Context Navigation

source: trunk/include/samhain.h@ 18

Last change on this file since 18 was 18, checked in by rainer, 19 years ago
Optimized version of tiger algorithm, and basic ingredients for unit testing (part 2)
File size: 9.9 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#ifndef SAMHAIN_H
21	#define SAMHAIN_H
22
23	#include <sys/types.h>
24	#include "slib.h"
25
26	#ifdef SH_ENCRYPT
27	#include "rijndael-api-fst.h"
28	#endif
29
30	/**************************************************
31	*
32	* STANDARD DEFINES
33	*
34	**************************************************/
35
36	#define REPLACE_OLD
37
38	/* Standard buffer sizes.
39	*/
40	#define SH_MINIBUF 64
41	#define SH_BUFSIZE 1024
42	#define SH_MAXBUF 4096
43	#define SH_PATHBUF 256
44
45	/* Sizes for arrays (user, group, timestamp).
46	*/
47	#define USER_MAX 20
48	#define GROUP_MAX 20
49	#define TIM_MAX 32
50
51	/* The number of bytes in a key,
52	* the number of chars in its hex repesentation,
53	* and the block size of the hash algorithm.
54	*/
55	#define KEY_BYT 24
56	#define KEY_LEN 48
57	#define KEY_BLOCK 24
58
59	/* The length of the compiled-in password.
60	*/
61	#define PW_LEN 8
62
63	#undef GOOD
64	#define GOOD 1
65	#undef BAD
66	#define BAD 0
67	#undef ON
68	#define ON 1
69	#undef OFF
70	#define OFF 0
71	#undef S_TRUE
72	#define S_TRUE 1
73	#undef S_FALSE
74	#define S_FALSE 0
75
76	/* An unsigned integer guaranteed to be 32 bit.
77	*/
78	#if defined(HAVE_INT_32)
79	#define UINT32 unsigned int
80	#define SINT32 int
81	#elif defined(HAVE_LONG_32)
82	#define UINT32 unsigned long
83	#define SINT32 long
84	#elif defined(HAVE_SHORT_32)
85	#define UINT32 unsigned short
86	#define SINT32 short
87	#endif
88
89	#ifdef HAVE_INTTYPES_H
90	#include <inttypes.h>
91	#else
92	#ifdef HAVE_STDINT_H
93	#include <stdint.h>
94	#endif
95	#endif
96
97	#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
98
99	#ifdef HAVE_LONG_LONG_64
100	#define UINT64 unsigned long long
101	#else
102	#ifdef HAVE_LONG_64
103	#define UINT64 unsigned long
104	#else
105	#define UINT64_IS_32
106	#define UINT64 unsigned long
107	#endif
108	#endif
109
110	#else
111	#define UINT64 uint64_t
112	#endif
113
114
115
116	#define UBYTE unsigned char
117
118
119	enum {
120	SH_CHECK_NONE = 0,
121	SH_CHECK_INIT = 1,
122	SH_CHECK_CHECK = 2
123	};
124
125	/**************************************************
126	*
127	* TYPEDEFS
128	*
129	**************************************************/
130
131	enum {
132	SH_LEVEL_READONLY = 1,
133	SH_LEVEL_LOGFILES = 2,
134	SH_LEVEL_LOGGROW = 3,
135	SH_LEVEL_NOIGNORE = 4,
136	SH_LEVEL_ALLIGNORE = 5,
137	SH_LEVEL_ATTRIBUTES = 6,
138	SH_LEVEL_USER0 = 7,
139	SH_LEVEL_USER1 = 8,
140	SH_LEVEL_PRELINK = 9
141	};
142
143	typedef struct {
144	time_t alarm_interval;
145	time_t alarm_last;
146	} sh_timer_t;
147
148	typedef struct {
149	char path[SH_PATHBUF];
150	char hash[KEY_LEN+1];
151	} sh_sh_df;
152
153	typedef struct {
154	char user[USER_MAX];
155	char group[GROUP_MAX];
156	char home[SH_PATHBUF];
157	uid_t uid;
158	gid_t gid;
159	} sh_sh_user;
160
161	typedef struct {
162	char name[SH_PATHBUF]; /* local hostname */
163	char system[SH_MINIBUF]; /* system */
164	char release[SH_MINIBUF]; /* release */
165	char machine[SH_MINIBUF]; /* machine */
166	} sh_sh_local;
167
168	typedef struct {
169	char name[SH_PATHBUF];
170	char alt[SH_PATHBUF];
171	} sh_sh_remote;
172
173	typedef struct {
174	unsigned long bytes_hashed; /* bytes last check */
175	unsigned long bytes_speed; /* bytes/sec last check */
176	unsigned long mail_success; /* mails sent */
177	unsigned long mail_failed; /* mails not sent */
178	time_t time_start; /* start last check */
179	time_t time_check; /* time last check */
180	unsigned long dirs_checked; /* #dirs last check */
181	unsigned long files_checked; /* #files last check */
182	} sh_sh_stat;
183
184	typedef struct {
185	int exit; /* exit value */
186	int checkSum; /* whether to init/check checksums */
187	int update; /* update db */
188	int opts; /* reading cl options */
189	int isdaemon; /* daemon or not */
190	int loop; /* go in loop even if not daemon */
191	int nice; /* desired nicety */
192	int isserver; /* server or not */
193	int islocked; /* BAD if logfile not locked */
194	int smsg; /* GOOD if end message sent */
195	int log_start; /* TRUE if new audit trail */
196	int reportonce; /* TRUE if bad files only once rep.*/
