source: trunk/include/samhain.h@ 18

Last change on this file since 18 was 18, checked in by rainer, 19 years ago

Optimized version of tiger algorithm, and basic ingredients for unit testing (part 2)

File size: 9.9 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#ifndef SAMHAIN_H
21#define SAMHAIN_H
22
23#include <sys/types.h>
24#include "slib.h"
25
26#ifdef SH_ENCRYPT
27#include "rijndael-api-fst.h"
28#endif
29
30/**************************************************
31 *
32 * STANDARD DEFINES
33 *
34 **************************************************/
35
36#define REPLACE_OLD
37
38/* Standard buffer sizes.
39 */
40#define SH_MINIBUF 64
41#define SH_BUFSIZE 1024
42#define SH_MAXBUF 4096
43#define SH_PATHBUF 256
44
45/* Sizes for arrays (user, group, timestamp).
46 */
47#define USER_MAX 20
48#define GROUP_MAX 20
49#define TIM_MAX 32
50
51/* The number of bytes in a key,
52 * the number of chars in its hex repesentation,
53 * and the block size of the hash algorithm.
54 */
55#define KEY_BYT 24
56#define KEY_LEN 48
57#define KEY_BLOCK 24
58
59/* The length of the compiled-in password.
60 */
61#define PW_LEN 8
62
63#undef GOOD
64#define GOOD 1
65#undef BAD
66#define BAD 0
67#undef ON
68#define ON 1
69#undef OFF
70#define OFF 0
71#undef S_TRUE
72#define S_TRUE 1
73#undef S_FALSE
74#define S_FALSE 0
75
76/* An unsigned integer guaranteed to be 32 bit.
77 */
78#if defined(HAVE_INT_32)
79#define UINT32 unsigned int
80#define SINT32 int
81#elif defined(HAVE_LONG_32)
82#define UINT32 unsigned long
83#define SINT32 long
84#elif defined(HAVE_SHORT_32)
85#define UINT32 unsigned short
86#define SINT32 short
87#endif
88
89#ifdef HAVE_INTTYPES_H
90#include <inttypes.h>
91#else
92#ifdef HAVE_STDINT_H
93#include <stdint.h>
94#endif
95#endif
96
97#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
98
99#ifdef HAVE_LONG_LONG_64
100#define UINT64 unsigned long long
101#else
102#ifdef HAVE_LONG_64
103#define UINT64 unsigned long
104#else
105#define UINT64_IS_32
106#define UINT64 unsigned long
107#endif
108#endif
109
110#else
111#define UINT64 uint64_t
112#endif
113
114
115
116#define UBYTE unsigned char
117
118
119enum {
120 SH_CHECK_NONE = 0,
121 SH_CHECK_INIT = 1,
122 SH_CHECK_CHECK = 2
123};
124
125/**************************************************
126 *
127 * TYPEDEFS
128 *
129 **************************************************/
130
131enum {
132 SH_LEVEL_READONLY = 1,
133 SH_LEVEL_LOGFILES = 2,
134 SH_LEVEL_LOGGROW = 3,
135 SH_LEVEL_NOIGNORE = 4,
136 SH_LEVEL_ALLIGNORE = 5,
137 SH_LEVEL_ATTRIBUTES = 6,
138 SH_LEVEL_USER0 = 7,
139 SH_LEVEL_USER1 = 8,
140 SH_LEVEL_PRELINK = 9
141};
142
143typedef struct {
144 time_t alarm_interval;
145 time_t alarm_last;
146} sh_timer_t;
147
148typedef struct {
149 char path[SH_PATHBUF];
150 char hash[KEY_LEN+1];
151} sh_sh_df;
152
153typedef struct {
154 char user[USER_MAX];
155 char group[GROUP_MAX];
156 char home[SH_PATHBUF];
157 uid_t uid;
158 gid_t gid;
159} sh_sh_user;
160
161typedef struct {
162 char name[SH_PATHBUF]; /* local hostname */
163 char system[SH_MINIBUF]; /* system */
164 char release[SH_MINIBUF]; /* release */
165 char machine[SH_MINIBUF]; /* machine */
166} sh_sh_local;
167
168typedef struct {
169 char name[SH_PATHBUF];
170 char alt[SH_PATHBUF];
171} sh_sh_remote;
172
173typedef struct {
174 unsigned long bytes_hashed; /* bytes last check */
175 unsigned long bytes_speed; /* bytes/sec last check */
176 unsigned long mail_success; /* mails sent */
177 unsigned long mail_failed; /* mails not sent */
178 time_t time_start; /* start last check */
179 time_t time_check; /* time last check */
180 unsigned long dirs_checked; /* #dirs last check */
181 unsigned long files_checked; /* #files last check */
182} sh_sh_stat;
183
184typedef struct {
185 int exit; /* exit value */
186 int checkSum; /* whether to init/check checksums */
187 int update; /* update db */
188 int opts; /* reading cl options */
189 int isdaemon; /* daemon or not */
190 int loop; /* go in loop even if not daemon */
191 int nice; /* desired nicety */
192 int isserver; /* server or not */
193 int islocked; /* BAD if logfile not locked */
194 int smsg; /* GOOD if end message sent */
195 int log_start; /* TRUE if new audit trail */
196 int reportonce; /* TRUE if bad files only once rep.*/
197 int fulldetail; /* TRUE if full details requested */
198 int client_severity; /* TRUE if client severity used */
199 int client_class; /* TRUE if client class used */
200 int audit;
201 unsigned long aud_mask;
202 int hidefile; /* TRUE if file not reveled in log */
203} sh_sh_flag;
204
205typedef struct {
206
207 char prg_name[8];
208
209 sh_sh_df exec;
210 sh_sh_df conf;
211 sh_sh_df data;
212
213 sh_sh_user real;
214 sh_sh_user effective;
215 sh_sh_user run;
216
217 sh_sh_local host;
218
219 sh_sh_remote srvtime;
220 sh_sh_remote srvmail;
221 sh_sh_remote srvexport;
222 sh_sh_remote srvcons;
223 sh_sh_remote srvlog;
224
225 sh_sh_stat statistics;
226 sh_sh_flag flag;
227
228#ifdef SH_STEALTH
229 unsigned long off_data;
230#endif
231
232 sh_timer_t mailNum;
233 sh_timer_t mailTime;
234 sh_timer_t fileCheck;
235
236 int looptime; /* timing for main loop */
237 /*@null@*//*@out@*/ char * timezone;
238} sh_struct;
239
240
241extern volatile int sig_raised;
242extern volatile int sig_urgent;
243extern volatile int sig_debug_switch; /* SIGUSR1 */
244extern volatile int sig_suspend_switch; /* SIGUSR2 */
245extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
246extern volatile int sig_fresh_trail; /* SIGIOT */
247extern volatile int sig_config_read_again; /* SIGHUP */
248extern volatile int sig_terminate; /* SIGQUIT */
249extern volatile int sig_termfast; /* SIGTERM */
250extern volatile int sig_force_check; /* SIGTTOU */
251
252extern long int eintr__result;
253
254#include "sh_calls.h"
255
256
257typedef struct {
258 char sh_sockpass[32];
259 char sigkey_old[KEY_LEN+1];
260 char sigkey_new[KEY_LEN+1];
261 char mailkey_old[KEY_LEN+1];
262 char mailkey_new[KEY_LEN+1];
263 char crypt[KEY_LEN+1];
264 char session[KEY_LEN+1];
265 char vernam[KEY_LEN+1];
266 int mlock_failed;
267
268 char pw[PW_LEN];
269
270 char poolv[KEY_BYT];
271 int poolc;
272
273 int rngI;
274 UINT32 rng0[3];
275 UINT32 rng1[3];
276 UINT32 rng2[3];
277
278 UINT32 ErrFlag[2];
279
280#ifdef SH_ENCRYPT
281 /*@out@*/ keyInstance keyInstE;
282 /*@out@*/ keyInstance keyInstD;
283#endif
284} sh_key_t;
285
286extern sh_struct sh;
287/*@null@*/ extern sh_key_t *skey;
288
289
290#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
291#define MLOCK(a, b) \
292 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
293 (void) sl_set_suid(); \
294 if (sh_unix_mlock( a, b) < 0) skey->mlock_failed = SL_TRUE; \
295 (void) sl_unset_suid(); }
296#else
297#define MLOCK(a, b) \
298 ;
299#endif
300
301#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
302#define MUNLOCK(a, b) \
303 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
304 (void) sl_set_suid(); \
305 (void) sh_unix_munlock( a, b );\
306 (void) sl_unset_suid(); }
307#else
308#define MUNLOCK(a, b) \
309 ;
310#endif
311
312#ifdef SH_STEALTH
313void sh_do_encode (char * str, int len);
314#define sh_do_decode sh_do_encode
315#endif
316
317/* #if defined(SCREW_IT_UP)
318 * extern volatile int sh_not_traced;
319 * inline int sh_sigtrap_prepare();
320 * inline int sh_derr();
321 * #endif
322 */
323
324#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__)
325#define BREAKEXIT(expr) \
326 do { \
327 int ixi; \
328 for (ixi = 0; ixi < 8; ++ixi) { \
329 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
330 _exit(EXIT_FAILURE); \
331 } \
332 } \
333 while (1 == 0)
334#else
335#define BREAKEXIT(expr)
336#endif
337
338
339
340#include "sh_cat.h"
341#include "sh_trace.h"
342#include "sh_mem.h"
343
344#endif
345
346/* CRIT: */
347/* NEW_CLIENT <client> */
348/* BAD_CLIENT <client> -- <details> */
349/* ERR_CLIENT <client> -- <details> */
350
351/* ALERT: */
352/* LOG_KEY samhain|yule <key> */
353/* STARTUP samhain|yule -- user <username> */
354/* EXIT samhain|yule */
355/* GOODSIG <file> <user> */
356/* FP_KEY <fingerprint> */
357/* GOODSIG_DAT <file> <user> */
358/* FP_KEY_DAT <fingerprint> */
359/* TIGER_CFG <file> <checksum> */
360/* TIGER_DAT <file> <checksum> */
361
362/* PANIC -- <details> */
363/* ERROR -- <details> */
364
365/* Policy */
366/* POLICY <code> <file> */
367/* <code> = MISSING || ADDED || NOT_A_DIRECTORY || <policy> */
368
369
370
Note: See TracBrowser for help on using the repository browser.