source: trunk/include/samhain.h@ 28

Last change on this file since 28 was 27, checked in by rainer, 19 years ago

Support for server-to-server relay and more user policies

File size: 10.6 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#ifndef SAMHAIN_H
21#define SAMHAIN_H
22
23#include <sys/types.h>
24#include "slib.h"
25
26#ifdef SH_ENCRYPT
27#include "rijndael-api-fst.h"
28#endif
29
30/**************************************************
31 *
32 * STANDARD DEFINES
33 *
34 **************************************************/
35
36#define REPLACE_OLD
37
38/* Standard buffer sizes.
39 */
40#define SH_MINIBUF 64
41#define SH_BUFSIZE 1024
42#define SH_MAXBUF 4096
43#define SH_PATHBUF 256
44
45/* Sizes for arrays (user, group, timestamp).
46 */
47#define USER_MAX 20
48#define GROUP_MAX 20
49#define TIM_MAX 32
50
51/* The number of bytes in a key,
52 * the number of chars in its hex repesentation,
53 * and the block size of the hash algorithm.
54 */
55#define KEY_BYT 24
56#define KEY_LEN 48
57#define KEY_BLOCK 24
58
59/* The length of the compiled-in password.
60 */
61#define PW_LEN 8
62
63#undef GOOD
64#define GOOD 1
65#undef BAD
66#define BAD 0
67#undef ON
68#define ON 1
69#undef OFF
70#define OFF 0
71#undef S_TRUE
72#define S_TRUE 1
73#undef S_FALSE
74#define S_FALSE 0
75
76/* An unsigned integer guaranteed to be 32 bit.
77 */
78#if defined(HAVE_INT_32)
79#define UINT32 unsigned int
80#define SINT32 int
81#elif defined(HAVE_LONG_32)
82#define UINT32 unsigned long
83#define SINT32 long
84#elif defined(HAVE_SHORT_32)
85#define UINT32 unsigned short
86#define SINT32 short
87#endif
88
89#ifdef HAVE_INTTYPES_H
90#include <inttypes.h>
91#else
92#ifdef HAVE_STDINT_H
93#include <stdint.h>
94#endif
95#endif
96
97#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
98
99#ifdef HAVE_LONG_LONG_64
100#define UINT64 unsigned long long
101#else
102#ifdef HAVE_LONG_64
103#define UINT64 unsigned long
104#else
105#define UINT64_IS_32
106#define UINT64 unsigned long
107#endif
108#endif
109
110#else
111#define UINT64 uint64_t
112#endif
113
114
115
116#define UBYTE unsigned char
117
118
119enum {
120 SH_CHECK_NONE = 0,
121 SH_CHECK_INIT = 1,
122 SH_CHECK_CHECK = 2
123};
124
125/**************************************************
126 *
127 * TYPEDEFS
128 *
129 **************************************************/
130
131enum {
132 SH_LEVEL_READONLY = 1,
133 SH_LEVEL_LOGFILES = 2,
134 SH_LEVEL_LOGGROW = 3,
135 SH_LEVEL_NOIGNORE = 4,
136 SH_LEVEL_ALLIGNORE = 5,
137 SH_LEVEL_ATTRIBUTES = 6,
138 SH_LEVEL_USER0 = 7,
139 SH_LEVEL_USER1 = 8,
140 SH_LEVEL_USER2 = 9,
141 SH_LEVEL_USER3 = 10,
142 SH_LEVEL_USER4 = 11,
143 SH_LEVEL_PRELINK = 12
144};
145
146typedef struct {
147 time_t alarm_interval;
148 time_t alarm_last;
149} sh_timer_t;
150
151typedef struct {
152 char path[SH_PATHBUF];
153 char hash[KEY_LEN+1];
154} sh_sh_df;
155
156typedef struct {
157 char user[USER_MAX];
158 char group[GROUP_MAX];
159 char home[SH_PATHBUF];
160 uid_t uid;
161 gid_t gid;
162} sh_sh_user;
163
164typedef struct {
165 char name[SH_PATHBUF]; /* local hostname */
166 char system[SH_MINIBUF]; /* system */
167 char release[SH_MINIBUF]; /* release */
168 char machine[SH_MINIBUF]; /* machine */
169} sh_sh_local;
170
171typedef struct {
172 char name[SH_PATHBUF];
173 char alt[SH_PATHBUF];
174} sh_sh_remote;
175
176typedef struct {
177 unsigned long bytes_hashed; /* bytes last check */
178 unsigned long bytes_speed; /* bytes/sec last check */
179 unsigned long mail_success; /* mails sent */
180 unsigned long mail_failed; /* mails not sent */
181 time_t time_start; /* start last check */
182 time_t time_check; /* time last check */
183 unsigned long dirs_checked; /* #dirs last check */
184 unsigned long files_checked; /* #files last check */
185} sh_sh_stat;
186
187typedef struct {
188 int exit; /* exit value */
189 int checkSum; /* whether to init/check checksums */
190 int update; /* update db */
191 int opts; /* reading cl options */
192 int isdaemon; /* daemon or not */
193 int loop; /* go in loop even if not daemon */
194 int nice; /* desired nicety */
195 int isserver; /* server or not */
196 int islocked; /* BAD if logfile not locked */
197 int smsg; /* GOOD if end message sent */
198 int log_start; /* TRUE if new audit trail */
199 int reportonce; /* TRUE if bad files only once rep.*/
200 int fulldetail; /* TRUE if full details requested */
201 int client_severity; /* TRUE if client severity used */
202 int client_class; /* TRUE if client class used */
203 int audit;
204 unsigned long aud_mask;
205 int hidefile; /* TRUE if file not reveled in log */
