->name);
realtime_checksumfile(final_name);
@@ -281,7 +281,7 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
if(dwerror != ERROR_SUCCESS)
{
- merror("%s: ERROR: real time call back called, but error is set.",
+ merror("%s: ERROR: real time call back called, but error is set.",
ARGV0);
return;
}
@@ -293,12 +293,12 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap)
rtlocald = OSHash_Get(syscheck.realtime->dirtb, wdchar);
if(rtlocald == NULL)
{
- merror("%s: ERROR: real time call back called, but hash is empty.",
+ merror("%s: ERROR: real time call back called, but hash is empty.",
ARGV0);
return;
}
-
+
do
{
@@ -370,11 +370,11 @@ int realtime_win32read(win32rtfim *rtlocald)
TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE,
0,
- &rtlocald->overlap,
+ &rtlocald->overlap,
RTCallBack);
if(rc == 0)
{
- merror("%s: ERROR: Unable to set directory for monitoring: %s",
+ merror("%s: ERROR: Unable to set directory for monitoring: %s",
ARGV0, rtlocald->dir);
sleep(2);
}
@@ -404,7 +404,7 @@ int realtime_adddir(char *dir)
os_calloc(1, sizeof(win32rtfim), rtlocald);
-
+
rtlocald->h = CreateFile(dir,
FILE_LIST_DIRECTORY,
@@ -415,8 +415,8 @@ int realtime_adddir(char *dir)
NULL);
- if(rtlocald->h == INVALID_HANDLE_VALUE ||
- rtlocald->h == NULL)
+ if(rtlocald->h == INVALID_HANDLE_VALUE ||
+ rtlocald->h == NULL)
{
free(rtlocald);
rtlocald = NULL;
@@ -436,7 +436,7 @@ int realtime_adddir(char *dir)
if(OSHash_Get(syscheck.realtime->dirtb, wdchar))
{
- merror("%s: ERROR: Entry already in the real time hash: %s",
+ merror("%s: ERROR: Entry already in the real time hash: %s",
ARGV0, wdchar);
CloseHandle(rtlocald->overlap.hEvent);
free(rtlocald);
diff --git a/src/syscheckd/seechanges.c b/src/syscheckd/seechanges.c
index aa1249c..15496c8 100755
--- a/src/syscheckd/seechanges.c
+++ b/src/syscheckd/seechanges.c
@@ -31,7 +31,7 @@ char *gen_diff_alert(char *filename, int alert_diff_time)
snprintf(buf, OS_MAXSTR, "%s/local/%s/diff.%d",
DIFF_DIR_PATH, filename, alert_diff_time);
-
+
fp = fopen(buf, "r");
if(!fp)
{
@@ -56,7 +56,7 @@ char *gen_diff_alert(char *filename, int alert_diff_time)
else
{
/* Weird diff with only one large line. */
- buf[256] = '\0';
+ buf[256] = '\0';
}
}
else
@@ -70,19 +70,19 @@ char *gen_diff_alert(char *filename, int alert_diff_time)
/* Getting up to 20 line changes. */
tmp_str = buf;
-
+
while(tmp_str && (*tmp_str != '\0'))
{
tmp_str = strchr(tmp_str, '\n');
if(!tmp_str)
- break;
+ break;
else if(n >= 19)
{
- *tmp_str = '\0';
+ *tmp_str = '\0';
break;
}
n++;
- tmp_str++;
+ tmp_str++;
}
@@ -91,8 +91,8 @@ char *gen_diff_alert(char *filename, int alert_diff_time)
buf, n>=19?
"\nMore changes..":
"");
-
-
+
+
fclose(fp);
return(strdup(diff_alert));
}
@@ -134,7 +134,7 @@ int seechanges_createpath(char *filename)
char *tmpstr = NULL;
char *newdir = NULL;
-
+
os_strdup(filename, buffer);
newdir = buffer;
tmpstr = strchr(buffer +1, '/');
@@ -154,9 +154,9 @@ int seechanges_createpath(char *filename)
{
#ifndef WIN32
if(mkdir(newdir, 0770) == -1)
- #else
+ #else
if(mkdir(newdir) == -1)
- #endif
+ #endif
{
merror(MKDIR_ERROR, ARGV0, newdir);
free(buffer);
@@ -194,7 +194,7 @@ char *seechanges_addfile(char *filename)
os_md5 md5sum_old;
os_md5 md5sum_new;
-
+
old_location[OS_MAXSTR] = '\0';
tmp_location[OS_MAXSTR] = '\0';
diff_cmd[OS_MAXSTR] = '\0';
@@ -222,7 +222,7 @@ char *seechanges_addfile(char *filename)
if(OS_MD5_File(filename, md5sum_new) != 0)
{
//merror("%s: ERROR: Invalid internal state (missing '%s').",
- // ARGV0, filename);
+ // ARGV0, filename);
return(NULL);
}
@@ -248,15 +248,15 @@ char *seechanges_addfile(char *filename)
/* Run diff. */
date_of_change = File_DateofChange(old_location);
- snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\" > \"%s/local/%s/diff.%d\" "
+ snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\" > \"%s/local/%s/diff.%d\" "
"2>/dev/null",
- tmp_location, old_location,
+ tmp_location, old_location,
DIFF_DIR_PATH, filename +1, date_of_change);
if(system(diff_cmd) != 256)
{
merror("%s: ERROR: Unable to run diff for %s",
ARGV0, filename);
- return(NULL);
+ return(NULL);
}
diff --git a/src/syscheckd/syscheck-baseline.c b/src/syscheckd/syscheck-baseline.c
index 642c103..059aa25 100755
--- a/src/syscheckd/syscheck-baseline.c
+++ b/src/syscheckd/syscheck-baseline.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -59,20 +59,20 @@ int main(int argc, char **argv)
{
int c,r,no_stop = 1;
int test_config = 0;
-
+
char *cfg = DEFAULTCPATH;
char *input_f = NULL;
char *output_f = NULL;
-
-
+
+
/* Zeroing the structure */
syscheck.workdir = NULL;
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
while((c = getopt(argc, argv, "VtdshD:c:i:o:")) != -1)
{
switch(c)
@@ -85,7 +85,7 @@ int main(int argc, char **argv)
break;
case 's':
no_stop = 0;
- break;
+ break;
case 'd':
nowDebug();
break;
@@ -111,10 +111,10 @@ int main(int argc, char **argv)
break;
case 't':
test_config = 1;
- break;
+ break;
default:
help(ARGV0);
- break;
+ break;
}
}
@@ -141,13 +141,13 @@ int main(int argc, char **argv)
/* Reading internal options */
read_internal(no_stop);
-
-
+
+
/* Exit if testing config */
if(test_config)
exit(0);
-
+
/* Setting default values */
if(syscheck.workdir == NULL)
syscheck.workdir = DEFAULTDIR;
@@ -157,7 +157,7 @@ int main(int argc, char **argv)
syscheck.db = (char *)calloc(1024,sizeof(char));
if(syscheck.db == NULL)
ErrorExit(MEM_ERROR,ARGV0);
-
+
snprintf(syscheck.db,1023, output_f);
@@ -182,20 +182,20 @@ int main(int argc, char **argv)
/* Start the signal handling */
StartSIG(ARGV0);
-
+
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
-
+
/* Create local database */
create_db(0);
-
+
fflush(syscheck.fp);
- return(0);
+ return(0);
}
diff --git a/src/syscheckd/syscheck.c b/src/syscheckd/syscheck.c
index 3568ac1..d66aa10 100755
--- a/src/syscheckd/syscheck.c
+++ b/src/syscheckd/syscheck.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -108,18 +108,18 @@ int Start_win32_Syscheck()
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
-
+
/* Printing options */
r = 0;
while(syscheck.registry[r] != NULL)
{
- verbose("%s: INFO: Monitoring registry entry: '%s'.",
+ verbose("%s: INFO: Monitoring registry entry: '%s'.",
ARGV0, syscheck.registry[r]);
r++;
}
-
+
r = 0;
while(syscheck.dir[r] != NULL)
{
@@ -131,9 +131,9 @@ int Start_win32_Syscheck()
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
-
-
-
+
+
+
/* Some sync time */
sleep(syscheck.tsleep + 10);
@@ -141,35 +141,35 @@ int Start_win32_Syscheck()
/* Waiting if agent started properly. */
os_wait();
-
+
start_daemon();
exit(0);
-}
+}
#endif
/* Syscheck unix main.
*/
-#ifndef WIN32
+#ifndef WIN32
int main(int argc, char **argv)
{
int c,r;
int test_config = 0,run_foreground = 0;
-
+
char *cfg = DEFAULTCPATH;
-
-
+
+
/* Zeroing the structure */
syscheck.workdir = NULL;
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
{
switch(c)
@@ -198,10 +198,10 @@ int main(int argc, char **argv)
break;
case 't':
test_config = 1;
- break;
+ break;
default:
help(ARGV0);
- break;
+ break;
}
}
@@ -239,8 +239,8 @@ int main(int argc, char **argv)
/* Reading internal options */
read_internal();
-
-
+
+
/* Rootcheck config */
if(rootcheck_init(test_config) == 0)
@@ -253,30 +253,30 @@ int main(int argc, char **argv)
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
-
+
/* Exit if testing config */
if(test_config)
exit(0);
-
+
/* Setting default values */
if(syscheck.workdir == NULL)
syscheck.workdir = DEFAULTDIR;
- if(!run_foreground)
+ if(!run_foreground)
{
nowDaemon();
goDaemon();
}
-
+
/* Initial time to settle */
- sleep(syscheck.tsleep + 2);
-
-
+ sleep(syscheck.tsleep + 2);
+
+
/* Connect to the queue */
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ {
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
@@ -293,7 +293,7 @@ int main(int argc, char **argv)
/* Start the signal handling */
StartSIG(ARGV0);
-
+
/* Creating pid */
if(CreatePID(ARGV0, getpid()) < 0)
@@ -337,8 +337,8 @@ int main(int argc, char **argv)
}
r++;
}
-
-
+
+
/* Some sync time */
sleep(syscheck.tsleep + 10);
@@ -346,7 +346,7 @@ int main(int argc, char **argv)
/* Start the daemon */
start_daemon();
- return(0);
+ return(0);
}
#endif /* ifndef WIN32 */
diff --git a/src/syscheckd/syscheck.h b/src/syscheckd/syscheck.h
index 4c2758b..df51f0e 100755
--- a/src/syscheckd/syscheck.h
+++ b/src/syscheckd/syscheck.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#ifndef __SYSCHECK_H
@@ -50,11 +50,11 @@ int create_db();
/* int run_dbcheck()
* Checks database for changes.
*/
-int run_dbcheck();
-
+int run_dbcheck();
+
/** void os_winreg_check()
* Checks the registry for changes.
- */
+ */
void os_winreg_check();
/* starts real time */
diff --git a/src/syscheckd/win-registry.c b/src/syscheckd/win-registry.c
index c100bda..25791d7 100644
--- a/src/syscheckd/win-registry.c
+++ b/src/syscheckd/win-registry.c
@@ -9,20 +9,20 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Windows only */
#ifdef WIN32
-
+
#include "shared.h"
#include "syscheck.h"
#include "os_crypto/md5/md5_op.h"
#include "os_crypto/sha1/sha1_op.h"
-#include "os_crypto/md5_sha1/md5_sha1_op.h"
+#include "os_crypto/md5_sha1/md5_sha1_op.h"
/* Default values */
@@ -34,8 +34,8 @@
#define SYS_WIN_REG "syscheck/syscheckregistry.db"
#define SYS_REG_TMP "syscheck/syscheck_sum.tmp"
-
-
+
+
/* Global variables */
HKEY sub_tree;
int ig_count = 0;
@@ -51,7 +51,7 @@ void os_winreg_open_key(char *subkey, char *fullkey_name);
int os_winreg_changed(char *key, char *md5, char *sha1)
{
char buf[MAX_LINE +1];
-
+
buf[MAX_LINE] = '\0';
@@ -69,17 +69,17 @@ int os_winreg_changed(char *key, char *md5, char *sha1)
if(n_buf == NULL)
continue;
- *n_buf = '\0';
-
+ *n_buf = '\0';
+
n_buf = strchr(buf, ' ');
if(n_buf == NULL)
continue;
-
+
if(strcmp(n_buf +1, key) != 0)
continue;
-
+
/* Entry found, checking if checksum is the same */
- *n_buf = '\0';
+ *n_buf = '\0';
if((strncmp(buf, md5, sizeof(os_md5) -1) == 0)&&
(strcmp(buf + sizeof(os_md5) -1, sha1) == 0))
{
@@ -165,11 +165,11 @@ char *os_winreg_sethkey(char *reg_entry)
/* Checking if ret has nothing else. */
if(ret && (*ret == '\0'))
ret = NULL;
-
- /* fixing tmp_str and the real name of the registry */
+
+ /* fixing tmp_str and the real name of the registry */
if(tmp_str && (*tmp_str == '\0'))
*tmp_str = '\\';
-
+
return(ret);
}
@@ -177,7 +177,7 @@ char *os_winreg_sethkey(char *reg_entry)
/* void os_winreg_querykey(HKEY hKey, char *p_key)
* Query the key and get all its values.
