source: trunk/include/samhain.h@ 2

Last change on this file since 2 was 1, checked in by katerina, 19 years ago

Initial import

File size: 10.0 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#ifndef SAMHAIN_H
21#define SAMHAIN_H
22
23#include <sys/types.h>
24#include "slib.h"
25
26#ifdef SH_ENCRYPT
27#include "rijndael-api-fst.h"
28#endif
29
30/**************************************************
31 *
32 * STANDARD DEFINES
33 *
34 **************************************************/
35
36#define REPLACE_OLD
37
38/* Standard buffer sizes.
39 */
40#define SH_MINIBUF 64
41#define SH_BUFSIZE 1024
42#define SH_MAXBUF 4096
43#define SH_PATHBUF 256
44
45/* Sizes for arrays (user, group, timestamp).
46 */
47#define USER_MAX 20
48#define GROUP_MAX 20
49#define TIM_MAX 32
50
51/* The number of bytes in a key,
52 * the number of chars in its hex repesentation,
53 * and the block size of the hash algorithm.
54 */
55#define KEY_BYT 24
56#define KEY_LEN 48
57#define KEY_BLOCK 24
58
59/* The length of the compiled-in password.
60 */
61#define PW_LEN 8
62
63/* Buffer for privileged content.
64 */
65#define PRIV_MAX 4096
66
67#undef GOOD
68#define GOOD 1
69#undef BAD
70#define BAD 0
71#undef ON
72#define ON 1
73#undef OFF
74#define OFF 0
75#undef S_TRUE
76#define S_TRUE 1
77#undef S_FALSE
78#define S_FALSE 0
79
80/* An unsigned integer guaranteed to be 32 bit.
81 */
82#if defined(HAVE_INT_32)
83#define UINT32 unsigned int
84#define SINT32 int
85#elif defined(HAVE_LONG_32)
86#define UINT32 unsigned long
87#define SINT32 long
88#elif defined(HAVE_SHORT_32)
89#define UINT32 unsigned short
90#define SINT32 short
91#endif
92
93#ifdef HAVE_INTTYPES_H
94#include <inttypes.h>
95#else
96#ifdef HAVE_STDINT_H
97#include <stdint.h>
98#endif
99#endif
100
101#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
102
103#ifdef HAVE_LONG_LONG_64
104#define UINT64 unsigned long long
105#else
106#ifdef HAVE_LONG_64
107#define UINT64 unsigned long
108#else
109#define UINT64_IS_32
110#define UINT64 unsigned long
111#endif
112#endif
113
114#else
115#define UINT64 uint64_t
116#endif
117
118
119
120#define UBYTE unsigned char
121
122
123enum {
124 SH_CHECK_NONE = 0,
125 SH_CHECK_INIT = 1,
126 SH_CHECK_CHECK = 2
127};
128
129/**************************************************
130 *
131 * TYPEDEFS
132 *
133 **************************************************/
134
135enum {
136 SH_LEVEL_READONLY = 1,
137 SH_LEVEL_LOGFILES = 2,
138 SH_LEVEL_LOGGROW = 3,
139 SH_LEVEL_NOIGNORE = 4,
140 SH_LEVEL_ALLIGNORE = 5,
141 SH_LEVEL_ATTRIBUTES = 6,
142 SH_LEVEL_USER0 = 7,
143 SH_LEVEL_USER1 = 8,
144 SH_LEVEL_PRELINK = 9
145};
146
147typedef struct {
148 time_t alarm_interval;
149 time_t alarm_last;
150} sh_timer_t;
151
152typedef struct {
153 char path[SH_PATHBUF];
154 char hash[KEY_LEN+1];
155} sh_sh_df;
156
157typedef struct {
158 char user[USER_MAX];
159 char group[GROUP_MAX];
160 char home[SH_PATHBUF];
161 uid_t uid;
162 gid_t gid;
163} sh_sh_user;
164
165typedef struct {
166 char name[SH_PATHBUF]; /* local hostname */
167 char system[SH_MINIBUF]; /* system */
168 char release[SH_MINIBUF]; /* release */
169 char machine[SH_MINIBUF]; /* machine */
170} sh_sh_local;
171
172typedef struct {
173 char name[SH_PATHBUF];
174 char alt[SH_PATHBUF];
175} sh_sh_remote;
176
177typedef struct {
178 unsigned long bytes_hashed; /* bytes last check */
179 unsigned long bytes_speed; /* bytes/sec last check */
180 unsigned long mail_success; /* mails sent */
181 unsigned long mail_failed; /* mails not sent */
182 time_t time_start; /* start last check */
183 time_t time_check; /* time last check */
184 unsigned long dirs_checked; /* #dirs last check */
185 unsigned long files_checked; /* #files last check */
186} sh_sh_stat;
187
188typedef struct {
189 int exit; /* exit value */
190 int checkSum; /* whether to init/check checksums */
191 int update; /* update db */
192 int opts; /* reading cl options */
193 int isdaemon; /* daemon or not */
194 int loop; /* go in loop even if not daemon */
195 int nice; /* desired nicety */
196 int isserver; /* server or not */
197 int islocked; /* BAD if logfile not locked */
198 int smsg; /* GOOD if end message sent */
199 int log_start; /* TRUE if new audit trail */