206} sh_sh_flag;
207
208typedef struct {
209
210 char prg_name[8];
211
212 sh_sh_df exec;
213 sh_sh_df conf;
214 sh_sh_df data;
215
216 sh_sh_user real;
217 sh_sh_user effective;
218 sh_sh_user run;
219
220 sh_sh_local host;
221
222 sh_sh_remote srvtime;
223 sh_sh_remote srvmail;
224 sh_sh_remote srvexport;
225 sh_sh_remote srvcons;
226 sh_sh_remote srvlog;
227
228 sh_sh_stat statistics;
229 sh_sh_flag flag;
230
231#ifdef SH_STEALTH
232 unsigned long off_data;
233#endif
234
235 sh_timer_t mailNum;
236 sh_timer_t mailTime;
237 sh_timer_t fileCheck;
238
239 int looptime; /* timing for main loop */
240 /*@null@*//*@out@*/ char * timezone;
241} sh_struct;
242
243
244extern volatile int sig_raised;
245extern volatile int sig_urgent;
246extern volatile int sig_debug_switch; /* SIGUSR1 */
247extern volatile int sig_suspend_switch; /* SIGUSR2 */
248extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
249extern volatile int sig_fresh_trail; /* SIGIOT */
250extern volatile int sig_config_read_again; /* SIGHUP */
251extern volatile int sig_terminate; /* SIGQUIT */
252extern volatile int sig_termfast; /* SIGTERM */
253extern volatile int sig_force_check; /* SIGTTOU */
254
255extern long int eintr__result;
256
257extern int sh_argc_store;
258extern char ** sh_argv_store;
259
260#include "sh_calls.h"
261
262
263typedef struct {
264 char sh_sockpass[32];
265 char sigkey_old[KEY_LEN+1];
266 char sigkey_new[KEY_LEN+1];
267 char mailkey_old[KEY_LEN+1];
268 char mailkey_new[KEY_LEN+1];
269 char crypt[KEY_LEN+1];
270 char session[KEY_LEN+1];
271 char vernam[KEY_LEN+1];
272 int mlock_failed;
273
274 char pw[PW_LEN];
275
276 char poolv[KEY_BYT];
277 int poolc;
278
279 int rngI;
280 UINT32 rng0[3];
281 UINT32 rng1[3];
282 UINT32 rng2[3];
283
284 UINT32 ErrFlag[2];
285
286#ifdef SH_ENCRYPT
287 /*@out@*/ keyInstance keyInstE;
288 /*@out@*/ keyInstance keyInstD;
289#endif
290} sh_key_t;
291
292extern sh_struct sh;
293/*@null@*/ extern sh_key_t *skey;
294
295/**************************************************
296 *
297 * macros
298 *
299 **************************************************/
300
301/* signal-safe log function
302 */
303int safe_logger (int signal, int method, char * details);
304int safe_fatal (int signal, int method, char * details, char *f, int l);
305
306#define SH_VALIDATE_EQ(a,b) \
307 do { \
308 if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\
309 } while (0)
310
311#define SH_VALIDATE_NE(a,b) \
312 do { \
313 if ((a) == (b)) safe_fatal(0, 0, #a " == " #b, FIL__, __LINE__);\
314 } while (0)
315
316#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
317#define MLOCK(a, b) \
318 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
319 (void) sl_set_suid(); \
320 if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
321 (void) sl_unset_suid(); }
322#else
323#define MLOCK(a, b) \
324 ;
325#endif
326
327#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
328#define MUNLOCK(a, b) \
329 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
330 (void) sl_set_suid(); \
331 (void) sh_unix_munlock( a, b );\
332 (void) sl_unset_suid(); }
333#else
334#define MUNLOCK(a, b) \
335 ;
336#endif
337
338#ifdef SH_STEALTH
339void sh_do_encode (char * str, int len);
340#define sh_do_decode sh_do_encode
341#endif
342
343/* #if defined(SCREW_IT_UP)
344 * extern volatile int sh_not_traced;
345 * inline int sh_sigtrap_prepare();
346 * inline int sh_derr();
347 * #endif
348 */
349
350#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__)
351#define BREAKEXIT(expr) \
352 do { \
353 int ixi; \
354 for (ixi = 0; ixi < 8; ++ixi) { \
355 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
356 _exit(EXIT_FAILURE); \
357 } \
358 } \
359 while (1 == 0)
360#else
361#define BREAKEXIT(expr)
362#endif
363
364
365
366#include "sh_cat.h"
367#include "sh_trace.h"
368#include "sh_mem.h"
369
370#endif
371
372/* CRIT: */
373/* NEW_CLIENT <client> */
374/* BAD_CLIENT <client> -- <details> */
375/* ERR_CLIENT <client> -- <details> */
376
377/* ALERT: */
378/* LOG_KEY samhain|yule <key> */
379/* STARTUP samhain|yule -- user <username> */
380/* EXIT samhain|yule */
381/* GOODSIG <file> <user> */
382/* FP_KEY <fingerprint> */
383/* GOODSIG_DAT <file> <user> */
384/* FP_KEY_DAT <fingerprint> */
385/* TIGER_CFG <file> <checksum> */
386/* TIGER_DAT <file> <checksum> */
387
388/* PANIC -- <details> */
389/* ERROR -- <details> */
390
391/* Policy */
392/* POLICY <code> <file> */
393/* <code> = MISSING || ADDED || NOT_A_DIRECTORY || <policy> */
394
395
396
Note: See TracBrowser for help on using the repository browser.