*/
-void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
+void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
{
int i, rc;
DWORD j;
@@ -195,8 +195,8 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
DWORD value_count;
/* Variables for RegEnumValue */
- TCHAR value_buffer[MAX_VALUE_NAME +1];
- TCHAR data_buffer[MAX_VALUE_NAME +1];
+ TCHAR value_buffer[MAX_VALUE_NAME +1];
+ TCHAR data_buffer[MAX_VALUE_NAME +1];
DWORD value_size;
DWORD data_size;
@@ -210,7 +210,7 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
sub_key_name_b[0] = '\0';
sub_key_name_b[MAX_KEY_LENGTH] = '\0';
sub_key_name_b[MAX_KEY_LENGTH +1] = '\0';
-
+
/* We use the class_name, subkey_count and the value count. */
rc = RegQueryInfoKey(hKey, class_name_b, &class_name_s, NULL,
@@ -229,14 +229,14 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
if(subkey_count)
{
/* We open each subkey and call open_key */
- for(i=0;i<subkey_count;i++)
- {
+ for(i=0;i<subkey_count;i++)
+ {
sub_key_name_s = MAX_KEY_LENGTH;
rc = RegEnumKeyEx(hKey, i, sub_key_name_b, &sub_key_name_s,
- NULL, NULL, NULL, NULL);
-
+ NULL, NULL, NULL, NULL);
+
/* Checking for the rc. */
- if(rc == ERROR_SUCCESS)
+ if(rc == ERROR_SUCCESS)
{
char new_key[MAX_KEY + 2];
char new_key_full[MAX_KEY + 2];
@@ -245,15 +245,15 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
if(p_key)
{
- snprintf(new_key, MAX_KEY,
+ snprintf(new_key, MAX_KEY,
"%s\\%s", p_key, sub_key_name_b);
- snprintf(new_key_full, MAX_KEY,
+ snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
}
else
{
snprintf(new_key, MAX_KEY, "%s", sub_key_name_b);
- snprintf(new_key_full, MAX_KEY,
+ snprintf(new_key_full, MAX_KEY,
"%s\\%s", full_key_name, sub_key_name_b);
}
@@ -262,9 +262,9 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
}
}
}
-
+
/* Getting Values (if available) */
- if (value_count)
+ if (value_count)
{
/* md5 and sha1 sum */
os_md5 mf_sum;
@@ -286,9 +286,9 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
}
/* Getting each value */
- for(i=0;i<value_count;i++)
- {
- value_size = MAX_VALUE_NAME;
+ for(i=0;i<value_count;i++)
+ {
+ value_size = MAX_VALUE_NAME;
data_size = MAX_VALUE_NAME;
value_buffer[0] = '\0';
@@ -358,7 +358,7 @@ void os_winreg_querykey(HKEY hKey, char *p_key, char *full_key_name)
{
char reg_changed[MAX_LINE +1];
snprintf(reg_changed, MAX_LINE, "0:0:0:0:%s:%s %s",
- mf_sum, sf_sum, full_key_name);
+ mf_sum, sf_sum, full_key_name);
/* Notifying server */
notify_registry(reg_changed, 0);
@@ -385,7 +385,7 @@ void os_winreg_open_key(char *subkey, char *full_key_name)
}
ig_count++;
-
+
/* Registry ignore list */
if(full_key_name && syscheck.registry_ignore)
{
@@ -435,11 +435,11 @@ void os_winreg_check()
/* Debug entries */
debug1("%s: DEBUG: Starting os_winreg_check", ARGV0);
-
-
+
+
/* Zeroing ig_count before checking */
ig_count = 1;
-
+
/* Checking if the registry fp is open */
if(syscheck.reg_fp == NULL)
@@ -458,19 +458,19 @@ void os_winreg_check()
{
sub_tree = NULL;
rk = NULL;
-
+
/* Ignored entries are zeroed */
if(*syscheck.registry[i] == '\0')
{
i++;
continue;
}
-
-
+
+
/* Reading syscheck registry entry */
debug1("%s: DEBUG: Attempt to read: %s", ARGV0, syscheck.registry[i]);
-
-
+
+
rk = os_winreg_sethkey(syscheck.registry[i]);
if(sub_tree == NULL)
{
diff --git a/src/sysinfo/._df.c b/src/sysinfo/._df.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/sysinfo/._df.c and /dev/null differ
diff --git a/src/sysinfo/._statfs.c b/src/sysinfo/._statfs.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/sysinfo/._statfs.c and /dev/null differ
diff --git a/src/sysinfo/._statfs.h b/src/sysinfo/._statfs.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/sysinfo/._statfs.h and /dev/null differ
diff --git a/src/sysinfo/statfs.c b/src/sysinfo/statfs.c
index 2e3200a..732117a 100755
--- a/src/sysinfo/statfs.c
+++ b/src/sysinfo/statfs.c
@@ -47,14 +47,14 @@ int getstatfs(char *path)
struct statfs fs;
int percentbfree=0;
int percentnfree=0;
-
+
if(statfs(path, &fs) != 0)
return(-1);
if((fs.f_bfree == 0)||(fs.f_ffree == 0))
return(-1);
- percentbfree = (int)(100*fs.f_bfree)/fs.f_blocks;
- percentnfree = (int)(100*fs.f_ffree)/fs.f_files;
+ percentbfree = (int)(100*fs.f_bfree)/fs.f_blocks;
+ percentnfree = (int)(100*fs.f_ffree)/fs.f_files;
printf("file system for %s has %d free blocks out of a total of %d - %d. Total of %d%% FREE \n",path,fs.f_ffree,fs.f_blocks,percentbfree,percentnfree);
return(0);
}
diff --git a/src/util/._Makefile b/src/util/._Makefile
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._Makefile and /dev/null differ
diff --git a/src/util/._agent_control.c b/src/util/._agent_control.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._agent_control.c and /dev/null differ
diff --git a/src/util/._clear_stats.c b/src/util/._clear_stats.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._clear_stats.c and /dev/null differ
diff --git a/src/util/._list_agents.c b/src/util/._list_agents.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._list_agents.c and /dev/null differ
diff --git a/src/util/._ossec-regex.c b/src/util/._ossec-regex.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/util/._ossec-regex.c and /dev/null differ
diff --git a/src/util/._rootcheck_control.c b/src/util/._rootcheck_control.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._rootcheck_control.c and /dev/null differ
diff --git a/src/util/._syscheck_control.c b/src/util/._syscheck_control.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._syscheck_control.c and /dev/null differ
diff --git a/src/util/._syscheck_update.c b/src/util/._syscheck_update.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._syscheck_update.c and /dev/null differ
diff --git a/src/util/._verify-agent-conf.c b/src/util/._verify-agent-conf.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/util/._verify-agent-conf.c and /dev/null differ
diff --git a/src/util/agent_control.c b/src/util/agent_control.c
index c229b0e..e48a9a8 100755
--- a/src/util/agent_control.c
+++ b/src/util/agent_control.c
@@ -53,19 +53,19 @@ int main(int argc, char **argv)
int gid = 0;
int uid = 0;
int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
- int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
+ int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
int list_responses = 0, end_time = 0, restart_agent = 0;
char shost[512];
-
+
keystore keys;
-
-
+
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc < 2)
{
@@ -87,10 +87,10 @@ int main(int argc, char **argv)
break;
case 'L':
list_responses = 1;
- break;
+ break;
case 'e':
end_time = 1;
- break;
+ break;
case 'r':
restart_syscheck = 1;
break;
@@ -98,11 +98,11 @@ int main(int argc, char **argv)
list_agents++;
break;
case 's':
- csv_output = 1;
- break;
+ csv_output = 1;
+ break;
case 'c':
active_only++;
- break;
+ break;
case 'i':
info_agent++;
case 'u':
@@ -136,7 +136,7 @@ int main(int argc, char **argv)
helpmsg();
}
agent_id = optarg;
- restart_agent = 1;
+ restart_agent = 1;
case 'a':
restart_all_agents = 1;
break;
@@ -146,8 +146,8 @@ int main(int argc, char **argv)
}
}
-
-
+
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -156,14 +156,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -173,7 +173,7 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
@@ -200,7 +200,7 @@ int main(int argc, char **argv)
{
printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
}
-
+
fp = fopen(DEFAULTAR, "r");
if(fp)
{
@@ -216,7 +216,7 @@ int main(int argc, char **argv)
r_cmd = strchr(buffer, ' ');
if(!r_cmd)
continue;
-
+
*r_cmd = '\0';
r_cmd++;
if(*r_cmd == '-')
@@ -227,8 +227,8 @@ int main(int argc, char **argv)
r_timeout = strchr(r_cmd, ' ');
if(!r_timeout)
continue;
- *r_timeout = '\0';
-
+ *r_timeout = '\0';
+
if(strcmp(r_name, "restart-ossec0") == 0)
{
continue;
@@ -247,13 +247,13 @@ int main(int argc, char **argv)
exit(0);
}
-
+
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
- printf("\nOSSEC HIDS %s. List of available agents:",
+ printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
shost);
@@ -266,11 +266,11 @@ int main(int argc, char **argv)
printf("\n");
exit(0);
}
-
+
/* Checking if the provided ID is valid. */
- if(agent_id != NULL)
+ if(agent_id != NULL)
{
if(strcmp(agent_id, "000") != 0)
{
@@ -289,7 +289,7 @@ int main(int argc, char **argv)
agt_id = -1;
}
}
-
+
/* Printing information from an agent. */
@@ -299,10 +299,10 @@ int main(int argc, char **argv)
char final_ip[128 +1];
char final_mask[128 +1];
agent_info *agt_info;
-
+
final_ip[128] = '\0';
final_mask[128] = '\0';
-
+
if(!csv_output)
printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
@@ -317,7 +317,7 @@ int main(int argc, char **argv)
/* Getting netmask from ip. */
getNetmask(keys.keyentries[agt_id]->ip->netmask, final_mask, 128);
- snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
+ snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
final_mask);
@@ -330,16 +330,16 @@ int main(int argc, char **argv)
}
else
{
- printf("%s,%s,%s,%s,",
+ printf("%s,%s,%s,%s,",
keys.keyentries[agt_id]->id,
keys.keyentries[agt_id]->name,
final_ip,
- print_agent_status(agt_status));
+ print_agent_status(agt_status));
}
}
else
{
- agt_status = get_agent_status(NULL, NULL);
+ agt_status = get_agent_status(NULL, NULL);
agt_info = get_agent_info(NULL, "127.0.0.1");
if(!csv_output)
@@ -355,17 +355,17 @@ int main(int argc, char **argv)
printf("000,%s,127.0.0.1,%s/Local,",
shost,
print_agent_status(agt_status));
-
+
}
}
-
+
if(!csv_output)
{
printf(" Operating system: %s\n", agt_info->os);
printf(" Client version: %s\n", agt_info->version);
printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
-
+
if(end_time)
{
@@ -382,14 +382,14 @@ int main(int argc, char **argv)
}
else
{
- printf("%s,%s,%s,%s,%s,\n",
+ printf("%s,%s,%s,%s,%s,\n",
agt_info->os,
agt_info->version,
agt_info->last_keepalive,
agt_info->syscheck_time,
agt_info->rootcheck_time);
}
-
+
exit(0);
}
@@ -424,7 +424,7 @@ int main(int argc, char **argv)
exit(0);
}
-
+
if(restart_syscheck && agent_id)
@@ -467,8 +467,8 @@ int main(int argc, char **argv)
exit(0);
}
-
-
+
+
if(restart_agent && agent_id)
{
/* Connecting to remoted. */
@@ -524,7 +524,7 @@ int main(int argc, char **argv)
exit(0);
}
-
+
printf("\n** Invalid argument combination.\n");
helpmsg();
diff --git a/src/util/clear_stats.c b/src/util/clear_stats.c
index b91d392..068b573 100755
--- a/src/util/clear_stats.c
+++ b/src/util/clear_stats.c
@@ -37,24 +37,24 @@ int main(int argc, char **argv)
{
int clear_daily = 0;
int clear_weekly = 0;
-
+
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
int gid;
int uid;
-
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc != 2)
{
helpmsg();
}
-