197	int fulldetail; /* TRUE if full details requested */
198	int client_severity; /* TRUE if client severity used */
199	int client_class; /* TRUE if client class used */
200	int audit;
201	unsigned long aud_mask;
202	int hidefile; /* TRUE if file not reveled in log */
203	} sh_sh_flag;
204
205	typedef struct {
206
207	char prg_name[8];
208
209	sh_sh_df exec;
210	sh_sh_df conf;
211	sh_sh_df data;
212
213	sh_sh_user real;
214	sh_sh_user effective;
215	sh_sh_user run;
216
217	sh_sh_local host;
218
219	sh_sh_remote srvtime;
220	sh_sh_remote srvmail;
221	sh_sh_remote srvexport;
222	sh_sh_remote srvcons;
223	sh_sh_remote srvlog;
224
225	sh_sh_stat statistics;
226	sh_sh_flag flag;
227
228	#ifdef SH_STEALTH
229	unsigned long off_data;
230	#endif
231
232	sh_timer_t mailNum;
233	sh_timer_t mailTime;
234	sh_timer_t fileCheck;
235
236	int looptime; /* timing for main loop */
237	/@null@//@out@/ char * timezone;
238	} sh_struct;
239
240
241	extern volatile int sig_raised;
242	extern volatile int sig_urgent;
243	extern volatile int sig_debug_switch; /* SIGUSR1 */
244	extern volatile int sig_suspend_switch; /* SIGUSR2 */
245	extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
246	extern volatile int sig_fresh_trail; /* SIGIOT */
247	extern volatile int sig_config_read_again; /* SIGHUP */
248	extern volatile int sig_terminate; /* SIGQUIT */
249	extern volatile int sig_termfast; /* SIGTERM */
250	extern volatile int sig_force_check; /* SIGTTOU */
251
252	extern long int eintr__result;
253
254	#include "sh_calls.h"
255
256
257	typedef struct {
258	char sh_sockpass[32];
259	char sigkey_old[KEY_LEN+1];
260	char sigkey_new[KEY_LEN+1];
261	char mailkey_old[KEY_LEN+1];
262	char mailkey_new[KEY_LEN+1];
263	char crypt[KEY_LEN+1];
264	char session[KEY_LEN+1];
265	char vernam[KEY_LEN+1];
266	int mlock_failed;
267
268	char pw[PW_LEN];
269
270	char poolv[KEY_BYT];
271	int poolc;
272
273	int rngI;
274	UINT32 rng0[3];
275	UINT32 rng1[3];
276	UINT32 rng2[3];
277
278	UINT32 ErrFlag[2];
279
280	#ifdef SH_ENCRYPT
281	/@out@/ keyInstance keyInstE;
282	/@out@/ keyInstance keyInstD;
283	#endif
284	} sh_key_t;
285
286	extern sh_struct sh;
287	/@null@/ extern sh_key_t *skey;
288
289
290	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
291	#define MLOCK(a, b) \
292	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
293	(void) sl_set_suid(); \
294	if (sh_unix_mlock( a, b) < 0) skey->mlock_failed = SL_TRUE; \
295	(void) sl_unset_suid(); }
296	#else
297	#define MLOCK(a, b) \
298	;
299	#endif
300
301	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
302	#define MUNLOCK(a, b) \
303	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
304	(void) sl_set_suid(); \
305	(void) sh_unix_munlock( a, b );\
306	(void) sl_unset_suid(); }
307	#else
308	#define MUNLOCK(a, b) \
309	;
310	#endif
311
312	#ifdef SH_STEALTH
313	void sh_do_encode (char * str, int len);
314	#define sh_do_decode sh_do_encode
315	#endif
316
317	/* #if defined(SCREW_IT_UP)
318	* extern volatile int sh_not_traced;
319	* inline int sh_sigtrap_prepare();
320	* inline int sh_derr();
321	* #endif
322	*/
323
324	#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) \|\| defined(__linux__)) && defined(__i386__)
325	#define BREAKEXIT(expr) \
326	do { \
327	int ixi; \
328	for (ixi = 0; ixi < 8; ++ixi) { \
329	if (((volatile unsigned )((unsigned) expr + ixi) & 0xff) == 0xcc) \
330	_exit(EXIT_FAILURE); \
331	} \
332	} \
333	while (1 == 0)
334	#else
335	#define BREAKEXIT(expr)
336	#endif
337
338
339
340	#include "sh_cat.h"
341	#include "sh_trace.h"
342	#include "sh_mem.h"
343
344	#endif
345
346	/* CRIT: */
347	/* NEW_CLIENT <client> */
348	/* BAD_CLIENT <client> -- <details> */
349	/* ERR_CLIENT <client> -- <details> */
350
351	/* ALERT: */
352	/* LOG_KEY samhain\|yule <key> */
353	/* STARTUP samhain\|yule -- user <username> */
354	/* EXIT samhain\|yule */
355	/* GOODSIG <file> <user> */
356	/* FP_KEY <fingerprint> */
357	/* GOODSIG_DAT <file> <user> */
358	/* FP_KEY_DAT <fingerprint> */
359	/* TIGER_CFG <file> <checksum> */
360	/* TIGER_DAT <file> <checksum> */
361
362	/* PANIC -- <details> */
363	/* ERROR -- <details> */
364
365	/* Policy */
366	/* POLICY <code> <file> */
367	/* <code> = MISSING \|\| ADDED \|\| NOT_A_DIRECTORY \|\| <policy> */
368
369
370

Note: See TracBrowser for help on using the repository browser.

Download in other formats: