Context Navigation

source: branches/samhain-2_2-branch/include/sh_unix.h@ 588

Last change on this file since 588 was 40, checked in by rainer, 19 years ago
Fix for tickets #13, #14, #15, #16, #17
File size: 9.0 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20
21
22	#ifndef SH_UNIX_H
23	#define SH_UNIX_H
24
25	#include <limits.h>
26	#include <unistd.h>
27	#include "samhain.h"
28	#include "sh_error.h"
29
30
31	typedef enum {
32	SH_ISLOG,
33	SH_ISFILE,
34	SH_ISDIR,
35	SH_ISDATA
36	} ShOpenType;
37
38	typedef enum {
39	SH_DATA_RAW,
40	SH_DATA_LINE
41	} ShDataType;
42
43	typedef enum {
44	SH_FILE_REGULAR,
45	SH_FILE_SYMLINK,
46	SH_FILE_DIRECTORY,
47	SH_FILE_CDEV,
48	SH_FILE_BDEV,
49	SH_FILE_FIFO,
50	SH_FILE_SOCKET,
51	SH_FILE_DOOR,
52	SH_FILE_PORT,
53	SH_FILE_UNKNOWN
54	} ShFileType;
55
56	/* -- Attributes to check. --
57	*/
58
59	/* checksum */
60	#define MODI_CHK (1 << 0)
61	/* link */
62	#define MODI_LNK (1 << 1)
63	/* inode */
64	#define MODI_INO (1 << 2)
65	/* user */
66	#define MODI_USR (1 << 3)
67	/* group */
68	#define MODI_GRP (1 << 4)
69	/* mtime */
70	#define MODI_MTM (1 << 5)
71	/* ctime */
72	#define MODI_CTM (1 << 6)
73	/* atime */
74	#define MODI_ATM (1 << 7)
75	/* size */
76	#define MODI_SIZ (1 << 8)
77	/* file mode */
78	#define MODI_MOD (1 << 9)
79	/* hardlinks */
80	#define MODI_HLN (1 << 10)
81	/* device type */
82	#define MODI_RDEV (1 << 11)
83	/* size may grow */
84	#define MODI_SGROW (1 << 12)
85	/* use prelink */
86	#define MODI_PREL (1 << 13)
87
88	#define MASK_ALLIGNORE_ 0
89	extern unsigned long mask_ALLIGNORE;
90	#define MASK_ATTRIBUTES_ (MODI_MOD\|MODI_USR\|MODI_GRP\|MODI_RDEV)
91	extern unsigned long mask_ATTRIBUTES;
92	#define MASK_LOGFILES_ (MASK_ATTRIBUTES_\|MODI_HLN\|MODI_LNK\|MODI_INO)
93	extern unsigned long mask_LOGFILES;
94	#define MASK_LOGGROW_ (MASK_LOGFILES_\|MODI_SIZ\|MODI_SGROW\|MODI_CHK)
95	extern unsigned long mask_LOGGROW;
96	#define MASK_READONLY_ (MASK_LOGFILES_\|MODI_CHK\|MODI_SIZ\|MODI_MTM\|MODI_CTM)
97	extern unsigned long mask_READONLY;
98	#define MASK_NOIGNORE_ (MASK_LOGFILES_\|MODI_CHK\|MODI_SIZ\|MODI_ATM\|MODI_MTM)
99	extern unsigned long mask_NOIGNORE;
100	#define MASK_USER_ (MASK_READONLY_\|MODI_ATM)
101	extern unsigned long mask_USER0;
102	extern unsigned long mask_USER1;
103	extern unsigned long mask_USER2;
104	extern unsigned long mask_USER3;
105	extern unsigned long mask_USER4;
106	/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL)
107	*/
108	#define MASK_PRELINK_ (MASK_ATTRIBUTES_\|MODI_HLN\|MODI_LNK\|MODI_CHK\|MODI_PREL)
109	extern unsigned long mask_PRELINK;
110
111	typedef struct file_struct {
112	unsigned long check_mask;
113	int reported;
114	char fullpath[PATH_MAX];
115	ShFileType type;
116	dev_t dev;
117	ino_t ino;
118	mode_t mode;
119	nlink_t hardlinks;
120	#if defined(__linux__) \|\| defined(HAVE_STAT_FLAGS)
121	unsigned long attributes;
122	char c_attributes[16];
123	#endif
124	char c_mode[11];
125	uid_t owner;
126	char c_owner[USER_MAX+2];
127	gid_t group;
128	char c_group[GROUP_MAX+2];
129	dev_t rdev;
130	off_t size;
131	unsigned long blksize;
132	unsigned long blocks;
133	time_t atime;
134	time_t mtime;
135	time_t ctime;
136
137	char linkpath[PATH_MAX];
138	mode_t linkmode;
139	char link_c_mode[11];
140	int linkisok;
141	} file_type;
142
143	/* mlock utilities
144	*/
145	int sh_unix_mlock(char * file, int line, void * addr, size_t len);
146	int sh_unix_munlock(void * addr, size_t len);
147	int sh_unix_count_mlock();
148	/* public for unit tests */
149	int sh_unix_pagesize();
150	unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages);
151
152	/* chroot directory
153	*/
154	int sh_unix_set_chroot(const char * str);
155
156	/* whether to use localtime for file timesatams in logs
157	*/
158	int sh_unix_uselocaltime (const char * c);
159
160	/* set I/O limit
161	*/
162	int sh_unix_set_io_limit (const char * c);
163	void sh_unix_io_pause ();
164
165	/* get file type
166	*/
167	int sh_unix_get_ftype(char * fullpath);
168
169	/* reset masks for policies
170	*/
171	int sh_unix_maskreset();
172
173	/* return true if database is remote
174	*/
175	int file_is_remote ();
176
177	/* return the path to the configuration/database file
178	*/
179	char * file_path(char what, char flag);
180
181	/* return current time as unsigned long
182	*/
183	unsigned long sh_unix_longtime (void);
184
185	/* close all files >= fd, except possibly one
186	*/