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -63,14 +63,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -80,14 +80,14 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
-
+
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
@@ -125,28 +125,28 @@ int main(int argc, char **argv)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, daily_dir);
}
-
+
while((entry = readdir(daily)) != NULL)
{
char full_path[OS_MAXSTR +1];
-
- /* Do not even attempt to delete . and .. :) */
+
+ /* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
-
+
/* Remove file */
full_path[OS_MAXSTR] = '\0';
snprintf(full_path, OS_MAXSTR, "%s/%s", daily_dir, entry->d_name);
unlink(full_path);
}
-
+
closedir(daily);
}
-
-
+
+
/* Clear weekly averages */
if(clear_weekly)
{
@@ -162,7 +162,7 @@ int main(int argc, char **argv)
daily = opendir(dir_path);
if(!daily)
{
- ErrorExit("%s: Unable to open: '%s' (no stats)",
+ ErrorExit("%s: Unable to open: '%s' (no stats)",
ARGV0, dir_path);
}
@@ -179,17 +179,17 @@ int main(int argc, char **argv)
/* Remove file */
full_path[OS_MAXSTR] = '\0';
- snprintf(full_path, OS_MAXSTR, "%s/%s", dir_path,
+ snprintf(full_path, OS_MAXSTR, "%s/%s", dir_path,
entry->d_name);
unlink(full_path);
}
-
+
i++;
closedir(daily);
}
}
-
- printf("\n** Internal stats clear.\n\n");
+
+ printf("\n** Internal stats clear.\n\n");
return(0);
}
diff --git a/src/util/list_agents.c b/src/util/list_agents.c
index 5078f2e..c363ab6 100755
--- a/src/util/list_agents.c
+++ b/src/util/list_agents.c
@@ -36,24 +36,24 @@ int main(int argc, char **argv)
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
-
+
char *msg;
char **agent_list;
int gid;
int uid;
int flag;
-
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc < 2)
{
helpmsg();
}
-
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -62,14 +62,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -79,14 +79,14 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
-
+
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
if(agent_list)
{
char **agent_list_pt = agent_list;
-
+
while(*agent_list)
{
printf("%s %s\n", *agent_list, msg);
diff --git a/src/util/ossec-regex.c b/src/util/ossec-regex.c
index d01601b..bffba67 100644
--- a/src/util/ossec-regex.c
+++ b/src/util/ossec-regex.c
@@ -31,22 +31,22 @@ void helpmsg()
int main(int argc, char **argv)
{
char *pattern;
-
+
char msg[OS_MAXSTR +1];
memset(msg, '\0', OS_MAXSTR +1);
- OSRegex regex;
- OSMatch matcher;
+ OSRegex regex;
+ OSMatch matcher;
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc != 2)
{
helpmsg();
return(-1);
}
-
+
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
@@ -55,10 +55,10 @@ int main(int argc, char **argv)
}
os_strdup(argv[1], pattern);
- if(!OSRegex_Compile(pattern, ®ex, 0))
- {
+ if(!OSRegex_Compile(pattern, ®ex, 0))
+ {
printf("pattern does not compile with OSRegex_Compile\n");
- return(-1);
+ return(-1);
}
if(!OSMatch_Compile(pattern, &matcher, 0))
{
@@ -68,33 +68,33 @@ int main(int argc, char **argv)
while((fgets(msg, OS_MAXSTR, stdin)) != NULL)
- {
- /* Removing new line. */
+ {
+ /* Removing new line. */
if(msg[strlen(msg) -1] == '\n')
msg[strlen(msg) -1] = '\0';
- /* Make sure we ignore blank lines. */
- if(strlen(msg) < 2) { continue; }
+ /* Make sure we ignore blank lines. */
+ if(strlen(msg) < 2) { continue; }
if(OSRegex_Execute(msg, ®ex))
- printf("+OSRegex_Execute: %s\n",msg);
+ printf("+OSRegex_Execute: %s\n",msg);
/*
else
- printf("-OSRegex_Execute: \n");
+ printf("-OSRegex_Execute: \n");
*/
- if(OS_Regex(pattern, msg))
+ if(OS_Regex(pattern, msg))
printf("+OS_Regex : %s\n", msg);
/*
else
- printf("-OS_Regex: \n");
+ printf("-OS_Regex: \n");
*/
- if(OSMatch_Execute(msg, strlen(msg), &matcher))
- printf("+OSMatch_Compile: %s\n", msg);
-
- if(OS_Match2(pattern, msg))
- printf("+OS_Match2 : %s\n", msg);
+ if(OSMatch_Execute(msg, strlen(msg), &matcher))
+ printf("+OSMatch_Compile: %s\n", msg);
+
+ if(OS_Match2(pattern, msg))
+ printf("+OS_Match2 : %s\n", msg);
}
return(0);
}
diff --git a/src/util/rootcheck_control.c b/src/util/rootcheck_control.c
index fbc4b98..dc1c62f 100755
--- a/src/util/rootcheck_control.c
+++ b/src/util/rootcheck_control.c
@@ -22,7 +22,7 @@
/** help **/
void helpmsg()
{
- printf("\nOSSEC HIDS %s: Manages the policy and auditing database.\n",
+ printf("\nOSSEC HIDS %s: Manages the policy and auditing database.\n",
ARGV0);
printf("Available options:\n");
printf("\t-h This help message.\n");
@@ -55,13 +55,13 @@ int main(int argc, char **argv)
int active_only = 0, csv_output = 0;
char shost[512];
-
-
-
+
+
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc < 2)
{
@@ -85,17 +85,17 @@ int main(int argc, char **argv)
list_agents++;
break;
case 's':
- csv_output = 1;
+ csv_output = 1;
break;
case 'c':
active_only++;
- break;
+ break;
case 'r':
resolved_only = 1;
- break;
+ break;
case 'q':
resolved_only = 2;
- break;
+ break;
case 'L':
show_last = 1;
break;
@@ -123,8 +123,8 @@ int main(int argc, char **argv)
}
}
-
-
+
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -133,14 +133,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -150,7 +150,7 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
@@ -169,13 +169,13 @@ int main(int argc, char **argv)
}
-
+
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
- printf("\nOSSEC HIDS %s. List of available agents:",
+ printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
@@ -188,7 +188,7 @@ int main(int argc, char **argv)
printf("\n");
exit(0);
}
-
+
/* Update rootcheck database. */
@@ -218,7 +218,7 @@ int main(int argc, char **argv)
continue;
}
- snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR,
+ snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
@@ -237,7 +237,7 @@ int main(int argc, char **argv)
exit(0);
}
- else if((strcmp(agent_id, "000") == 0) ||
+ else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
@@ -278,7 +278,7 @@ int main(int argc, char **argv)
}
}
-
+
/* Printing information from an agent. */
if(info_agent)
{
@@ -294,9 +294,9 @@ int main(int argc, char **argv)
if(!csv_output)
printf("\nPolicy and auditing events for local system '%s - %s':\n",
shost, "127.0.0.1");
-
+
print_rootcheck(NULL,
- NULL, NULL, resolved_only, csv_output, show_last);
+ NULL, NULL, resolved_only, csv_output, show_last);
}
else
{
@@ -313,7 +313,7 @@ int main(int argc, char **argv)
/* Getting netmask from ip. */
final_ip[128] = '\0';
final_mask[128] = '\0';
- getNetmask(keys.keyentries[i]->ip->netmask,
+ getNetmask(keys.keyentries[i]->ip->netmask,
final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
final_mask);
@@ -321,20 +321,20 @@ int main(int argc, char **argv)
if(!csv_output)
printf("\nPolicy and auditing events for agent "
"'%s (%s) - %s':\n",
- keys.keyentries[i]->name, keys.keyentries[i]->id,
+ keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
print_rootcheck(keys.keyentries[i]->name,
- keys.keyentries[i]->ip->ip, NULL,
+ keys.keyentries[i]->ip->ip, NULL,
resolved_only, csv_output, show_last);
}
-
+
exit(0);
}
-
+
printf("\n** Invalid argument combination.\n");
helpmsg();
diff --git a/src/util/syscheck_control.c b/src/util/syscheck_control.c
index d6b1147..43b2e38 100755
--- a/src/util/syscheck_control.c
+++ b/src/util/syscheck_control.c
@@ -22,7 +22,7 @@
/** help **/
void helpmsg()
{
- printf("\nOSSEC HIDS %s: Manages the integrity checking database.\n",
+ printf("\nOSSEC HIDS %s: Manages the integrity checking database.\n",
ARGV0);
printf("Available options:\n");
printf("\t-h This help message.\n");
@@ -58,13 +58,13 @@ int main(int argc, char **argv)
int active_only = 0, csv_output = 0;
char shost[512];
-
-
-
+
+
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc < 2)
{
@@ -92,15 +92,15 @@ int main(int argc, char **argv)
break;
case 'd':
zero_counter = 2;
- break;
+ break;
case 's':
- csv_output = 1;
+ csv_output = 1;
case 'c':
active_only++;
- break;
+ break;
case 'r':
registry_only = 1;
- break;
+ break;
case 'i':
info_agent++;
if(!optarg)
@@ -133,8 +133,8 @@ int main(int argc, char **argv)
}
}
-
-
+
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -143,14 +143,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -160,7 +160,7 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
@@ -179,13 +179,13 @@ int main(int argc, char **argv)
}
-
+
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
- printf("\nOSSEC HIDS %s. List of available agents:",
+ printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
@@ -198,7 +198,7 @@ int main(int argc, char **argv)
printf("\n");
exit(0);
}
-
+
/* Update syscheck database. */
@@ -228,7 +228,7 @@ int main(int argc, char **argv)
continue;
}
- snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR,
+ snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
@@ -247,7 +247,7 @@ int main(int argc, char **argv)
exit(0);
}
- else if((strcmp(agent_id, "000") == 0) ||
+ else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
@@ -300,7 +300,7 @@ int main(int argc, char **argv)
}
}
-
+
/* Printing information from an agent. */
if(info_agent)
{
@@ -317,19 +317,19 @@ int main(int argc, char **argv)
shost, "127.0.0.1");
if(fname)
{
- printf("Detailed information for entries matching: '%s'\n",
+ printf("Detailed information for entries matching: '%s'\n",
fname);
}
-
+
print_syscheck(NULL,
- NULL, fname, 0, 0,
+ NULL, fname, 0, 0,
csv_output, zero_counter);
}
else if(strchr(agent_id, '@'))
{
if(fname)
{
- printf("Detailed information for entries matching: '%s'\n",
+ printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(agent_id, NULL, fname, registry_only, 0,
@@ -358,33 +358,33 @@ int main(int argc, char **argv)
{
printf("\nIntegrity changes for 'Windows Registry' of"
" agent '%s (%s) - %s':\n",
- keys.keyentries[i]->name, keys.keyentries[i]->id,
- final_ip);
+ keys.keyentries[i]->name, keys.keyentries[i]->id,
+ final_ip);
}
else
{
printf("\nIntegrity changes for agent "
"'%s (%s) - %s':\n",
- keys.keyentries[i]->name, keys.keyentries[i]->id,
+ keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
}
if(fname)
{
- printf("Detailed information for entries matching: '%s'\n",
+ printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(keys.keyentries[i]->name,
- keys.keyentries[i]->ip->ip, fname,
+ keys.keyentries[i]->ip->ip, fname,
registry_only, 0, csv_output, zero_counter);
}
-
+
exit(0);
}
-
+
printf("\n** Invalid argument combination.\n");
helpmsg();
diff --git a/src/util/syscheck_update.c b/src/util/syscheck_update.c
index ee1bf7a..e39e3c8 100755
--- a/src/util/syscheck_update.c
+++ b/src/util/syscheck_update.c
@@ -39,18 +39,18 @@ int main(int argc, char **argv)
char *user = USER;
int gid;
int uid;
-
+
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
/* user arguments */
if(argc < 2)
{
helpmsg();
}
-
+
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
