|
Packit |
762fc5 |
/* aide, Advanced Intrusion Detection Environment
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* Copyright (C) 1999-2006 Rami Lehti, Pablo Virolainen, Mike
|
|
Packit |
762fc5 |
* Markley, Richard van den Berg
|
|
Packit |
762fc5 |
* $Header$
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* This program is free software; you can redistribute it and/or
|
|
Packit |
762fc5 |
* modify it under the terms of the GNU General Public License as
|
|
Packit |
762fc5 |
* published by the Free Software Foundation; either version 2 of the
|
|
Packit |
762fc5 |
* License, or (at your option) any later version.
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* This program is distributed in the hope that it will be useful, but
|
|
Packit |
762fc5 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
762fc5 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
762fc5 |
* General Public License for more details.
|
|
Packit |
762fc5 |
*
|
|
Packit |
762fc5 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
762fc5 |
* along with this program; if not, write to the Free Software
|
|
Packit |
762fc5 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#include "aide.h"
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#include <string.h>
|
|
Packit |
762fc5 |
#include <stdio.h>
|
|
Packit |
762fc5 |
#include <stdlib.h>
|
|
Packit |
762fc5 |
#include <stdarg.h>
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef HAVE_SYSLOG
|
|
Packit |
762fc5 |
#include <syslog.h>
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#include "report.h"
|
|
Packit |
762fc5 |
#include "list.h"
|
|
Packit |
762fc5 |
#include "be.h"
|
|
Packit |
762fc5 |
/*for locale support*/
|
|
Packit |
762fc5 |
#include "locale-aide.h"
|
|
Packit |
762fc5 |
/*for locale support*/
|
|
Packit |
762fc5 |
#include "util.h"
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int cmp_url(url_t* url1,url_t* url2){
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0));
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
int error_init(url_t* url,int initial)
|
|
Packit |
762fc5 |
{
|
|
Packit |
762fc5 |
list* r=NULL;
|
|
Packit |
762fc5 |
FILE* fh=NULL;
|
|
Packit Service |
a02450 |
int sfac;
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if (url->type==url_database) {
|
|
Packit |
762fc5 |
conf->report_db++;
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if(initial==1){
|
|
Packit |
762fc5 |
if (url->type==url_syslog) {
|
|
Packit |
762fc5 |
conf->report_syslog++;
|
|
Packit |
762fc5 |
#ifdef HAVE_SYSLOG
|
|
Packit |
762fc5 |
conf->initial_report_url=url;
|
|
Packit |
762fc5 |
conf->initial_report_fd=NULL;
|
|
Packit |
762fc5 |
sfac=syslog_facility_lookup(url->value);
|
|
Packit |
762fc5 |
openlog(AIDE_IDENT,AIDE_LOGOPT, sfac);
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
#ifndef HAVE_SYSLOG
|
|
Packit |
762fc5 |
error(0,_("This binary has no syslog support\n"));
|
|
Packit |
762fc5 |
exit(INVALID_ARGUMENT_ERROR);
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
fh=be_init(0,url,0);
|
|
Packit |
762fc5 |
if(fh!=NULL){
|
|
Packit |
762fc5 |
conf->initial_report_fd=fh;
|
|
Packit |
762fc5 |
conf->initial_report_url=url;
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
error(0,_("Cannot open %s for writing\n"),url->value);
|
|
Packit |
762fc5 |
exit(INVALID_ARGUMENT_ERROR);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if(conf->verbose_level>=200){
|
|
Packit |
762fc5 |
error(5,_("WARNING: Debug output enabled\n"));
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
for(r=conf->report_url;r;r=r->next){
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if (cmp_url((url_t*)r->data,url)) {
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
error(5,_("WARNING: Already have report output %s\n"),url->value);
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if (url->type==url_syslog) {
|
|
Packit |
762fc5 |
conf->report_syslog++;
|
|
Packit |
762fc5 |
#ifdef HAVE_SYSLOG
|
|
Packit |
762fc5 |
/* If you add support for facility changing in config
|
|
Packit |
762fc5 |
consider multiple calls of openlog.
|
|
Packit |
762fc5 |
This openlog MUST NOT mess up initial errorsto openlog.
|
|
Packit |
762fc5 |
RvdB 22/1/2006: the 2 openlog calls where the same before my
|
|
Packit |
762fc5 |
change, and they are still the same, I assume I did not brake anything
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
sfac=syslog_facility_lookup(url->value);
|
|
Packit |
762fc5 |
if(conf->report_syslog<2)
|
|
Packit |
762fc5 |
openlog(AIDE_IDENT,AIDE_LOGOPT, sfac);
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
#ifndef HAVE_SYSLOG
|
|
Packit |
762fc5 |
error(0,_("This binary has no syslog support\n"));
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
fh=be_init(0,url,0);
|
|
Packit |
762fc5 |
if(fh!=NULL) {
|
|
Packit |
762fc5 |
conf->report_fd=list_append(conf->report_fd,(void*)fh);
|
|
Packit |
762fc5 |
conf->report_url=list_append(conf->report_url,(void*)url);
|
|
Packit |
762fc5 |
return RETOK;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
error(0,_("Cannot open %s for writing\n"),url->value);
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
return RETFAIL;
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
void error(int errorlevel,char* error_msg,...)