200 int reportonce; /* TRUE if bad files only once rep.*/
201 int fulldetail; /* TRUE if full details requested */
202 int client_severity; /* TRUE if client severity used */
203 int client_class; /* TRUE if client class used */
204 int audit;
205 unsigned long aud_mask;
206 int hidefile; /* TRUE if file not reveled in log */
207} sh_sh_flag;
208
209typedef struct {
210
211 char prg_name[8];
212
213 sh_sh_df exec;
214 sh_sh_df conf;
215 sh_sh_df data;
216
217 sh_sh_user real;
218 sh_sh_user effective;
219 sh_sh_user run;
220
221 sh_sh_local host;
222
223 sh_sh_remote srvtime;
224 sh_sh_remote srvmail;
225 sh_sh_remote srvexport;
226 sh_sh_remote srvcons;
227 sh_sh_remote srvlog;
228
229 sh_sh_stat statistics;
230 sh_sh_flag flag;
231
232#ifdef SH_STEALTH
233 unsigned long off_data;
234#endif
235
236 sh_timer_t mailNum;
237 sh_timer_t mailTime;
238 sh_timer_t fileCheck;
239
240 int looptime; /* timing for main loop */
241 /*@null@*//*@out@*/ char * timezone;
242} sh_struct;
243
244
245extern volatile int sig_raised;
246extern volatile int sig_urgent;
247extern volatile int sig_debug_switch; /* SIGUSR1 */
248extern volatile int sig_suspend_switch; /* SIGUSR2 */
249extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
250extern volatile int sig_fresh_trail; /* SIGIOT */
251extern volatile int sig_config_read_again; /* SIGHUP */
252extern volatile int sig_terminate; /* SIGQUIT */
253extern volatile int sig_termfast; /* SIGTERM */
254extern volatile int sig_force_check; /* SIGTTOU */
255
256extern long int eintr__result;
257
258#include "sh_calls.h"
259
260
261typedef struct {
262 char sh_sockpass[32];
263 char sigkey_old[KEY_LEN+1];
264 char sigkey_new[KEY_LEN+1];
265 char mailkey_old[KEY_LEN+1];
266 char mailkey_new[KEY_LEN+1];
267 char crypt[KEY_LEN+1];
268 char session[KEY_LEN+1];
269 char vernam[KEY_LEN+1];
270 int mlock_failed;
271
272 char pw[PW_LEN];
273
274 char poolv[KEY_BYT];
275 int poolc;
276
277 int rngI;
278 UINT32 rng0[3];
279 UINT32 rng1[3];
280 UINT32 rng2[3];
281
282 UINT32 ErrFlag[2];
283
284#ifdef SH_ENCRYPT
285 /*@out@*/ keyInstance keyInstE;
286 /*@out@*/ keyInstance keyInstD;
287#endif
288} sh_key_t;
289
290extern sh_struct sh;
291/*@null@*/ extern sh_key_t *skey;
292
293
294#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
295#define MLOCK(a, b) \
296 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
297 (void) sl_set_suid(); \
298 if (sh_unix_mlock( a, b) < 0) skey->mlock_failed = SL_TRUE; \
299 (void) sl_unset_suid(); }
300#else
301#define MLOCK(a, b) \
302 ;
303#endif
304
305#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
306#define MUNLOCK(a, b) \
307 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
308 (void) sl_set_suid(); \
309 (void) sh_unix_munlock( a, b );\
310 (void) sl_unset_suid(); }
311#else
312#define MUNLOCK(a, b) \
313 ;
314#endif
315
316#ifdef SH_STEALTH
317void sh_do_encode (char * str, int len);
318#define sh_do_decode sh_do_encode
319#endif
320
321/* #if defined(SCREW_IT_UP)
322 * extern volatile int sh_not_traced;
323 * inline int sh_sigtrap_prepare();
324 * inline int sh_derr();
325 * #endif
326 */
327
328#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__)
329#define BREAKEXIT(expr) \
330 do { \
331 int ixi; \
332 for (ixi = 0; ixi < 8; ++ixi) { \
333 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
334 _exit(EXIT_FAILURE); \
335 } \
336 } \
337 while (1 == 0)
338#else
339#define BREAKEXIT(expr)
340#endif
341
342
343
344#include "sh_cat.h"
345#include "sh_trace.h"
346#include "sh_mem.h"
347
348#endif
349
350/* CRIT: */
351/* NEW_CLIENT <client> */
352/* BAD_CLIENT <client> -- <details> */
353/* ERR_CLIENT <client> -- <details> */
354
355/* ALERT: */
356/* LOG_KEY samhain|yule <key> */
357/* STARTUP samhain|yule -- user <username> */
358/* EXIT samhain|yule */
359/* GOODSIG <file> <user> */
360/* FP_KEY <fingerprint> */
361/* GOODSIG_DAT <file> <user> */
362/* FP_KEY_DAT <fingerprint> */
363/* TIGER_CFG <file> <checksum> */
364/* TIGER_DAT <file> <checksum> */
365
366/* PANIC -- <details> */
367/* ERROR -- <details> */
368
369/* Policy */
370/* POLICY <code> <file> */
371/* <code> = MISSING || ADDED || NOT_A_DIRECTORY || <policy> */
372
373
374
Note: See TracBrowser for help on using the repository browser.