@@ -59,14 +59,14 @@ int main(int argc, char **argv)
ErrorExit(USER_ERROR, ARGV0, user, group);
}
-
+
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
-
-
+
+
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
@@ -76,14 +76,14 @@ int main(int argc, char **argv)
/* Inside chroot now */
nowChroot();
-
+
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
-
+
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
@@ -91,7 +91,7 @@ int main(int argc, char **argv)
}
else if(strcmp(argv[1], "-l") == 0)
{
- printf("\nOSSEC HIDS %s: Updates the integrity check database.",
+ printf("\nOSSEC HIDS %s: Updates the integrity check database.",
ARGV0);
print_agents(0, 0, 0);
printf("\n");
@@ -129,7 +129,7 @@ int main(int argc, char **argv)
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
-
+
fp = fopen(full_path, "w");
if(fp)
{
@@ -142,7 +142,7 @@ int main(int argc, char **argv)
}
closedir(sys_dir);
- printf("\n** Integrity check database updated.\n\n");
+ printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else
@@ -151,14 +151,14 @@ int main(int argc, char **argv)
helpmsg();
}
-
+
/* local */
if(strcmp(argv[2],"local") == 0)
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
-
+
fp = fopen(final_dir, "w");
if(fp)
{
@@ -169,7 +169,7 @@ int main(int argc, char **argv)
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
-
+
fp = fopen(final_dir, "w");
if(fp)
{
@@ -192,12 +192,12 @@ int main(int argc, char **argv)
printf("\n** Invalid agent id '%s'.\n", argv[2]);
helpmsg();
}
-
+
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
}
-
- printf("\n** Integrity check database updated.\n\n");
+
+ printf("\n** Integrity check database updated.\n\n");
return(0);
}
diff --git a/src/util/verify-agent-conf.c b/src/util/verify-agent-conf.c
index 2c9c6df..f76745e 100755
--- a/src/util/verify-agent-conf.c
+++ b/src/util/verify-agent-conf.c
@@ -48,7 +48,7 @@ int main(int argc, char **argv)
/* Setting the name */
OS_SetName(ARGV0);
-
+
/* printf ("Agrc [%d], Argv [%s]\n", argc, *argv); */
@@ -79,12 +79,12 @@ int main(int argc, char **argv)
helpmsg();
break;
}
-
+
}
}
-
-
+
+
printf("\n%s: Verifying [%s].\n\n", ARGV0, ar);
modules|= CLOCALFILE;
@@ -95,7 +95,7 @@ int main(int argc, char **argv)
return(OS_INVALID);
}
- logff = log_config.config;
+ logff = log_config.config;
return(0);
diff --git a/src/win32/._add-localfile.c b/src/win32/._add-localfile.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._add-localfile.c and /dev/null differ
diff --git a/src/win32/._doc.html b/src/win32/._doc.html
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._doc.html and /dev/null differ
diff --git a/src/win32/._extract-win-el.c b/src/win32/._extract-win-el.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._extract-win-el.c and /dev/null differ
diff --git a/src/win32/._favicon.ico b/src/win32/._favicon.ico
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._favicon.ico and /dev/null differ
diff --git a/src/win32/._favicon2.ico b/src/win32/._favicon2.ico
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._favicon2.ico and /dev/null differ
diff --git a/src/win32/._gen_win.cmd b/src/win32/._gen_win.cmd
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._gen_win.cmd and /dev/null differ
diff --git a/src/win32/._gen_win.sh b/src/win32/._gen_win.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._gen_win.sh and /dev/null differ
diff --git a/src/win32/._help.txt b/src/win32/._help.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._help.txt and /dev/null differ
diff --git a/src/win32/._icofile.rc b/src/win32/._icofile.rc
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._icofile.rc and /dev/null differ
diff --git a/src/win32/._iis-logs.bat b/src/win32/._iis-logs.bat
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._iis-logs.bat and /dev/null differ
diff --git a/src/win32/._make.bat b/src/win32/._make.bat
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._make.bat and /dev/null differ
diff --git a/src/win32/._make.sh b/src/win32/._make.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._make.sh and /dev/null differ
diff --git a/src/win32/._os_win.h b/src/win32/._os_win.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._os_win.h and /dev/null differ
diff --git a/src/win32/._ossec-installer.nsi b/src/win32/._ossec-installer.nsi
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._ossec-installer.nsi and /dev/null differ
diff --git a/src/win32/._ossec-uninstall.ico b/src/win32/._ossec-uninstall.ico
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._ossec-uninstall.ico and /dev/null differ
diff --git a/src/win32/._ossec.conf b/src/win32/._ossec.conf
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._ossec.conf and /dev/null differ
diff --git a/src/win32/._read-registry.c b/src/win32/._read-registry.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._read-registry.c and /dev/null differ
diff --git a/src/win32/._service-start.c b/src/win32/._service-start.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._service-start.c and /dev/null differ
diff --git a/src/win32/._service-stop.c b/src/win32/._service-stop.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._service-stop.c and /dev/null differ
diff --git a/src/win32/._setup-iis.c b/src/win32/._setup-iis.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._setup-iis.c and /dev/null differ
diff --git a/src/win32/._setup-shared.c b/src/win32/._setup-shared.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._setup-shared.c and /dev/null differ
diff --git a/src/win32/._setup-shared.h b/src/win32/._setup-shared.h
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._setup-shared.h and /dev/null differ
diff --git a/src/win32/._setup-syscheck.c b/src/win32/._setup-syscheck.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._setup-syscheck.c and /dev/null differ
diff --git a/src/win32/._setup-win.c b/src/win32/._setup-win.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._setup-win.c and /dev/null differ
diff --git a/src/win32/._ui.nsi b/src/win32/._ui.nsi
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._ui.nsi and /dev/null differ
diff --git a/src/win32/._unix2dos.pl b/src/win32/._unix2dos.pl
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._unix2dos.pl and /dev/null differ
diff --git a/src/win32/._vista_sec.csv b/src/win32/._vista_sec.csv
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/._vista_sec.csv and /dev/null differ
diff --git a/src/win32/._win-files.txt b/src/win32/._win-files.txt
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._win-files.txt and /dev/null differ
diff --git a/src/win32/._win_agent.c b/src/win32/._win_agent.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._win_agent.c and /dev/null differ
diff --git a/src/win32/._win_service.c b/src/win32/._win_service.c
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/._win_service.c and /dev/null differ
diff --git a/src/win32/add-localfile.c b/src/win32/add-localfile.c
index 867baff..8cf11e4 100755
--- a/src/win32/add-localfile.c
+++ b/src/win32/add-localfile.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
@@ -49,7 +49,7 @@ int dogrep(char *file, char *str)
/* Clearing memory */
memset(line, '\0', OS_MAXSTR +1);
- /* Reading file and looking for str */
+ /* Reading file and looking for str */
while(fgets(line, OS_MAXSTR, fp) != NULL)
{
if(OS_Match(str, line))
@@ -72,7 +72,7 @@ int config_file(char *name, char *file, int quiet)
FILE *fp;
ffile[255] = '\0';
-
+
/* Checking if the file has a variable format */
if(strchr(file, '%') != NULL)
@@ -92,8 +92,8 @@ int config_file(char *name, char *file, int quiet)
{
strncpy(ffile, file, 255);
}
-
-
+
+
/* Looking for ffile */
if(!fileexist(ffile))
{
@@ -103,26 +103,26 @@ int config_file(char *name, char *file, int quiet)
}
return(-1);
}
-
+
if(dogrep(OSSECCONF, file))
{
- printf("%s: Log file already configured: '%s'.\n",
+ printf("%s: Log file already configured: '%s'.\n",
name, file);
return(0);
}
-
-
+
+
/* Add iis config config */
fp = fopen(OSSECCONF, "a");
if(!fp)
{
printf("%s: Unable to edit configuration file.\n", name);
- return(0);
+ return(0);
}
-
+
printf("%s: Adding log file to be monitored: '%s'.\n", name,file);
- fprintf(fp, "\r\n"
- "\r\n"
+ fprintf(fp, "\r\n"
+ "\r\n"
"<!-- Extra log file -->\r\n"
"<ossec_config>\r\n"
" <localfile>\r\n"
@@ -136,14 +136,14 @@ int config_file(char *name, char *file, int quiet)
fclose(fp);
return(0);
-
+
}
/* Setup windows after install */
int main(int argc, char **argv)
{
int quiet = 0;
-
+
if(argc < 2)
{
printf("%s: Invalid syntax.\n", argv[0]);
@@ -156,7 +156,7 @@ int main(int argc, char **argv)
quiet = 1;
}
-
+
/* Checking if ossec was installed already */
if(!fileexist(OSSECCONF))
{
@@ -167,6 +167,6 @@ int main(int argc, char **argv)
{
config_file(argv[0], argv[1], quiet);
}
-
+
return(0);
}
diff --git a/src/win32/extract-win-el.c b/src/win32/extract-win-el.c
index bc3fa58..ee4c98d 100755
--- a/src/win32/extract-win-el.c
+++ b/src/win32/extract-win-el.c
@@ -41,7 +41,7 @@ int el_last = 0;
/** int startEL(char *app, os_el *el)
- * Starts the event logging for each el
+ * Starts the event logging for each el
*/
int startEL(char *app, os_el *el)
{
@@ -49,7 +49,7 @@ int startEL(char *app, os_el *el)
el->h = OpenEventLog(NULL, app);
if(!el->h)
{
- return(0);
+ return(0);
}
el->name = app;
@@ -60,7 +60,7 @@ int startEL(char *app, os_el *el)
-/** char *el_getCategory(int category_id)
+/** char *el_getCategory(int category_id)
* Returns a string related to the category id of the log.
*/
char *el_getCategory(int category_id)
@@ -94,7 +94,7 @@ char *el_getCategory(int category_id)
/** int el_getEventDLL(char *evt_name, char *source, char *event)
* Returns the event.
*/
-int el_getEventDLL(char *evt_name, char *source, char *event)
+int el_getEventDLL(char *evt_name, char *source, char *event)
{
HKEY key;
DWORD ret;
@@ -103,21 +103,21 @@ int el_getEventDLL(char *evt_name, char *source, char *event)
keyname[255] = '\0';
- snprintf(keyname, 254,
- "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
- evt_name,
+ snprintf(keyname, 254,
+ "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
+ evt_name,
source);
- /* Opening registry */
+ /* Opening registry */
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_ALL_ACCESS, &key)
!= ERROR_SUCCESS)
{
- return(0);
+ return(0);
}
ret = MAX_PATH -1;
- if (RegQueryValueEx(key, "EventMessageFile", NULL,
+ if (RegQueryValueEx(key, "EventMessageFile", NULL,
NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS)
{
event[0] = '\0';
@@ -130,11 +130,11 @@ int el_getEventDLL(char *evt_name, char *source, char *event)
-/** char *el_getmessage()
+/** char *el_getmessage()
* Returns a descriptive message of the event.