|
|
Packit |
762fc5 |
{
|
|
Packit |
762fc5 |
va_list ap;
|
|
Packit |
762fc5 |
int retval=0;
|
|
Packit |
762fc5 |
list* r=NULL;
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if(conf->verbose_level==-1){
|
|
Packit |
762fc5 |
if(5
|
|
Packit |
762fc5 |
return;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}else{
|
|
Packit |
762fc5 |
if(conf->verbose_level
|
|
Packit |
762fc5 |
return;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if(conf->use_initial_errorsto){
|
|
Packit |
762fc5 |
/* We are still using the initial errorsto */
|
|
Packit |
762fc5 |
va_start(ap, error_msg);
|
|
Packit |
762fc5 |
if(conf->initial_report_url==NULL){
|
|
Packit |
762fc5 |
/* Error called before error_init(url,1)
|
|
Packit |
762fc5 |
This most likely means that parsing compiled in initial
|
|
Packit |
762fc5 |
report url failed.
|
|
Packit |
762fc5 |
*/
|
|
Packit |
762fc5 |
vfprintf(stderr,error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
fprintf(stderr,
|
|
Packit |
762fc5 |
"Initial report url broken. Reconfigure and recompile.\n");
|
|
Packit |
762fc5 |
exit(INVALID_ARGUMENT_ERROR);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#ifdef HAVE_SYSLOG
|
|
Packit |
762fc5 |
if(conf->initial_report_url->type==url_syslog){
|
|
Packit Service |
a02450 |
#ifdef HAVE_VSYSLOG
|
|
Packit Service |
a02450 |
vsyslog(SYSLOG_PRIORITY,error_msg,ap);
|
|
Packit Service |
a02450 |
#else
|
|
Packit Service |
a02450 |
char buf[1024];
|
|
Packit Service |
a02450 |
vsnprintf(buf,1024,error_msg,ap);
|
|
Packit Service |
a02450 |
syslog(SYSLOG_PRIORITY,"%s",buf);
|
|
Packit Service |
a02450 |
#endif
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
return;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
vfprintf(conf->initial_report_fd,error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
return;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef HAVE_SYSLOG
|
|
Packit |
762fc5 |
if (conf->report_syslog!=0) {
|
|
Packit Service |
a02450 |
#ifdef HAVE_VSYSLOG
|
|
Packit Service |
a02450 |
va_start(ap,error_msg);
|
|
Packit Service |
a02450 |
vsyslog(SYSLOG_PRIORITY,error_msg,ap);
|
|
Packit Service |
a02450 |
va_end(ap);
|
|
Packit Service |
a02450 |
#else
|
|
Packit Service |
a02450 |
char buf[1024];
|
|
Packit Service |
a02450 |
va_start(ap,error_msg);
|
|
Packit Service |
a02450 |
vsnprintf(buf,1024,error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit Service |
a02450 |
syslog(SYSLOG_PRIORITY,"%s",buf);
|
|
Packit Service |
a02450 |
#endif
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
#ifdef WITH_DBERROR
|
|
Packit |
762fc5 |
if (conf->report_db!=0 && ( conf->db_out!=NULL
|
|
Packit |
762fc5 |
#ifdef WITH_ZLIB
|
|
Packit |
762fc5 |
|| conf->db_gzout
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
)) {
|
|
Packit |
762fc5 |
db_line line;
|
|
Packit |
762fc5 |
int len;
|
|
Packit |
762fc5 |
memset(&line,0,sizeof(db_line));
|
|
Packit |
762fc5 |
line.filename=(char*)malloc(3);
|
|
Packit |
762fc5 |
if (line.filename!=NULL) {
|
|
Packit |
762fc5 |
va_start(ap,error_msg);
|
|
Packit |
762fc5 |
len=vsnprintf(line.filename,2,error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
free(line.filename);
|
|
Packit |
762fc5 |
line.filename=malloc(len+2);
|
|
Packit |
762fc5 |
line.filename[0]='#';
|
|
Packit |
762fc5 |
if (line.filename!=NULL) {
|
|
Packit |
762fc5 |
line.attr=DB_FILENAME;
|
|
Packit |
762fc5 |
va_start(ap,error_msg);
|
|
Packit |
762fc5 |
len=vsnprintf(line.filename+1,len+1,error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
db_writeline(&line,conf);
|
|
Packit |
762fc5 |
free(line.filename);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
#endif
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
for(r=conf->report_fd;r;r=r->next){
|
|
Packit |
762fc5 |
va_start(ap, error_msg);
|
|
Packit |
762fc5 |
retval=vfprintf((FILE*)r->data, error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
if(retval==0){
|
|
Packit |
762fc5 |
va_start(ap, error_msg);
|
|
Packit |
762fc5 |
retval=vfprintf((FILE*)r->data, error_msg,ap);
|
|
Packit |
762fc5 |
va_end(ap);
|
|
Packit |
762fc5 |
if(retval==0){
|
|
Packit |
762fc5 |
exit(ERROR_WRITING_ERROR);
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
return;
|
|
Packit |
762fc5 |
}
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
const char* aide_key_0=CONFHMACKEY_00;
|
|
Packit |
762fc5 |
const char* db_key_0=DBHMACKEY_00;
|