Context Navigation

source: trunk/include/samhain.h@ 105

Last change on this file since 105 was 105, checked in by rainer, 18 years ago
Fixes for tickets #64, #65, #66 (null checksum encoding, acl double print, UseACLCheck/UseSELinuxCheck bug).
File size: 11.3 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#ifndef SAMHAIN_H
21	#define SAMHAIN_H
22
23	#include <sys/types.h>
24	#include "slib.h"
25
26	#ifdef SH_ENCRYPT
27	#include "rijndael-api-fst.h"
28	#endif
29
30	/**************************************************
31	*
32	* STANDARD DEFINES
33	*
34	**************************************************/
35
36	#define REPLACE_OLD
37
38	/* Standard buffer sizes.
39	*/
40	#define SH_MINIBUF 64
41	#define SH_BUFSIZE 1024
42	#define SH_MAXBUF 4096
43	#define SH_PATHBUF 256
44
45	/* Sizes for arrays (user, group, timestamp).
46	*/
47	#define SOCKPASS_MAX 14
48	#define USER_MAX 20
49	#define GROUP_MAX 20
50	#define TIM_MAX 32
51
52
53	/* The number of bytes in a key,
54	* the number of chars in its hex repesentation,
55	* and the block size of the hash algorithm.
56	*/
57	#define KEY_BYT 24
58	#define KEY_LEN 48
59	#define KEY_BLOCK 24
60
61	/* The length of the compiled-in password.
62	*/
63	#define PW_LEN 8
64
65	#undef GOOD
66	#define GOOD 1
67	#undef BAD
68	#define BAD 0
69	#undef ON
70	#define ON 1
71	#undef OFF
72	#define OFF 0
73	#undef S_TRUE
74	#define S_TRUE 1
75	#undef S_FALSE
76	#define S_FALSE 0
77
78	/* An unsigned integer guaranteed to be 32 bit.
79	*/
80	#if defined(HAVE_INT_32)
81	#define UINT32 unsigned int
82	#define SINT32 int
83	#elif defined(HAVE_LONG_32)
84	#define UINT32 unsigned long
85	#define SINT32 long
86	#elif defined(HAVE_SHORT_32)
87	#define UINT32 unsigned short
88	#define SINT32 short
89	#endif
90
91	#ifdef HAVE_INTTYPES_H
92	#include <inttypes.h>
93	#else
94	#ifdef HAVE_STDINT_H
95	#include <stdint.h>
96	#endif
97	#endif
98
99	#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
100
101	#ifdef HAVE_LONG_LONG_64
102	#define UINT64 unsigned long long
103	#else
104	#ifdef HAVE_LONG_64
105	#define UINT64 unsigned long
106	#else
107	#define UINT64_IS_32
108	#define UINT64 unsigned long
109	#endif
110	#endif
111
112	#else
113	#define UINT64 uint64_t
114	#endif
115
116
117
118	#define UBYTE unsigned char
119
120
121	enum {
122	SH_CHECK_NONE = 0,
123	SH_CHECK_INIT = 1,
124	SH_CHECK_CHECK = 2
125	};
126
127
128	/**************************************************
129	*
130	* TYPEDEFS
131	*
132	**************************************************/
133
134	enum {
135	SH_LEVEL_READONLY = 1,
136	SH_LEVEL_LOGFILES = 2,
137	SH_LEVEL_LOGGROW = 3,
138	SH_LEVEL_NOIGNORE = 4,
139	SH_LEVEL_ALLIGNORE = 5,
140	SH_LEVEL_ATTRIBUTES = 6,
141	SH_LEVEL_USER0 = 7,
142	SH_LEVEL_USER1 = 8,
143	SH_LEVEL_USER2 = 9,
144	SH_LEVEL_USER3 = 10,
145	SH_LEVEL_USER4 = 11,
146	SH_LEVEL_PRELINK = 12
147	};
148
149	typedef struct {
150	time_t alarm_interval;
151	time_t alarm_last;
152	} sh_timer_t;
153
154	typedef struct {
155	char path[SH_PATHBUF];
156	char hash[KEY_LEN+1];
157	} sh_sh_df;
158
159	typedef struct {
160	char user[USER_MAX];
161	char group[GROUP_MAX];
162	char home[SH_PATHBUF];
163	uid_t uid;
164	gid_t gid;
165	} sh_sh_user;
166
167	typedef struct {
168	char name[SH_PATHBUF]; /* local hostname */
169	char system[SH_MINIBUF]; /* system */
170	char release[SH_MINIBUF]; /* release */
171	char machine[SH_MINIBUF]; /* machine */