*/
-char *el_getMessage(EVENTLOGRECORD *er, char *name,
- char * source, LPTSTR *el_sstring)
+char *el_getMessage(EVENTLOGRECORD *er, char *name,
+ char * source, LPTSTR *el_sstring)
{
DWORD fm_flags = 0;
char tmp_str[257];
@@ -157,12 +157,12 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
/* Get the file name from the registry (stored on event) */
if(!el_getEventDLL(name, source, event))
{
- return(NULL);
- }
+ return(NULL);
+ }
curr_str = event;
- /* If our event has multiple libraries, try each one of them */
+ /* If our event has multiple libraries, try each one of them */
while((next_str = strchr(curr_str, ';')))
{
*next_str = '\0';
@@ -172,11 +172,11 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
- if(!FormatMessage(fm_flags, hevt, er->EventID,
+ if(!FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring))
{
- message = NULL;
+ message = NULL;
}
FreeLibrary(hevt);
@@ -192,12 +192,12 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
- int hr;
- if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
+ int hr;
+ if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring)))
{
- message = NULL;
+ message = NULL;
}
FreeLibrary(hevt);
@@ -213,7 +213,7 @@ char *el_getMessage(EVENTLOGRECORD *er, char *name,
/** void readel(os_el *el)
* Reads the event log.
- */
+ */
void readel(os_el *el, int printit)
{
DWORD nstr;
@@ -239,7 +239,7 @@ void readel(os_el *el, int printit)
LPSTR el_sstring[57];
/* Er must point to the mbuffer */
- el->er = (EVENTLOGRECORD *) &mbuffer;
+ el->er = (EVENTLOGRECORD *) &mbuffer;
/* Zeroing the last values */
el_string[1024] = '\0';
@@ -248,8 +248,8 @@ void readel(os_el *el, int printit)
final_msg[1023] = '\0';
el_sstring[56] = NULL;
- /* Reading the event log */
- while(ReadEventLog(el->h,
+ /* Reading the event log */
+ while(ReadEventLog(el->h,
EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
el->er, BUFFER_SIZE -1, &read, &needed))
@@ -295,27 +295,27 @@ void readel(os_el *el, int printit)
el_sstring[nstr] = (LPSTR)sstr;
sstr = strchr( (LPSTR)sstr, '\0');
- sstr++;
+ sstr++;
}
/* Get a more descriptive message (if available) */
- descriptive_msg = el_getMessage(el->er, el->name, source,
+ descriptive_msg = el_getMessage(el->er, el->name, source,
el_sstring);
if(descriptive_msg != NULL)
{
/* Remove any \n or \r */
- tmp_str = descriptive_msg;
+ tmp_str = descriptive_msg;
while((tmp_str = strchr(tmp_str, '\n')))
{
*tmp_str = ' ';
- tmp_str++;
+ tmp_str++;
}
- tmp_str = descriptive_msg;
+ tmp_str = descriptive_msg;
while((tmp_str = strchr(tmp_str, '\r')))
{
*tmp_str = ' ';
- tmp_str++;
+ tmp_str++;
}
}
}
@@ -347,20 +347,20 @@ void readel(os_el *el, int printit)
if(printit)
{
- DWORD _evtid = 65535;
- int id = (int)el->er->EventID & _evtid;
-
- snprintf(final_msg, 1022,
+ DWORD _evtid = 65535;
+ int id = (int)el->er->EventID & _evtid;
+
+ snprintf(final_msg, 1022,
"%d WinEvtLog: %s: %s(%d): %s: %s(%s): %s",
(int)el->er->TimeGenerated,
el->name,
- category,
+ category,
id,
source,
el_user,
el_domain,
descriptive_msg != NULL?descriptive_msg:el_string);
-
+
fprintf(fp, "%s\n", final_msg);
}
@@ -405,18 +405,18 @@ int main(int argc, char **argv)
}
else if((argc == 3)&&(strcmp(argv[1], "-f") == 0))
{
- file = argv[2];
- }
+ file = argv[2];
+ }
else
help();
-
+
fp = fopen(file, "w");
if(!fp)
{
printf("Unable to open file '%s'\n", file);
exit(1);
}
-
+
win_startel("Application");
win_startel("System");
win_startel("Security");
diff --git a/src/win32/help.txt b/src/win32/help.txt
index 92e81e8..23a772d 100755
--- a/src/win32/help.txt
+++ b/src/win32/help.txt
@@ -1,8 +1,8 @@
-** OSSEC Windows Agent v2.7-beta1 **
-** Copyright (C) 2012 Trend Micro Inc. **
+** OSSEC Windows Agent v2.7.1 **
+** Copyright (C) 2013 Trend Micro Inc. **
-Thanks for installing 'OSSEC Windows Agent version 2.7-beta1'. Before you continue,
+Thanks for installing 'OSSEC Windows Agent version 2.7'. Before you continue,
make sure that you have an instance of the OSSEC server running and configured
to accept this system as an agent.
diff --git a/src/win32/os_win.h b/src/win32/os_win.h
index b4e31a5..70934f1 100755
--- a/src/win32/os_win.h
+++ b/src/win32/os_win.h
@@ -23,11 +23,11 @@ int InstallService(char *path);
/** int UninstallService()
* Uninstall the OSSEC HIDS agent service.
*/
-int UninstallService();
+int UninstallService();
-/** int QueryService():
- * Checks if service is running.
+/** int QueryService():
+ * Checks if service is running.
* Return 1 on success (running) or 0 if not.
*/
int CheckServiceRunning();
diff --git a/src/win32/ossec-installer.nsi b/src/win32/ossec-installer.nsi
index fa5f891..0beaf0a 100755
--- a/src/win32/ossec-installer.nsi
+++ b/src/win32/ossec-installer.nsi
@@ -8,12 +8,12 @@
!define MUI_ICON favicon.ico
!define MUI_UNICON ossec-uninstall.ico
-!define VERSION "2.7-beta1"
+!define VERSION "2.7.1"
!define NAME "OSSEC HIDS"
!define /date CDATE "%b %d %Y at %H:%M:%S"
Name "${NAME} Windows Agent v${VERSION}"
-BrandingText "Copyright (C) 2012 Trend Micro Inc."
+BrandingText "Copyright (C) 2003 - 2013 Trend Micro Inc."
OutFile "ossec-win32-agent.exe"
InstallDir "$PROGRAMFILES\ossec-agent"
@@ -31,10 +31,10 @@ InstallDirRegKey HKLM Software\OSSEC ""
!define MUI_FINISHPAGE_TITLE_3LINES
!define MUI_FINISHPAGE_RUN "$INSTDIR\win32ui.exe"
!define MUI_FINISHPAGE_RUN_TEXT "Run OSSEC Agent Manager"
-
+
; Page for choosing components.
!define MUI_COMPONENTSPAGE_TEXT_TOP "Select the options you want to be executed. Click next to continue."
- !define MUI_COMPONENTSPAGE_NODESC
+ !define MUI_COMPONENTSPAGE_NODESC
!insertmacro MUI_PAGE_WELCOME
!insertmacro MUI_PAGE_LICENSE "LICENSE.txt"
@@ -64,11 +64,11 @@ Function .onInit
MessageBox MB_OKCANCEL "${NAME} is already installed. It will be stopped before continuing." /SD IDOK IDOK NoAbort
Abort
NoAbort:
-
+
;; Stopping ossec service.
nsExec::ExecToStack '"net" "stop" "OssecSvc"'
FunctionEnd
-
+
;--------------------------------
;Main install section
@@ -145,7 +145,7 @@ Delete "$SMPROGRAMS\OSSEC\Documentation.lnk"
Delete "$SMPROGRAMS\OSSEC\Edit Config.lnk"
Delete "$SMPROGRAMS\OSSEC\*.*"
-; Remove start menu entry.
+; Remove start menu entry.
RMDir "$SMPROGRAMS\OSSEC"
; Creating start menu directory
@@ -178,12 +178,12 @@ SectionEnd
;--------------------------------
;Uninstall section
Section "Uninstall"
-
+
;Need a step to check for a running agent manager, otherwise it and the INSTDIR directory will not be removed.
-
+
; Stop ossec. Perhaps we should look for an exit status here. Also, may be a good place to use a plug-in.
nsExec::ExecToStack '"net" "stop" "OssecSvc"'
-
+
; Uninstall from the services. Again, maybe use a plugin here.
nsExec::ExecToStack '"$INSTDIR\ossec-agent.exe" uninstall-service'
diff --git a/src/win32/read-registry.c b/src/win32/read-registry.c
index b5f4d68..b946100 100755
--- a/src/win32/read-registry.c
+++ b/src/win32/read-registry.c
@@ -6,13 +6,13 @@
#define MAX_KEY_LENGTH 255
#define MAX_KEY 2048
#define MAX_VALUE_NAME 16383
-
+
char *(os_winreg_ignore_list[]) = {"SOFTWARE\\Classes","test123",NULL};
HKEY sub_tree;
int os_winreg_open_key(char *subkey);
-void os_winreg_querykey(HKEY hKey, char *p_key)
+void os_winreg_querykey(HKEY hKey, char *p_key)
{
int i, rc;
DWORD j;
@@ -30,8 +30,8 @@ void os_winreg_querykey(HKEY hKey, char *p_key)
DWORD value_count;
/* Variables for RegEnumValue */
- TCHAR value_buffer[MAX_VALUE_NAME +1];
- TCHAR data_buffer[MAX_VALUE_NAME +1];
+ TCHAR value_buffer[MAX_VALUE_NAME +1];
+ TCHAR data_buffer[MAX_VALUE_NAME +1];
DWORD value_size;
DWORD data_size;
@@ -44,7 +44,7 @@ void os_winreg_querykey(HKEY hKey, char *p_key)
class_name_b[MAX_PATH] = '\0';
sub_key_name_b[0] = '\0';
sub_key_name_b[MAX_KEY_LENGTH] = '\0';
-
+
/* We use the class_name, subkey_count and the value count. */
rc = RegQueryInfoKey(hKey, class_name_b, &class_name_s, NULL,
@@ -63,21 +63,21 @@ void os_winreg_querykey(HKEY hKey, char *p_key)
if(subkey_count)
{
/* We open each subkey and call open_key */
- for(i=0;i<subkey_count;i++)
- {
+ for(i=0;i<subkey_count;i++)
+ {
sub_key_name_s = MAX_KEY_LENGTH;
rc = RegEnumKeyEx(hKey, i, sub_key_name_b, &sub_key_name_s,
- NULL, NULL, NULL, NULL);
-
+ NULL, NULL, NULL, NULL);
+
/* Checking for the rc. */
- if(rc == ERROR_SUCCESS)
+ if(rc == ERROR_SUCCESS)
{
char new_key[MAX_KEY_LENGTH + 2];
new_key[MAX_KEY_LENGTH +1] = '\0';
if(p_key)
{
- snprintf(new_key, MAX_KEY_LENGTH,
+ snprintf(new_key, MAX_KEY_LENGTH,
"%s\\%s", p_key, sub_key_name_b);
}
else
@@ -90,22 +90,22 @@ void os_winreg_querykey(HKEY hKey, char *p_key)
}
}
}
-
+
/* Getting Values (if available) */
- if (value_count)
+ if (value_count)
{
/* md5 and sha1 sum */
os_md5 mf_sum;
os_sha1 sf_sum;
-
+
/* Clearing the values for value_size and data_size */
value_buffer[MAX_VALUE_NAME] = '\0';
data_buffer[MAX_VALUE_NAME] = '\0';
- for(i=0;i<value_count;i++)
- {
- value_size = MAX_VALUE_NAME;
+ for(i=0;i<value_count;i++)
+ {
+ value_size = MAX_VALUE_NAME;
data_size = MAX_VALUE_NAME;
value_buffer[0] = '\0';
@@ -182,7 +182,7 @@ int os_winreg_open_key(char *subkey)
{
return(0);
}
- i++;
+ i++;
}
}
diff --git a/src/win32/service-start.c b/src/win32/service-start.c
index c92d59a..057f142 100644
--- a/src/win32/service-start.c
+++ b/src/win32/service-start.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
@@ -23,7 +23,7 @@ int main(int argc, char **argv)
printf("%s: Attempting to start ossec.", argv[0]);
system("net start OssecSvc");
-
+
system("pause");
return(0);
}
diff --git a/src/win32/service-stop.c b/src/win32/service-stop.c
index 01e27a0..1ffbb37 100644
--- a/src/win32/service-stop.c
+++ b/src/win32/service-stop.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
@@ -23,7 +23,7 @@ int main(int argc, char **argv)
printf("%s: Attempting to stop ossec.", argv[0]);
system("net stop OssecSvc");
-
+
system("pause");
return(0);