187	void sh_unix_closeall (int fd, int except);
188
189
190	/* write lock for filename
191	*/
192	int sh_unix_write_lock_file(char * filename);
193
194	/* rm lock(s) for log file(s)
195	*/
196	int sh_unix_rm_lock_file(char * filename);
197
198	/* write the PID file
199	*/
200	int sh_unix_write_pid_file();
201
202	/* rm the PID file
203	*/
204	int sh_unix_rm_pid_file();
205
206
207	/* checksum of own binary
208	*/
209	int sh_unix_self_hash (const char * c);
210
211	/* return BAD on failure
212	*/
213	int sh_unix_self_check (void);
214
215	/* add a trusted user to the list
216	*/
217	int tf_add_trusted_user(const char *);
218
219	/* check a file
220	*/
221	int tf_trust_check (char * file, int mode);
222
223	/* initialize group vector
224	*/
225	#ifdef HOST_IS_OSF
226	int sh_unix_initgroups ( char * in_user, gid_t in_gid);
227	#else
228	int sh_unix_initgroups (const char * in_user, gid_t in_gid);
229	#endif
230	int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid);
231
232	/* set the timeserver address
233	*/
234	int sh_unix_settimeserver (const char * address);
235	void reset_count_dev_time(void);
236
237	/* lock the key
238	*/
239	void sh_unix_memlock(void);
240
241	/* deamon mode
242	*/
243	int sh_unix_setdeamon (const char * dummy);
244	int sh_unix_setnodeamon(const char * dummy);
245
246	/* Test whether file exists
247	*/
248	int sh_unix_file_stat(char * path);
249
250	/* test whether file exists with proper attributes
251	*/
252	int sh_unix_file_exists(int fd);
253
254	/* local host
255	*/
256	void sh_unix_localhost(void);
257
258	/* check whether /proc exists and is a proc filesystem
259	*/
260	int sh_unix_test_proc(void);
261
262	/* check whether a directory is secure
263	* (no symlink in path, not world-writeable)
264	*/
265	/* int sh_unix_is_secure_dir (ShErrLevel level, char * tmp); */
266
267	/* obtain file info
268	*/
269	int sh_unix_getinfo (int level, char * filename, file_type * theFile,
270	char * fileHash, int flagrel);
271
272	/* read file, return length read
273	*/
274	int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline);
275
276	/* call with goDaemon == 1 to make daemon process
277	*/
278	int sh_unix_init(int goDaemon);
279
280	/* for local time use thetime = 0
281	*/
282	/@owned@/ char * sh_unix_time (time_t thetime);
283
284	/* convert to GMT time
285	*/
286	char * sh_unix_gmttime (time_t thetime);
287
288	/* effective user info
289	*/
290	int sh_unix_getUser (void);
291
292	/* get home directory
293	*/
294	char * sh_unix_getUIDdir (int level, uid_t uid);
295
296
297	#ifdef HAVE_GETTIMEOFDAY
298	unsigned long sh_unix_notime (void);
299	#endif
300
301	/* check whether a directory
302	*/
303	int sh_unix_isdir (char * dirName, int level);
304
305	#ifdef SH_STEALTH
306	int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len);
307	void sh_unix_xor_code (char * str, int len);
308	#endif
309
310	#if defined(SCREW_IT_UP)
311	/* for raise()
312	*/
313	#include <signal.h>
314	#include <errno.h>
315
316	void sh_sigtrap_handler (int signum);
317	extern volatile int sh_not_traced;
318
319	#ifdef HAVE_GETTIMEOFDAY
320	#if TIME_WITH_SYS_TIME
321	#include <sys/time.h>
322	#include <time.h>
323	#else
324	#if HAVE_SYS_TIME_H
325	#include <sys/time.h>
326	#else
327	#include <time.h>
328	#endif
329	#endif
330	extern struct timeval save_tv;
331	#endif
332
333	static inline
334	int sh_sigtrap_prepare()
335	{
336	struct sigaction act_trap;
337	int val_retry;
338	act_trap.sa_handler = &sh_sigtrap_handler; /* signal action */
339	act_trap.sa_flags = 0; /* init sa_flags */
340	sigemptyset ( &act_trap.sa_mask ); /* set an empty mask */
341	do {
342	val_retry = sigaction(SIGTRAP, &act_trap, NULL);
343	} while (val_retry < 0 && errno == EINTR);
344	return 0;
345	}
346
347	/@unused@/ static inline
348	int sh_derr(void)
349	{
350	sh_not_traced = 0;
351
352	#ifdef HAVE_GETTIMEOFDAY
353	gettimeofday(&save_tv, NULL);
354	#endif
355
356	#if defined(__linux__) && defined(__GNUC__) && defined(__i386__)
357	__asm__ __volatile__ ("int $0x03");
358	#else
359	raise(SIGTRAP);
360	#endif
361
362	if (sh_not_traced == 0)
363	_exit(5);
364	sh_not_traced = 0;
365	return (0);
366	}
367
368	#else
369
370	/@unused@/ static inline
371	int sh_derr(void)
372	{
373	return 0;
374	}
375	/* #if defined(SCREW_IT_UP) */
376	#endif
377
378	#endif
379
380

Note: See TracBrowser for help on using the repository browser.

Download in other formats: