source: trunk/include/sh_hash.h@ 304

Last change on this file since 304 was 294, checked in by katerina, 14 years ago

Tikets #213 and #214 (Use auditd to determine who changed a file, Windows registry check).

File size: 4.6 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20
21#ifndef SH_HASH_H
22#define SH_HASH_H
23
24#include <limits.h>
25
26#include "samhain.h"
27#include "sh_unix.h"
28#include "sh_error.h"
29
30/* format a uint64
31 */
[170]32char * sh_hash_size_format(void);
[1]33
34/* report on a missing file
35 */
36int hashreport_missing( char *fullpath, int level);
37
38/* write database to stdout
39 */
[20]40int sh_hash_pushdata_stdout (const char * str);
[1]41
42/* version string for database
43 */
[22]44int sh_hash_version_string(const char * str);
[1]45
[205]46/* Dont report on ctm/mtm change for directories
47 */
48int sh_hash_loosedircheck(const char * str);
49
[1]50/* List database content
51 */
[20]52int sh_hash_list_db (const char * db_file);
[1]53
[169]54/* List database content for a single file
55 */
56int set_list_file (const char * c);
57
[1]58/* List database content with full detail
59 */
[20]60int set_full_detail (const char * c);
[1]61
62/* List database content with full detail, comma delimited
63 */
[20]64int set_list_delimited (const char * c);
[1]65
66/* Read the database from disk.
67 */
68void sh_hash_init (void);
69
70/* Check whether a file is present in the database.
71 */
[294]72int sh_hash_have_it (const char * newname);
[1]73
74/* Get a file if it is present in the database.
[294]75 * If fileHash != NULL also return checksum.
[1]76 */
[294]77int sh_hash_get_it (const char * newname, file_type * tmpFile, char * fileHash);
[1]78
79/* Delete the database from memory.
80 */
81void sh_hash_hashdelete (void);
82
83/* Insert a file into the database.
84 */
85void sh_hash_pushdata (file_type * buf, char * fileHash);
86
87/* reset sh_hash_pushdata to use 'update' in daemon mode
88 */
[170]89void sh_hash_pushdata_reset (void);
[1]90
91/* Insert a file into the in-memory database.
92 */
93void sh_hash_pushdata_memory (file_type * theFile, char * fileHash);
94
[115]95/* Get file flags from in-memory database
96 */
97int sh_hash_getflags (char * filename);
98
99/* Set file flags in in-memory database
100 */
101int sh_hash_setflags (char * filename, int flags);
102
103/* Set a file flag in in-memory database
104 */
105void sh_hash_addflag (char * filename, int flag);
106
[1]107/* Compare a file with its status in the database.
108 */
109int sh_hash_compdata (int class, file_type * theFile, char * fileHash,
110 char * policy_override, int severity_override);
111
112/* Search for files in the database that have been deleted from disk.
113 */
114void sh_hash_unvisited (ShErrLevel level);
115
[294]116/* Search for unvisited entries in the database, custom error handler.
117 */
118void sh_hash_unvisited_custom (char prefix, void(*handler)(const char * key));
119
[1]120/* Set a file's status to 'visited'. This is required for
121 * files that should be ignored, and may be present in the
122 * database, but not on disk.
123 */
124int sh_hash_set_visited (char * newname);
125
126/* As above, but only set the 'visited' flag
127 */
128int sh_hash_set_visited_true (char * newname);
129
130/* cause the record to be deleted without a 'missing' message
131 */
132int sh_hash_set_missing (char * newname);
133
134/* Make a complete directory tree invisible
135 */
136int hash_remove_tree (char * s);
137
138/* Make every entry visible
139 */
140int hash_full_tree (void);
141
[294]142/* Insert data.
143 * 'key' -> path
144 * 'str' -> binary with size 'size'
[1]145 */
[294]146struct store2db {
147 UINT64 val0;
148 UINT64 val1;
149 UINT64 val2;
150 UINT64 val3;
151 char checksum[KEY_LEN+1];
152 unsigned char * str;
153 int size;
154};
[1]155
[294]156void sh_hash_push2db (const char * key, struct store2db * save);
157
158
[1]159/* Retrieve data
160 */
[294]161char * sh_hash_db2pop (const char * key, struct store2db * get);
[1]162
[294]163
[1]164/* Write out database
165 */
[170]166int sh_hash_writeout(void);
[1]167#endif
Note: See TracBrowser for help on using the repository browser.