}
diff --git a/src/win32/setup-iis.c b/src/win32/setup-iis.c
index b4b5d03..bfe87d8 100755
--- a/src/win32/setup-iis.c
+++ b/src/win32/setup-iis.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
@@ -32,14 +32,14 @@ int total;
int direxist(char *dir)
{
DIR *dp;
-
+
/* Opening dir */
dp = opendir(dir);
if(dp == NULL)
return(0);
-
+
closedir(dp);
- return(1);
+ return(1);
}
@@ -69,7 +69,7 @@ int dogrep(char *file, char *str)
/* Clearing memory */
memset(line, '\0', OS_MAXSTR +1);
- /* Reading file and looking for str */
+ /* Reading file and looking for str */
while(fgets(line, OS_MAXSTR, fp) != NULL)
{
if(OS_Match(str, line))
@@ -163,7 +163,7 @@ int config_iis(char *name, char *file, char *vfile)
if(dogrep(OSSECCONF, vfile))
{
- printf("%s: Log file already configured: '%s'.\n",
+ printf("%s: Log file already configured: '%s'.\n",
name, vfile);
return(1);
}
@@ -176,11 +176,11 @@ int config_iis(char *name, char *file, char *vfile)
if(!fp)
{
printf("%s: Unable to edit configuration file.\n", name);
- return(1);
+ return(1);
}
- fprintf(fp, "\r\n"
- "\r\n"
+ fprintf(fp, "\r\n"
+ "\r\n"
"<!-- IIS log file -->\r\n"
"<ossec_config>\r\n"
" <localfile>\r\n"
@@ -203,10 +203,10 @@ int main(int argc, char **argv)
time_t tm;
struct tm *p;
-
- char win_dir[2048];
-
-
+
+ char win_dir[2048];
+
+
if(argc >= 2)
{
if(chdir(argv[1]) != 0)
@@ -215,7 +215,7 @@ int main(int argc, char **argv)
return(0);
}
}
-
+
/* Checking if ossec was installed already */
if(!fileexist(OSSECCONF))
{
@@ -226,20 +226,20 @@ int main(int argc, char **argv)
/* Getting todays day */
tm = time(NULL);
p = localtime(&tm);
-
- total = 0;
- printf("%s: Looking for IIS log files to monitor.\r\n",
+ total = 0;
+
+ printf("%s: Looking for IIS log files to monitor.\r\n",
argv[0]);
- printf("%s: For more information: http://www.ossec.net/en/win.html\r\n",
+ printf("%s: For more information: http://www.ossec.net/en/win.html\r\n",
argv[0]);
printf("\r\n");
-
-
+
+
/* Getting windows directory */
get_win_dir(win_dir, sizeof(win_dir) -1);
-
-
+
+
/* Looking for IIS log files */
while(i <= 254)
{
@@ -249,30 +249,30 @@ int main(int argc, char **argv)
i++;
/* Searching for NCSA */
- snprintf(lfile,
- OS_MAXSTR,
+ snprintf(lfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\W3SVC%d\\nc%02d%02d%02d.log",
win_dir,i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
- snprintf(vfile,
- OS_MAXSTR,
+ snprintf(vfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\W3SVC%d\\nc%%y%%m%%d.log",
win_dir, i);
-
+
/* Try dir-based */
config_iis(argv[0], lfile, vfile);
/* Searching for W3C extended */
- snprintf(lfile,
- OS_MAXSTR,
+ snprintf(lfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\W3SVC%d\\ex%02d%02d%02d.log",
win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
-
- snprintf(vfile,
- OS_MAXSTR,
+
+ snprintf(vfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\W3SVC%d\\ex%%y%%m%%d.log",
win_dir, i);
-
+
/* Try dir-based */
if(config_iis(argv[0], lfile, vfile) == 0)
{
@@ -284,13 +284,13 @@ int main(int argc, char **argv)
/* Searching for FTP Extended format */
- snprintf(lfile,
- OS_MAXSTR,
+ snprintf(lfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%02d%02d%02d.log",
win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
-
- snprintf(vfile,
- OS_MAXSTR,
+
+ snprintf(vfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%%y%%m%%d.log",
win_dir, i);
if(config_iis(argv[0], lfile, vfile) == 0)
@@ -303,13 +303,13 @@ int main(int argc, char **argv)
/* Searching for IIS SMTP logs */
- snprintf(lfile,
- OS_MAXSTR,
+ snprintf(lfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\SMTPSVC%d\\ex%02d%02d%02d.log",
win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
-
- snprintf(vfile,
- OS_MAXSTR,
+
+ snprintf(vfile,
+ OS_MAXSTR,
"%s\\System32\\LogFiles\\SMTPSVC%d\\ex%%y%%m%%d.log",
win_dir, i);
if(config_iis(argv[0], lfile, vfile) == 0)
@@ -326,6 +326,6 @@ int main(int argc, char **argv)
printf("%s: No IIS log added. Look at the link above for more "
"information.\r\n", argv[0]);
}
-
+
return(0);
}
diff --git a/src/win32/setup-shared.c b/src/win32/setup-shared.c
index f8f86ff..8b450ae 100755
--- a/src/win32/setup-shared.c
+++ b/src/win32/setup-shared.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
@@ -54,7 +54,7 @@ int dogrep(char *file, char *str)
/* Clearing memory */
memset(line, '\0', OS_MAXSTR +1);
- /* Reading file and looking for str */
+ /* Reading file and looking for str */
while(fgets(line, OS_MAXSTR, fp) != NULL)
{
if(OS_Match(str, line))
diff --git a/src/win32/setup-shared.h b/src/win32/setup-shared.h
index 7ca45a2..7fb1a15 100755
--- a/src/win32/setup-shared.h
+++ b/src/win32/setup-shared.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include <stdio.h>
#include <stdlib.h>
diff --git a/src/win32/setup-syscheck.c b/src/win32/setup-syscheck.c
index fee82c2..c20bcfe 100755
--- a/src/win32/setup-syscheck.c
+++ b/src/win32/setup-syscheck.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include "setup-shared.h"
#include "os_xml/os_xml.h"
@@ -23,7 +23,7 @@ int main(int argc, char **argv)
{
char *status;
char *(xml_syscheck_status[])={"ossec_config","syscheck","disabled", NULL};
-
+
if(argc < 3)
{
printf("%s: Invalid syntax.\n", argv[0]);
diff --git a/src/win32/setup-win.c b/src/win32/setup-win.c
index a5b5ace..c31b9c4 100755
--- a/src/win32/setup-win.c
+++ b/src/win32/setup-win.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
#include "setup-shared.h"
@@ -23,19 +23,19 @@ int main(int argc, char **argv)
printf("Try: '%s directory'\n\n", argv[0]);
return(0);
}
-
+
/* Trying to chdir to ossec directory. */
if(chdir(argv[1]) != 0)
{
printf("%s: Invalid directory: '%s'.\n", argv[0], argv[1]);
return(0);
}
-
+
/* Checking if ossec was installed already (upgrade) */
if(!fileexist(OSSECCONF))
{
char cmd[OS_MAXSTR +1];
-
+
/* Copy default config to ossec.conf */
snprintf(cmd, OS_MAXSTR, "copy %s %s", OSSECDEF, OSSECCONF);
system(cmd);
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
/* Setting up local files */
system("add-localfile.exe \"C:\\Windows\\pfirewall.log\" --quiet");
system("add-localfile.exe \"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Logs\\\%m\%d20\%y.log\" --quiet");
-
+
/* Configure ossec for automatic startup */
system("sc config OssecSvc start= auto");
@@ -54,7 +54,7 @@ int main(int argc, char **argv)
/* Changing permissions. */
checkVista();
-
+
if(isVista)
{
char cmd[OS_MAXSTR +1];
@@ -79,7 +79,7 @@ int main(int argc, char **argv)
/* Changing permissions. */
system("echo y|cacls * /T /G Administrators:f ");
-
+
/* Copying them back. */
snprintf(cmd, OS_MAXSTR, "move ..\\os_win32ui.exe .");
system(cmd);
diff --git a/src/win32/ui.nsi b/src/win32/ui.nsi
index 33e1507..478445b 100644
--- a/src/win32/ui.nsi
+++ b/src/win32/ui.nsi
@@ -1,14 +1,14 @@
; This is for Vista. For some reason it is not reading
-; my template correctly.
+; my template correctly.
!include "MUI.nsh"
-!define VERSION "2.7-beta1"
+!define VERSION "2.7.1"
!define NAME "OSSEC HIDS"
!define /date CDATE "%b %d %Y at %H:%M:%S"
Name "${NAME} Windows Agent v${VERSION}"
-BrandingText "Copyright (C) 2011 Trend Micro Inc."
+BrandingText "Copyright (C) 2013 Trend Micro Inc."
OutFile "win32ui.exe"
@@ -27,7 +27,7 @@ Function .onInit
Exec '"$INSTDIR\os_win32ui.exe" "$INSTDIR"'
Abort
FunctionEnd
-
+
Section "OSSEC UI - Should not be called." MainSec
diff --git a/src/win32/ui/._common.c b/src/win32/ui/._common.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._common.c and /dev/null differ
diff --git a/src/win32/ui/._favicon.ico b/src/win32/ui/._favicon.ico
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._favicon.ico and /dev/null differ
diff --git a/src/win32/ui/._make.bat b/src/win32/ui/._make.bat
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/ui/._make.bat and /dev/null differ
diff --git a/src/win32/ui/._make.sh b/src/win32/ui/._make.sh
deleted file mode 100755
index 48cbba1..0000000
Binary files a/src/win32/ui/._make.sh and /dev/null differ
diff --git a/src/win32/ui/._os_win32ui.c b/src/win32/ui/._os_win32ui.c
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._os_win32ui.c and /dev/null differ
diff --git a/src/win32/ui/._os_win32ui.exe.manifest b/src/win32/ui/._os_win32ui.exe.manifest
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._os_win32ui.exe.manifest and /dev/null differ
diff --git a/src/win32/ui/._os_win32ui.h b/src/win32/ui/._os_win32ui.h
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._os_win32ui.h and /dev/null differ
diff --git a/src/win32/ui/._win32ui.rc b/src/win32/ui/._win32ui.rc
deleted file mode 100644
index 48cbba1..0000000
Binary files a/src/win32/ui/._win32ui.rc and /dev/null differ
diff --git a/src/win32/ui/common.c b/src/win32/ui/common.c
index 76b8902..b714a9c 100644
--- a/src/win32/ui/common.c
+++ b/src/win32/ui/common.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -27,11 +27,11 @@
int gen_server_info(HWND hwnd)
{
memset(ui_server_info, '\0', 2048 +1);
- snprintf(ui_server_info, 2048,
+ snprintf(ui_server_info, 2048,
"Agent: %s (%s) - %s\r\n\r\n"
"Status: %s",
- config_inst.agentname,
- config_inst.agentid,
+ config_inst.agentname,
+ config_inst.agentid,
config_inst.agentip,
config_inst.status);
@@ -42,14 +42,14 @@ int gen_server_info(HWND hwnd)
SetDlgItemText(hwnd, UI_SERVER_TOP, config_inst.version);
SetDlgItemText(hwnd, UI_SERVER_INFO, ui_server_info);
}
-
+
/* Initializing auth key */
SetDlgItemText(hwnd, UI_SERVER_AUTH, config_inst.key);
/* Initializing server ip */
SetDlgItemText(hwnd, UI_SERVER_TEXT, config_inst.server);
- SendMessage(hStatus, SB_SETTEXT, 0, (LPARAM)"http://www.ossec.net");
+ SendMessage(hStatus, SB_SETTEXT, 0, (LPARAM)"http://www.ossec.net");
return(0);
}
@@ -194,7 +194,7 @@ void init_config()
}
- /* Testing for permission - this is a vista thing.