172	} sh_sh_local;
173
174	typedef struct {
175	char name[SH_PATHBUF];
176	char alt[SH_PATHBUF];
177	} sh_sh_remote;
178
179	typedef struct {
180	unsigned long bytes_hashed; /* bytes last check */
181	unsigned long bytes_speed; /* bytes/sec last check */
182	unsigned long mail_success; /* mails sent */
183	unsigned long mail_failed; /* mails not sent */
184	time_t time_start; /* start last check */
185	time_t time_check; /* time last check */
186	unsigned long dirs_checked; /* #dirs last check */
187	unsigned long files_checked; /* #files last check */
188	} sh_sh_stat;
189
190	typedef struct {
191	int exit; /* exit value */
192	int checkSum; /* whether to init/check checksums */
193	int update; /* update db */
194	int opts; /* reading cl options */
195	int isdaemon; /* daemon or not */
196	int loop; /* go in loop even if not daemon */
197	int nice; /* desired nicety */
198	int isserver; /* server or not */
199	int islocked; /* BAD if logfile not locked */
200	int smsg; /* GOOD if end message sent */
201	int log_start; /* TRUE if new audit trail */
202	int reportonce; /* TRUE if bad files only once rep.*/
203	int fulldetail; /* TRUE if full details requested */
204	int client_severity; /* TRUE if client severity used */
205	int client_class; /* TRUE if client class used */
206	int audit;
207	unsigned long aud_mask;
208	int hidefile; /* TRUE if file not reveled in log */
209	} sh_sh_flag;
210
211	typedef struct {
212
213	char prg_name[8];
214
215	sh_sh_df exec;
216	sh_sh_df conf;
217	sh_sh_df data;
218
219	sh_sh_user real;
220	sh_sh_user effective;
221	sh_sh_user run;
222
223	sh_sh_local host;
224
225	sh_sh_remote srvtime;
226	sh_sh_remote srvmail;
227	sh_sh_remote srvexport;
228	sh_sh_remote srvcons;
229	sh_sh_remote srvlog;
230
231	sh_sh_stat statistics;
232	sh_sh_flag flag;
233
234	#ifdef SH_STEALTH
235	unsigned long off_data;
236	#endif
237
238	sh_timer_t mailNum;
239	sh_timer_t mailTime;
240	sh_timer_t fileCheck;
241
242	int looptime; /* timing for main loop */
243	/@null@//@out@/ char * timezone;
244	} sh_struct;
245
246
247	extern volatile int sig_raised;
248	extern volatile int sig_urgent;
249	extern volatile int sig_debug_switch; /* SIGUSR1 */
250	extern volatile int sig_suspend_switch; /* SIGUSR2 */
251	extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
252	extern volatile int sig_fresh_trail; /* SIGIOT */
253	extern volatile int sig_config_read_again; /* SIGHUP */
254	extern volatile int sig_terminate; /* SIGQUIT */
255	extern volatile int sig_termfast; /* SIGTERM */
256	extern volatile int sig_force_check; /* SIGTTOU */
257
258	extern long int eintr__result;
259
260	extern int sh_argc_store;
261	extern char ** sh_argv_store;
262
263	#include "sh_calls.h"
264
265
266	typedef struct {
267	char sh_sockpass[2*SOCKPASS_MAX+2];
268	char sigkey_old[KEY_LEN+1];
269	char sigkey_new[KEY_LEN+1];
270	char mailkey_old[KEY_LEN+1];
271	char mailkey_new[KEY_LEN+1];
272	char crypt[KEY_LEN+1];
273	char session[KEY_LEN+1];
274	char vernam[KEY_LEN+1];
275	int mlock_failed;
276
277	char pw[PW_LEN];
278
279	char poolv[KEY_BYT];
280	int poolc;
281
282	int rngI;
283	UINT32 rng0[3];
284	UINT32 rng1[3];
285	UINT32 rng2[3];
286
287	UINT32 ErrFlag[2];
288
289	#ifdef SH_ENCRYPT
290	/@out@/ keyInstance keyInstE;
291	/@out@/ keyInstance keyInstD;
292	#endif
293	} sh_key_t;
294
295	extern sh_struct sh;
296	/@null@/ extern sh_key_t *skey;
297
298	/**************************************************
299	*
300	* macros
301	*
302	**************************************************/
303
304	#if defined(__GNUC__) && (__GNUC__ >= 4)
305	#define SH_GNUC_NULL_TERMINATED __attribute__((__sentinel__))
306	#else
307	#define SH_GNUC_NULL_TERMINATED
308	#endif
309
310	/* The semantics of the built-in are that it is expected that expr == const
311	* for __builtin_expect ((expr), const)
312	*/
313	#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
314	#define SH_LIKELY(expr) (__builtin_expect((expr), 1))
315	#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0))
316	#else
317	#define SH_LIKELY(expr) (expr)
318	#define SH_UNLIKELY(expr) (expr)
319	#endif
320
321	/* signal-safe log function
322	*/
323	int safe_logger (int signal, int method, char * details);
324	void safe_fatal (char * details, char *f, int l);
325
326	#define SH_VALIDATE_EQ(a,b) \
327	do { \
328	if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\
329	} while (0)
330
331	#define SH_VALIDATE_NE(a,b) \
332	do { \
333	if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\
334	} while (0)
335
336	#define SH_VALIDATE_GE(a,b) \
337	do { \
338	if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\
339	} while (0)
340
341	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
342	#define MLOCK(a, b) \
343	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
344	(void) sl_set_suid(); \
345	if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
346	(void) sl_unset_suid(); }
347	#else
348	#define MLOCK(a, b) \
349	;
350	#endif
351
352	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
353	#define MUNLOCK(a, b) \
354	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
355	(void) sl_set_suid(); \
356	(void) sh_unix_munlock( a, b );\
357	(void) sl_unset_suid(); }
358	#else
359	#define MUNLOCK(a, b) \
360	;
361	#endif
362
363	#ifdef SH_STEALTH
364	void sh_do_encode (char * str, int len);
365	#define sh_do_decode sh_do_encode
366	#endif
367
368	/* #if defined(SCREW_IT_UP)
369	* extern volatile int sh_not_traced;
370	* inline int sh_sigtrap_prepare();
371	* inline int sh_derr();
372	* #endif
373	*/
374
375	#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) \|\| defined(__linux__)) && defined(__i386__)
376	#define BREAKEXIT(expr) \
377	do { \
378	int ixi; \
379	for (ixi = 0; ixi < 8; ++ixi) { \
380	if (((volatile unsigned )((unsigned) expr + ixi) & 0xff) == 0xcc) \
381	_exit(EXIT_FAILURE); \
382	} \
383	} \
384	while (1 == 0)
385	#else
386	#define BREAKEXIT(expr)
387	#endif
388
389
390
391	#include "sh_cat.h"
392	#include "sh_trace.h"
393	#include "sh_mem.h"
394
395	#endif
396
397	/* CRIT: */
398	/* NEW_CLIENT <client> */
399	/* BAD_CLIENT <client> -- <details> */
400	/* ERR_CLIENT <client> -- <details> */
401
402	/* ALERT: */
403	/* LOG_KEY samhain\|yule <key> */
404	/* STARTUP samhain\|yule -- user <username> */
405	/* EXIT samhain\|yule */
406	/* GOODSIG <file> <user> */
407	/* FP_KEY <fingerprint> */
408	/* GOODSIG_DAT <file> <user> */
409	/* FP_KEY_DAT <fingerprint> */
410	/* TIGER_CFG <file> <checksum> */
411	/* TIGER_DAT <file> <checksum> */
412
413	/* PANIC -- <details> */
414	/* ERROR -- <details> */
415
416	/* Policy */
417	/* POLICY <code> <file> */
418	/* <code> = MISSING \|\| ADDED \|\| NOT_A_DIRECTORY \|\| <policy> */
419
420
421

Note: See TracBrowser for help on using the repository browser.

Download in other formats: