/* aide, Advanced Intrusion Detection Environment * * Copyright (C) 1999-2002,2004-2006,2010-2013,2015,2016 Rami Lehti, Pablo * Virolainen, Richard van den Berg, Hannes von Haugwitz * $Header$ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef _DB_CONFIG_H_INCLUDED #define _DB_CONFIG_H_INCLUDED #include "aide.h" #include "types.h" #include #include #include #define E2O(n) (1< typedef struct acl_type{ int entries; aclent_t* acl; } acl_type; #endif #ifdef WITH_POSIX_ACL /* POSIX acl works for Sun ACL, AIUI but anyway... */ #include #ifndef WITH_ACL # error "No ACL support ... but POSIX ACL support." #endif #endif typedef struct acl_type { char *acl_a; /* ACCESS */ char *acl_d; /* DEFAULT, directories only */ } acl_type; #ifdef WITH_XATTR /* Do generic user Xattrs. */ #include #include #endif typedef struct xattr_node { char *key; byte *val; size_t vsz; } xattr_node; typedef struct xattrs_type { size_t num; size_t sz; struct xattr_node *ents; } xattrs_type; #ifdef WITH_SELINUX #include #ifndef ENOATTR # define ENOATTR ENODATA #endif #endif #ifdef WITH_E2FSATTRS #include #endif #ifdef WITH_MHASH #include #endif #ifdef WITH_ZLIB #include #endif #define RETOK 0 #define RETFAIL -1 #define DO_INIT (1<<0) #define DO_COMPARE (1<<1) #define DO_DIFF (1<<2) #include "url.h" /* typedef enum { url_file, url_stdout, url_stdin, url_stderr, url_fd, url_http, url_sql, url_syslog, url_database, url_multiplexer , url_unknown } URL_TYPE; */ /* typedef struct url_t {*/ /* Everything before the first ':' */ /* URL_TYPE type; char* value; } url_t; */ typedef enum { db_filename=0, /* "name", */ db_linkname, /* "lname", */ db_perm, /* "perm", */ db_uid, /* "uid", */ db_gid, /* "gid", */ db_size, /* "size", */ db_atime, /* "atime", */ db_ctime, /* "ctime", */ db_mtime, /* "mtime", */ db_inode, /* "inode", */ db_bcount, /* "bcount", */ db_lnkcount, /* "lcount", */ db_md5, /* "md5", */ db_sha1, /* "sha1", */ db_rmd160, /* "rmd160", */ db_tiger, /* "tiger", */ db_crc32, /* "crc32", */ db_haval, /* "haval", */ db_gost, /* "gost", */ db_crc32b, /* "crc32b", */ db_attr, /* attributes */ db_acl, /* access control list */ db_bsize, /* "bsize" */ db_rdev, /* "rdev" */ db_dev, /* "dev" */ db_checkmask, /* "checkmask"*/ db_allownewfile, /* "allownewfile */ db_allowrmfile, /* "allowrmfile" */ db_sha256, /* "sha256", */ db_sha512, /* "sha512", */ db_whirlpool, /* "whirlpool", */ db_selinux, /* "selinux", */ db_xattrs, /* "xattrs", */ db_e2fsattrs, /* "e2fsattrs" */ db_unknown } DB_FIELD; /* "unknown" */ /* db_unknown must be last because it is used to determine size of DB_FILED */ /* FIXME: THIS IS A HACK, sometimes we use AIDE_OFF_TYPE instead * because that's what internal functions take. This bitmap needs to die. */ #define DB_ATTR_TYPE unsigned long long #define DB_ATTR_UNDEF ((DB_ATTR_TYPE) -1) /* WE need this for rx_rules since enums are not orrable (horrible) */ #define DB_FILENAME (1LLU<<0) /* "name", */ #define DB_LINKNAME (1LLU<<1) /* "lname", */ #define DB_PERM (1LLU<<2) /* "perm", */ #define DB_UID (1LLU<<3) /* "uid", */ #define DB_GID (1LLU<<4) /* "gid", */ #define DB_SIZE (1LLU<<5) /* "size", */ #define DB_ATIME (1LLU<<6) /* "atime", */ #define DB_CTIME (1LLU<<7) /* "ctime", */ #define DB_MTIME (1LLU<<8) /* "mtime", */ #define DB_INODE (1LLU<<9) /* "inode", */ #define DB_BCOUNT (1LLU<<10) /* "bcount", */ #define DB_LNKCOUNT (1LLU<<11) /* "lcount", */ #define DB_MD5 (1LLU<<12) /* "md5", */ #define DB_SHA1 (1LLU<<13) /* "sha1", */ #define DB_RMD160 (1LLU<<14) /* "rmd160", */ #define DB_TIGER (1LLU<<15) /* "tiger", */ /* We want to matk these newertheless we have a hash-functon or not. */ #define DB_CRC32 (1LLU<<16) /* "crc32", */ #define DB_HAVAL (1LLU<<17) /* "haval", */ #define DB_GOST (1LLU<<18) /* "gost", */ #define DB_CRC32B (1LLU<<19) /* "crc32b", */ // #define DB_ATTR (1LLU<<20) /* "attr" */ #define DB_ACL (1LLU<<21) /* "acl" */ #define DB_BSIZE (1LLU<<22) /* "bsize" */ #define DB_RDEV (1LLU<<23) /* "rdev" */ #define DB_DEV (1LLU<<24) /* "dev" */ #define DB_CHECKMASK (1LLU<<25) /* "checkmask"*/ #define DB_SIZEG (1LLU<<26) /* "unknown" */ #define DB_CHECKINODE (1LLU<<27) /* "checkinode"*/ #define DB_NEWFILE (1LLU<<28) /* "allow new file" */ #define DB_RMFILE (1LLU<<29) /* "allot rm file" */ #define DB_SHA256 (1LLU<<30) /* "sha256", */ #define DB_SHA512 (1LLU<<31) /* "sha512", */ #define DB_SELINUX (1LLU<<32) /* "selinux", */ #define DB_XATTRS (1LLU<<33) /* "xattrs", */ #define DB_WHIRLPOOL (1LLU<<34) /* "whirlpool", */ #define DB_FTYPE (1LLU<<35) /* "file type", */ #define DB_E2FSATTRS (1LLU<<36) /* "ext2 file system attributes" */ #define DB_HASHES (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \ DB_GOST|DB_CRC32B|DB_SHA256|DB_SHA512|DB_WHIRLPOOL) extern const char* db_names[db_unknown+1]; extern const int db_value[db_unknown+1]; /* db_namealias && db_aliasvalue are here to support earlier database * names that are no longer used. */ #define db_alias_size 1 extern const char* db_namealias[db_alias_size]; extern const int db_aliasvalue[db_alias_size]; /* TIMEBUFSIZE should be exactly ceil(sizeof(time_t)*8*ln(2)/ln(10)) * Now it is ceil(sizeof(time_t)*2.5) * And of course we add one for end of string char */ #define TIMEBUFSIZE (((sizeof(time_t)*5+1)>>1)+1) /* New db_config Not used yet, maybe someday. */ /* typedef struct _db_config { */ /* url_t* url; */ /* config* conf; */ /* int inout; */ /* int (*init)(url*,int,config*); */ /* char** (*readline)(_db_config*); */ /* int (*writeline)(_db_config*,db_line* line); */ /* int (*close)(_db_config*); */ /* int db_size; */ /* DB_FIELD* db_order; */ /* void* local; */ /* }_db_config ; */ #include "seltree.h" typedef struct db_line { byte* md5; byte* sha1; byte* rmd160; byte* tiger; byte* sha256; byte* sha512; byte* crc32; /* MHASH only */ byte* haval; byte* gost; byte* crc32b; byte* whirlpool; acl_type* acl; /* Something here.. */ mode_t perm; mode_t perm_o; /* Permission for tree traverse */ uid_t uid; gid_t gid; time_t atime; time_t ctime; time_t mtime; AIDE_INO_TYPE inode; nlink_t nlink; AIDE_OFF_TYPE size; AIDE_OFF_TYPE size_o; /* ... */ AIDE_BLKCNT_TYPE bcount; char* filename; char* fullpath; char* linkname; char *cntx; xattrs_type* xattrs; unsigned long e2fsattrs; /* Attributes .... */ DB_ATTR_TYPE attr; } db_line; typedef struct db_config { url_t* db_in_url; FILE* db_in; url_t* db_new_url; FILE* db_new; url_t* db_out_url; FILE* db_out; int config_check; int syslog_format; struct md_container *mdc_in; struct md_container *mdc_out; struct db_line *line_db_in; struct db_line *line_db_out; DB_ATTR_TYPE db_attrs; #ifdef WITH_ZLIB gzFile db_gzin; gzFile db_gznew; gzFile db_gzout; /* Is dbout gzipped or not */ int gzip_dbout; #endif int db_in_size; DB_FIELD* db_in_order; int db_new_size; DB_FIELD* db_new_order; int db_out_size; DB_FIELD* db_out_order; char* config_file; char* config_version; int do_dbnewmd; int do_dboldmd; #ifdef WITH_MHASH int do_configmd; MHASH confmd; hashid confhmactype; char* old_confmdstr; hashid dbhmactype; MHASH dbnewmd; MHASH dboldmd; #endif char* old_dbnewmdstr; char* old_dboldmdstr; /* The following three a lists of rx_rule*s */ list* selrxlst; list* equrxlst; list* negrxlst; int verbose_level; int database_add_metadata; int report_detailed_init; int report_base16; int report_quiet; int use_initial_errorsto; #ifdef WITH_E2FSATTRS unsigned long report_ignore_e2fsattrs; #endif url_t* initial_report_url; void* initial_report_fd; /* report_url is a list of url_t*s */ list* report_url; /* report_fd is a list of FILE*s */ list* report_fd; /* Report syslog */ int report_syslog; int report_db; /* defsyms is a list of symba*s */ list* defsyms; /* so is groupsyms */ list* groupsyms; /* What are we supposed to do */ int action; /* Should we catch errors from mmapping */ int catch_mmap; time_t start_time; time_t end_time; int symlinks_found; DB_ATTR_TYPE attr; #ifdef WITH_ACL int no_acl_on_symlinks; #endif int warn_dead_symlinks; int grouped; int summarize_changes; char* root_prefix; int root_prefix_length; char* limit; pcre* limit_crx; struct seltree* tree; } db_config; #ifdef WITH_PSQL #include "libpq-fe.h" typedef struct psql_data{ PGconn* conn; char* table; PGresult *res; int des[db_unknown]; int curread; int maxread; } psql_data; #endif #endif