+ /* Testing for permission - this is a vista thing.
* For some reason vista is not reporting the return codes
* properly.
*/
@@ -218,7 +218,7 @@ void init_config()
{
config_inst.admin_access = 0;
}
-
+
fclose(fp);
/* trying to open it to read. */
@@ -231,7 +231,7 @@ void init_config()
{
config_inst.admin_access = 0;
}
-
+
if(unlink(".test-file.tst"))
{
config_inst.admin_access = 0;
@@ -250,7 +250,7 @@ int config_read(HWND hwnd)
{
char *tmp_str;
-
+
/* Clearing config */
config_clear();
@@ -267,7 +267,7 @@ int config_read(HWND hwnd)
/* Getting version/install date */
- config_inst.version = cat_file(VERSION_FILE, NULL);
+ config_inst.version = cat_file(VERSION_FILE, NULL);
if(config_inst.version)
{
config_inst.install_date = strchr(config_inst.version, '-');
@@ -280,7 +280,7 @@ int config_read(HWND hwnd)
/* Getting number of messages sent */
- tmp_str = cat_file(SENDER_FILE, NULL);
+ tmp_str = cat_file(SENDER_FILE, NULL);
if(tmp_str)
{
unsigned long int tmp_val = 0;
@@ -419,7 +419,7 @@ int get_ossec_server()
free(str);
str = NULL;
}
-
+
str = OS_GetOneContentforElement(&xml, xml_serverhost);
if(str)
{
@@ -443,7 +443,7 @@ int get_ossec_server()
/* Setting up final server name when not available */
config_inst.server = strdup(FL_NOSERVER);
-
+
OS_ClearXML(&xml);
return(0);
@@ -456,7 +456,7 @@ int set_ossec_server(char *ip, HWND hwnd)
char **xml_pt = NULL;
char *(xml_serverip[])={"ossec_config","client","server-ip", NULL};
char *(xml_serverhost[])={"ossec_config","client","server-hostname", NULL};
-
+
/* Verifying IP Address */
if(OS_IsValidIP(ip, NULL) != 1)
@@ -484,7 +484,7 @@ int set_ossec_server(char *ip, HWND hwnd)
/* Reading the XML. Printing error and line number */
- if(OS_WriteXML(CONFIG, NEWCONFIG, xml_pt,
+ if(OS_WriteXML(CONFIG, NEWCONFIG, xml_pt,
NULL, NULL, ip, 0) != 0)
{
MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n"
diff --git a/src/win32/ui/os_win32ui.c b/src/win32/ui/os_win32ui.c
index 008157d..e19b969 100644
--- a/src/win32/ui/os_win32ui.c
+++ b/src/win32/ui/os_win32ui.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -21,7 +21,7 @@
/* Dialog -- About OSSEC */
-BOOL CALLBACK AboutDlgProc(HWND hwnd, UINT Message,
+BOOL CALLBACK AboutDlgProc(HWND hwnd, UINT Message,
WPARAM wParam, LPARAM lParam)
{
switch(Message)
@@ -54,7 +54,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
{
int ret_code = 0;
-
+
switch(Message)
{
case WM_INITDIALOG:
@@ -99,17 +99,17 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
hStatus = CreateWindowEx(0, STATUSCLASSNAME, NULL,
- WS_CHILD|WS_VISIBLE|SBARS_SIZEGRIP,
+ WS_CHILD|WS_VISIBLE|SBARS_SIZEGRIP,
0, 0, 0, 0,
- hwnd, (HMENU)IDC_MAIN_STATUS,
+ hwnd, (HMENU)IDC_MAIN_STATUS,
GetModuleHandle(NULL), NULL);
- SendMessage(hStatus, SB_SETPARTS,
- sizeof(statwidths)/sizeof(int),
+ SendMessage(hStatus, SB_SETPARTS,
+ sizeof(statwidths)/sizeof(int),
(LPARAM)statwidths);
SendMessage(hStatus, SB_SETTEXT, 0, (LPARAM)"http://www.ossec.net");
-
+
/* Initializing config */
config_read(hwnd);
@@ -117,11 +117,11 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
/* Setting the icons */
- SendMessage(hwnd, WM_SETICON, ICON_SMALL,
- (LPARAM)LoadIcon(GetModuleHandle(NULL),
+ SendMessage(hwnd, WM_SETICON, ICON_SMALL,
+ (LPARAM)LoadIcon(GetModuleHandle(NULL),
MAKEINTRESOURCE(IDI_OSSECICON)));
- SendMessage(hwnd, WM_SETICON, ICON_BIG,
- (LPARAM)LoadIcon(GetModuleHandle(NULL),
+ SendMessage(hwnd, WM_SETICON, ICON_BIG,
+ (LPARAM)LoadIcon(GetModuleHandle(NULL),
MAKEINTRESOURCE(IDI_OSSECICON)));
if(config_inst.admin_access == 0)
@@ -131,7 +131,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
"Admin access required.", MB_OK);
break;
}
-
+
}
break;
@@ -153,10 +153,10 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
break;
}
- /** Getting values from the user (if chosen save)
+ /** Getting values from the user (if chosen save)
* We should probably create another function for it...
**/
-
+
/* Getting server ip */
len = GetWindowTextLength(GetDlgItem(hwnd, UI_SERVER_TEXT));
if(len > 0)
@@ -170,7 +170,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
{
exit(-1);
}
-
+
GetDlgItemText(hwnd, UI_SERVER_TEXT, buf, len + 1);
/* If auth key changed, set it */
@@ -186,8 +186,8 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
GlobalFree(buf);
}
}
-
-
+
+
/* Getting auth key */
len = GetWindowTextLength(GetDlgItem(hwnd, UI_SERVER_AUTH));
if(len > 0)
@@ -225,8 +225,8 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
id = decd_buf;
name = strchr(id, ' ');
if(name)
- {
- *name = '\0';
+ {
+ *name = '\0';
name++;
ip = strchr(name, ' ');
@@ -250,21 +250,21 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
if(!ip)
{
MessageBox(hwnd, "Unable to import "
- "authentication key. Invalid.",
+ "authentication key. Invalid.",
"Error Saving.", MB_OK);
}
else
{
char mbox_msg[1024 +1];
mbox_msg[1024] = '\0';
-
+
snprintf(mbox_msg, 1024, "Adding key for:\r\n\r\n"
- "Agent ID: %s\r\n"
- "Agent Name: %s\r\n"
+ "Agent ID: %s\r\n"
+ "Agent Name: %s\r\n"
"IP Address: %s\r\n",
id, name, ip);
-
- ret = MessageBox(hwnd, mbox_msg,
+
+ ret = MessageBox(hwnd, mbox_msg,
"Confirm Importing Key", MB_OKCANCEL);
if(ret == IDOK)
{
@@ -278,7 +278,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
}
}
-
+
}
/* Free used memory */
@@ -325,10 +325,10 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
(LPARAM)"Auth key and server ip saved ..");
}
- }
+ }
}
break;
-
+
case UI_MENU_MANAGE_EXIT:
PostMessage(hwnd, WM_CLOSE, 0, 0);
break;
@@ -336,7 +336,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
case UI_MENU_VIEW_LOGS:
_spawnlp( _P_NOWAIT, "notepad", "notepad " OSSECLOGS, NULL );
break;
- case UI_MENU_VIEW_CONFIG:
+ case UI_MENU_VIEW_CONFIG:
_spawnlp( _P_NOWAIT, "notepad", "notepad " CONFIG, NULL );
break;
case UI_MENU_HELP_HELP:
@@ -344,17 +344,17 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
break;
case UI_MENU_HELP_ABOUT:
{
- DialogBox(GetModuleHandle(NULL),
+ DialogBox(GetModuleHandle(NULL),
MAKEINTRESOURCE(IDD_ABOUT), hwnd, AboutDlgProc);
}
break;
case IDC_CANCEL:
- config_read(hwnd);
+ config_read(hwnd);
gen_server_info(hwnd);
break;
-
+
case UI_MENU_MANAGE_START:
-
+
/* Starting OSSEC -- must have a valid config before. */
if((strcmp(config_inst.key, FL_NOKEY) != 0) &&
(strcmp(config_inst.server, FL_NOSERVER) != 0))
@@ -365,7 +365,7 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
{
ret_code = 0;
}
-
+
if(ret_code == 0)
{
MessageBox(hwnd, "Unable to start OSSEC (check config).",
@@ -386,9 +386,9 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
MessageBox(hwnd, "Agent already running (try restart).",
"Already running..", MB_OK);
}
- break;
+ break;
case UI_MENU_MANAGE_STOP:
-
+
/* Stopping OSSEC */
ret_code = os_stop_service();
if(ret_code == 1)
@@ -420,18 +420,18 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
}
break;
case UI_MENU_MANAGE_RESTART:
-
+
if((strcmp(config_inst.key, FL_NOKEY) == 0) ||
(strcmp(config_inst.server, FL_NOSERVER) == 0))
{
MessageBox(hwnd, "Unable to restart OSSEC (check config).",
"Error -- Unable to restart", MB_OK);
break;
-
+
}
-
+
ret_code = os_stop_service();
-
+
/* Starting OSSEC */
ret_code = os_start_service();
if(ret_code == 0)
@@ -448,14 +448,14 @@ BOOL CALLBACK DlgProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam)
MessageBox(hwnd, "OSSEC Agent Restarted.",
"Restarted..", MB_OK);
}
- break;
+ break;
}
break;
-
+
case WM_CLOSE:
EndDialog(hwnd, 0);
break;
-
+
default:
return FALSE;
}
diff --git a/src/win32/ui/os_win32ui.h b/src/win32/ui/os_win32ui.h
index 46a842c..eef7efc 100644
--- a/src/win32/ui/os_win32ui.h
+++ b/src/win32/ui/os_win32ui.h
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -50,7 +50,7 @@
#define ST_MISSING_ALL "Require import of authentication key.\r\n" \
" Missing OSSEC Server IP address.\r\n" \
" - Not Running..."
-
+
/* Pre-def fields */
diff --git a/src/win32/win_agent.c b/src/win32/win_agent.c
index ff2b2fa..a4b498f 100755
--- a/src/win32/win_agent.c
+++ b/src/win32/win_agent.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -71,6 +71,7 @@ int main(int argc, char **argv)
{
char *tmpstr;
char mypath[OS_MAXSTR +1];
+ char myfinalpath[OS_MAXSTR +1];
char myfile[OS_MAXSTR +1];
/* Setting the name */
@@ -79,9 +80,10 @@ int main(int argc, char **argv)
/* Find where I'm */
mypath[OS_MAXSTR] = '\0';
+ myfinalpath[OS_MAXSTR] = '\0';
myfile[OS_MAXSTR] = '\0';
-
-
+
+
/* mypath is going to be the whole path of the file */
strncpy(mypath, argv[0], OS_MAXSTR);
tmpstr = strrchr(mypath, '\\');
@@ -100,15 +102,14 @@ int main(int argc, char **argv)
}
chdir(mypath);
getcwd(mypath, OS_MAXSTR -1);
- strncat(mypath, "\\", OS_MAXSTR - (strlen(mypath) + 2));
- strncat(mypath, myfile, OS_MAXSTR - (strlen(mypath) + 2));
-
-
+ snprintf(myfinalpath, OS_MAXSTR, "\"%s\\%s\"", mypath, myfile);
+
+
if(argc > 1)
{
if(strcmp(argv[1], "install-service") == 0)
{
- return(InstallService(mypath));
+ return(InstallService(myfinalpath));
}
else if(strcmp(argv[1], "uninstall-service") == 0)
{
@@ -163,7 +164,6 @@ int local_start()
}
logr->port = DEFAULT_SECURE;
-
/* Getting debug level */
debug_level = getDefine_Int("windows","debug", 0, 2);
while(debug_level != 0)
@@ -171,12 +171,12 @@ int local_start()
nowDebug();
debug_level--;
}
- accept_manager_commands = getDefine_Int("logcollector",
+ accept_manager_commands = getDefine_Int("logcollector",
"remote_commands", 0, 1);
-
-
-
+
+
+
/* Configuration file not present */
if(File_DateofChange(cfg) < 0)
ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
@@ -187,7 +187,7 @@ int local_start()
{
ErrorExit("%s: WSAStartup() failed", ARGV0);
}
-
+
/* Read agent config */
debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
@@ -195,7 +195,20 @@ int local_start()
{
ErrorExit(CLIENT_ERROR,ARGV0);
}
-
+ if(logr->notify_time == 0)
+ {
+ logr->notify_time = NOTIFY_TIME;
+ }
+ if(logr->max_time_reconnect_try == 0 )
+ {
+ logr->max_time_reconnect_try = NOTIFY_TIME * 3;
+ }
+ if(logr->max_time_reconnect_try <= logr->notify_time)
+ {
+ logr->max_time_reconnect_try = (logr->notify_time * 3);
+ verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
+ }
+ verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
/* Reading logcollector config file */
debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
@@ -210,7 +223,7 @@ int local_start()
{
ErrorExit(AG_NOKEYS_EXIT, ARGV0);
}
-
+
/* If there is not file to monitor, create a clean entry
@@ -235,11 +248,11 @@ int local_start()
{
logr->execdq = -1;
}
-
-
+
+
/* Reading keys */
verbose(ENC_READ, ARGV0);
-
+
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL);
@@ -266,47 +279,47 @@ int local_start()
/* Starting syscheck thread */
- if(CreateThread(NULL,
- 0,
- (LPTHREAD_START_ROUTINE)skthread,
- NULL,
- 0,
+ if(CreateThread(NULL,
+ 0,
+ (LPTHREAD_START_ROUTINE)skthread,
+ NULL,
+ 0,
(LPDWORD)&threadID) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
-
+
/* Checking if server is connected */
os_setwait();
-
+
start_agent(1);
-
+
os_delwait();
/* Sending integrity message for agent configs */
intcheck_file(cfg, "");
intcheck_file(OSSEC_DEFINES, "");
-
+
/* Starting receiver thread */
- if(CreateThread(NULL,
- 0,
- (LPTHREAD_START_ROUTINE)receiver_thread,
- NULL,
- 0,
+ if(CreateThread(NULL,
+ 0,
+ (LPTHREAD_START_ROUTINE)receiver_thread,
+ NULL,
+ 0,
(LPDWORD)&threadID2) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
-
-
+
+
/* Sending agent information message */
send_win32_info(time(0));
-
-
+
+
/* Startting logcollector -- main process here */
LogCollectorStart();
@@ -319,27 +332,26 @@ int local_start()
int SendMSG(int queue, char *message, char *locmsg, char loc)
{
int _ssize;
-
+
time_t cu_time;
-
+
char *pl;
char tmpstr[OS_MAXSTR+2];
char crypt_msg[OS_MAXSTR +2];
-
- DWORD dwWaitResult;
+
+ DWORD dwWaitResult;
tmpstr[OS_MAXSTR +1] = '\0';
crypt_msg[OS_MAXSTR +1] = '\0';
-
debug2("%s: DEBUG: Attempting to send message to server.", ARGV0);
-
+
/* Using a mutex to synchronize the writes */
while(1)
{
dwWaitResult = WaitForSingleObject(hMutex, 1000000L);
- if(dwWaitResult != WAIT_OBJECT_0)
+ if(dwWaitResult != WAIT_OBJECT_0)
{
switch(dwWaitResult)
{
@@ -350,8 +362,8 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
case WAIT_ABANDONED:
merror("%s: Error waiting mutex (abandoned).", ARGV0);
return(0);
- default:
- merror("%s: Error waiting mutex.", ARGV0);
+ default:
+ merror("%s: Error waiting mutex.", ARGV0);
return(0);
}
}
@@ -360,28 +372,29 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
/* Lock acquired */
break;
}
- }
-
+ } /*end - while for mutex...*/
cu_time = time(0);
-
+
#ifndef ONEWAY
/* Check if the server has responded */
- if((cu_time - available_server) > (NOTIFY_TIME - 180))
+ if((cu_time - available_server) > logr->notify_time)
{
debug1("%s: DEBUG: Sending info to server (c1)...", ARGV0);
+ verbose("%s More than %d seconds without server response...sending win32info", ARGV0,logr->notify_time);
send_win32_info(cu_time);
/* Attempting to send message again. */
- if((cu_time - available_server) > NOTIFY_TIME)
+ if((cu_time - available_server) > logr->notify_time)
{
+ /* Try again... */
sleep(1);
send_win32_info(cu_time);
sleep(1);
- if((cu_time - available_server) > NOTIFY_TIME)
+ if((cu_time - available_server) > logr->notify_time)
{
send_win32_info(cu_time);
}
@@ -389,16 +402,16 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
/* If we reached here, the server is unavailable for a while. */
- if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
+ if((cu_time - available_server) > logr->max_time_reconnect_try)
{
int wi = 1;
-
+ verbose("%s More than %d seconds without server response...is server alive? and Is there connection?", ARGV0,logr->max_time_reconnect_try);
/* Last attempt before going into reconnect mode. */
debug1("%s: DEBUG: Sending info to server (c3)...", ARGV0);
sleep(1);
send_win32_info(cu_time);
- if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
+ if((cu_time - available_server) > logr->max_time_reconnect_try)
{
sleep(1);
send_win32_info(cu_time);
@@ -408,7 +421,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
/* Checking and generating log if unavailable. */
cu_time = time(0);
- if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
+ if((cu_time - available_server) > logr->max_time_reconnect_try)
{
int global_sleep = 1;
int mod_sleep = 12;
@@ -420,7 +433,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
/* Going into reconnect mode. */
- while((cu_time - available_server) > ((3*NOTIFY_TIME) - 180))
+ while((cu_time - available_server) > logr->max_time_reconnect_try)
{
/* Sending information to see if server replies */
if(logr->sock != -1)
@@ -446,12 +459,12 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
{
int curr_rip = logr->rip_id;
merror("%s: INFO: Trying next server ip in "
- "line: '%s'.",
+ "line: '%s'.",
ARGV0,
logr->rip[logr->rip_id + 1] != NULL?
logr->rip[logr->rip_id + 1]:
logr->rip[0]);
-
+
connect_server(logr->rip_id +1);
if(logr->rip_id != curr_rip)
@@ -479,7 +492,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
}
}
- verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
+ verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
logr->port);
verbose(SERVER_UP, ARGV0);
}
@@ -500,7 +513,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
}
-
+
/* locmsg cannot have the C:, as we use it as delimiter */
pl = strchr(locmsg, ':');
if(pl)
@@ -513,9 +526,9 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
pl = locmsg;
}
-
+
debug2("%s: DEBUG: Sending message to server: '%s'", ARGV0, message);
-
+
snprintf(tmpstr,OS_MAXSTR,"%c:%s:%s", loc, pl, message);
_ssize = CreateSecMSG(&keys, tmpstr, crypt_msg, 0);
@@ -527,9 +540,9 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
merror(SEC_ERROR,ARGV0);
if(!ReleaseMutex(hMutex))
{
- merror("%s: Error releasing mutex.", ARGV0);
+ merror("%s: Error releasing mutex.", ARGV0);
}
-
+
return(-1);
}
@@ -544,7 +557,7 @@ int SendMSG(int queue, char *message, char *locmsg, char loc)
{
merror("%s: Error releasing mutex.", ARGV0);
}
- return(0);
+ return(0);
}
@@ -553,12 +566,12 @@ int StartMQ(char * path, short int type)
{
/* Connecting to the server. */
connect_server(0);
-
+
if((path == NULL) && (type == 0))
{
return(0);
}
-
+
return(0);
}
@@ -575,7 +588,7 @@ void send_win32_info(time_t curr_time)
debug1("%s: DEBUG: Sending keep alive message.", ARGV0);
-
+ verbose("%s Sending keep alive message....", ARGV0);
/* fixing time */
__win32_curr_time = curr_time;
@@ -604,8 +617,8 @@ void send_win32_info(time_t curr_time)
__win32_shared_time = __win32_curr_time;
}
-
-
+
+
/* get shared files */
if(!__win32_shared)
{
diff --git a/src/win32/win_service.c b/src/win32/win_service.c
index e4f3e58..1989c4e 100755
--- a/src/win32/win_service.c
+++ b/src/win32/win_service.c
@@ -9,7 +9,7 @@
* License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
@@ -63,7 +63,7 @@ int os_start_service()
rc = -1;
}
}
-
+
CloseServiceHandle(schService);
}
@@ -90,13 +90,13 @@ int os_stop_service()
if(schService)
{
SERVICE_STATUS lpServiceStatus;
-
- if(ControlService(schService,
+
+ if(ControlService(schService,
SERVICE_CONTROL_STOP, &lpServiceStatus))
{
rc = 1;
}
-
+
CloseServiceHandle(schService);
}
@@ -124,7 +124,7 @@ int CheckServiceRunning()
{
/* Checking status */
SERVICE_STATUS lpServiceStatus;
-
+
if(QueryServiceStatus(schService, &lpServiceStatus))
{
if(lpServiceStatus.dwCurrentState == SERVICE_RUNNING)
@@ -134,14 +134,14 @@ int CheckServiceRunning()
}
CloseServiceHandle(schService);
}
-
+
CloseServiceHandle(schSCManager);
}
return(rc);
}
-
+
/* int InstallService()
* Install the OSSEC HIDS agent service.
*/
@@ -152,17 +152,17 @@ int InstallService(char *path)
SC_HANDLE schSCManager, schService;
LPCTSTR lpszBinaryPathName = NULL;
SERVICE_DESCRIPTION sdBuf;
-
+
/* Cleaning up some variables */
buffer[MAX_PATH] = '\0';
-
-
+
+
/* Executable path -- it must be called with the
* full path
*/
lpszBinaryPathName = path;
-
+
/* Opening the services database */
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
@@ -172,7 +172,7 @@ int InstallService(char *path)
}
/* Creating the service */
- schService = CreateService(schSCManager,
+ schService = CreateService(schSCManager,
g_lpszServiceName,
g_lpszServiceDisplayName,
SERVICE_ALL_ACCESS,
@@ -181,7 +181,7 @@ int InstallService(char *path)
SERVICE_ERROR_NORMAL,
lpszBinaryPathName,
NULL, NULL, NULL, NULL, NULL);
-
+
if (schService == NULL)
{
goto install_error;
@@ -193,7 +193,7 @@ int InstallService(char *path)
{
goto install_error;
}
-
+
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
@@ -205,7 +205,7 @@ int InstallService(char *path)
{
char local_msg[1025];
LPVOID lpMsgBuf;
-
+
memset(local_msg, 0, 1025);
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
@@ -228,11 +228,11 @@ int InstallService(char *path)
/* int UninstallService()
* Uninstall the OSSEC HIDS agent service.
*/
-int UninstallService()
+int UninstallService()
{
SC_HANDLE schSCManager, schService;
-
+
/* Removing from the services database */
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager)
@@ -257,7 +257,7 @@ int UninstallService()
fprintf(stderr, " [%s] Error removing from "
"the Services database.\n", ARGV0);
-
+
return(0);
}
@@ -285,7 +285,7 @@ VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
}
return;
}
-
+
/** void WinSetError()
* Sets the error code in the services
@@ -295,11 +295,11 @@ void WinSetError()
OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
}
-
+
/** int os_WinMain(int argc, char **argv)
* Initializes OSSEC dispatcher
*/
-int os_WinMain(int argc, char **argv)
+int os_WinMain(int argc, char **argv)
{
SERVICE_TABLE_ENTRY steDispatchTable[] =
{
@@ -330,8 +330,8 @@ void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
ossecServiceStatus.dwCheckPoint = 0;
ossecServiceStatus.dwWaitHint = 0;
- ossecServiceStatusHandle =
- RegisterServiceCtrlHandler(g_lpszServiceName,
+ ossecServiceStatusHandle =
+ RegisterServiceCtrlHandler(g_lpszServiceName,
OssecServiceCtrlHandler);
if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ossec/pkg-ossec.git
More information about the Pkg-ossec-devel
mailing list